[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPDHRPwKkSwhxBzZhKKqYV6yD9WMrdnyA_bDlxIBIqIw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":138,"fingerprints":245},"what-the-file","What The File","1.6.1","Barry Kooij","https:\u002F\u002Fprofiles.wordpress.org\u002Fbarrykooij\u002F","\u003Cp>What The File adds an option to your toolbar showing what file and template parts are used to display the page you’re currently viewing.\u003C\u002Fp>\n\u003Cp>You can click the file name to directly edit it through the theme editor, though I don’t recommend this for bigger changes.\u003C\u002Fp>\n\u003Cp>What The File supports BuddyPress and Roots Theme based themes.\u003C\u002Fp>\n\u003Cp>More information can be found \u003Ca href=\"http:\u002F\u002Fwww.barrykooij.com\u002Fwhat-the-file\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Looking for a great related posts plugin for WordPress?\u003C\u002Fh4>\n\u003Cp>Another plugin I’ve built, that I’m very proud of is Related Posts for WordPress. Related Posts for WordPress offers you the ability to link related posts to each other with just 1 click! And it’s 100% free! \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-for-wp\u002F\" rel=\"ugc\">Check it out on the WordPress repository.\u003C\u002Fa>\u003C\u002Fp>\n","What The File is the best tool to find out what template parts are used to display the page you're currently viewing!",40000,585647,98,882,"2026-02-19T17:21:00.000Z","6.9.4","3.1","5.3",[20,21,22,23,24],"development","file","template","template-editing","toolbar","http:\u002F\u002Fwww.barrykooij.com\u002Fwhat-the-file\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-the-file.1.6.1.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"barrykooij",8,61620,87,1432,70,"2026-04-04T13:51:40.169Z",[41,58,82,100,120],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":27,"num_ratings":51,"last_updated":52,"tested_up_to":16,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"show-current-template","Show Current Template","0.5.4","JOTAKI, Taisuke","https:\u002F\u002Fprofiles.wordpress.org\u002Ftai\u002F","\u003Cp>A WordPress plugin which shows the current template file name, the current theme name and included template files’ name in the tool bar. If you like this plugin, \u003Ca href=\"https:\u002F\u002Fwp.tekapo.com\u002Fis-my-plugin-useful\u002F\" rel=\"nofollow ugc\">you can buy me a coffee! 😉\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Inspired by (and big thanks to):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002Fgist.github.com\u002Fgatespace\u002F4482529\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freveal-template\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","A WordPress plugin which shows the current template file name, the current theme name and included template files' name in the tool bar.",100000,1251329,71,"2026-01-17T04:18:00.000Z","5.9","7.4",[22,24],"https:\u002F\u002Fwp.tekapo.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-current-template.0.5.4.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":27,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":28,"last_vuln_date":81,"fetched_at":30},"which-template-file","which template file","5.2.0","gilles66","https:\u002F\u002Fprofiles.wordpress.org\u002Fgilles66\u002F","\u003Cp>Need to know which template is used by WordPress to display your pages in the front office ?\u003Cbr \u002F>\nThis plugin simply does this.\u003C\u002Fp>\n\u003Cp>Show the name of the php file of your theme used to display the current page.Need to know which template is used by WordPress to display your pages in the front office ?\u003Cbr \u002F>\nThis plugin simply does this.\u003C\u002Fp>\n\u003Cp>Efficient and very easy to install, it will show you in the admin bar the name of the php file currently used to display the current page.\u003Cbr \u002F>\nThe color of the text is different regarding the origin of the template(the theme, a parent theme, or a plugin)\u003Cbr \u002F>\n(icon author :http:\u002F\u002Fwww.megaicons.net\u002Ficonspack-1096\u002F45043\u002F)\u003C\u002Fp>\n","Show the name of the php file of your theme used to display the current page.",4000,54446,4,"2025-02-02T14:14:00.000Z","6.7.5","3.3.0","5.6",[74,75,22,24,76],"adminbar","debug","tpl","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.5.2.0.zip",91,2,"2023-11-29 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":27,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":17,"requires_php":77,"tags":95,"homepage":97,"download_link":98,"security_score":99,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"what-template","What Template","0.1","Brian Alexander","https:\u002F\u002Fprofiles.wordpress.org\u002Fironprogrammer\u002F","\u003Cp>Adds the current page’s template name to the admin bar.\u003C\u002Fp>\n\u003Cp>Because this plugin reveals potentially sensitive information about the active theme, it is recommended for development environments only, and should not be enabled on a production site.\u003C\u002Fp>\n","Adds the current page's template name to the admin bar.",1000,22245,3,"2024-07-19T20:49:00.000Z","6.6.5",[96,75,20,22],"admin-bar","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwhat-template\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-template.0.1.2.zip",92,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":27,"downloaded":108,"rating":27,"num_ratings":92,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":77,"tags":112,"homepage":117,"download_link":118,"security_score":119,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"category-template-hierarchy","Category Template Hierarchy","1.3.2.1","Eddie Moya","https:\u002F\u002Fprofiles.wordpress.org\u002Feddiemoya\u002F","\u003Cp>Adds several new templates to the template hierarchy:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>child-of-category-{slug}.php\u003C\u002Fli>\n\u003Cli>category-{slug}.php\u003C\u002Fli>\n\u003Cli>child-of-category-{id}.php\u003C\u002Fli>\n\u003Cli>category-{term_id}.php\u003C\u002Fli>\n\u003Cli>parent-category.php\u003C\u002Fli>\n\u003Cli>child-category.php\u003C\u002Fli>\n\u003Cli>category.php\u003C\u002Fli>\n\u003Cli>archive.php\u003C\u002Fli>\n\u003Cli>index.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This greatly extends the native hierarchy of theme templates with regard to\u003Cbr \u002F>\ncategories. Theme developers can now easily create separate templates for\u003Cbr \u002F>\ncategories with children, with parents, and children of specific parents.\u003C\u002Fp>\n\u003Cp>Additionally makes available four (4) new conditional template tags:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>is_child_category();\u003C\u002Fli>\n\u003Cli>is_parent_category();\u003C\u002Fli>\n\u003Cli>is_child_of_category();\u003C\u002Fli>\n\u003Cli>is_parent_of_category();\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These functions are available for use in any theme or plugin as along as this\u003Cbr \u002F>\nplugin is active. For detailed documentation of these functions see the\u003Cbr \u002F>\n‘Developer Notes: Conditional Tags’ section of this readme file.\u003C\u002Fp>\n\u003Cp>Note: This plugin does not actually create parent-category.php, child-category.php\u003Cbr \u002F>\nor any of their related templates – rather it modifies the native \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Hierarchy\" rel=\"nofollow ugc\">template hierarchy\u003C\u002Fa>\u003Cbr \u002F>\nto allow theme developers to create specific templates for parent and child categories.\u003C\u002Fp>\n\u003Ch3>Developer Notes: Template Hierarchy\u003C\u002Fh3>\n\u003Cp>What follows are is the modified list of templates available for category pages.\u003Cbr \u002F>\nThese expand upon the native \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Hierarchy#Visual_Overview\" rel=\"nofollow ugc\">Template Hierarchy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>child-of-category-{slug}.php\u003C\u002Fli>\n\u003Cli>category-{slug}.php\u003C\u002Fli>\n\u003Cli>child-of-category-{id}.php\u003C\u002Fli>\n\u003Cli>category-{term_id}.php\u003C\u002Fli>\n\u003Cli>parent-category.php\u003C\u002Fli>\n\u003Cli>child-category.php\u003C\u002Fli>\n\u003Cli>category.php\u003C\u002Fli>\n\u003Cli>archive.php\u003C\u002Fli>\n\u003Cli>index.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The parent and child templates only become available if the current category is\u003Cbr \u002F>\na parent or a child respectively.\u003C\u002Fp>\n\u003Cp>Note: This plugin does not actually create parent-category.php, child-category.php\u003Cbr \u002F>\nor any of their related templates – rather it modifies the native \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Hierarchy\" rel=\"nofollow ugc\">template hierarchy\u003C\u002Fa>\u003Cbr \u002F>\nto allow theme developers to create specific templates for parent and child categories.\u003C\u002Fp>\n\u003Ch3>Developer Notes: Conditional Tags\u003C\u002Fh3>\n\u003Cp>With this plugin comes two additional \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">conditional tags\u003C\u002Fa>\u003Cbr \u002F>\nwhich behave much like any other in WordPress. In a similar fashion to how one\u003Cbr \u002F>\nmight use \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fis_category\" rel=\"nofollow ugc\">is_category()\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fcat_is_ancestor_of\" rel=\"nofollow ugc\">cat_is_ancestory_of()\u003C\u002Fa>,\u003Cbr \u002F>\ndevelopers may, with this plugin, use the following functions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>is_parent_category()\u003C\u002Fli>\n\u003Cli>is_child_category()\u003C\u002Fli>\n\u003Cli>is_child_of_category()\u003C\u002Fli>\n\u003Cli>is_parent_of_category()\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Description (part 1)\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>is_parent_category()\u003C\u002Fcode> and \u003Ccode>is_child_category()\u003C\u002Fcode> conditional tags check if\u003Cbr \u002F>\nthe page being displayed (or passed as an argument) is of a category that has\u003Cbr \u002F>\nchildren (e.g. is a parent category)  has a parent (is a child), respectively.\u003Cbr \u002F>\nThey are boolean functions, meaning they return either TRUE or FALSE.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php is_parent_category( $category ); ?>\n\u003C?php is_child_category( $category ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Parameters\u003C\u002Fh4>\n\u003Cp>$category (integer\u002Fstring\u002Fobject) (optional) Category ID, Category Slug, Category Object. Default: Current Category\u003C\u002Fp>\n\u003Cp>Note: Unlike is_category(), these functions will not take arrays of categories or category titles. I’ll work on that. Sorry.\u003C\u002Fp>\n\u003Ch4>Return Values\u003C\u002Fh4>\n\u003Cp>(boolean) True on success, false on failure.\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>is_parent_category()\nis_child_category()\n\u002F\u002F When any parent\u002Fchild category archive page is being displayed\n\nis_parent_category( '9' );\nis_child_category( '9' );\n\u002F\u002F When the archive page for Category 9 is being displayed AND its a parent\u002Fchild.\n\nis_parent_category( 'blue-cheese' );\nis_child_category( 'blue-cheese' );\n\u002F\u002F When the archive page for the Category with Category Slug \"blue-cheese\" is being displayed AND its a parent\u002Fchild.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Description (part 2)\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>is_parent_of_category()\u003C\u002Fcode> and \u003Ccode>is_child_of_category()\u003C\u002Fcode> conditional tags\u003Cbr \u002F>\ncheck if a given category has a parent or child relationship to the current\u003Cbr \u002F>\ncategory or a category passed as its second parameter. They are\u003Cbr \u002F>\nboolean functions, meaning they return either TRUE or FALSE.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php is_parent_of_category($child_category, $parent_category, $direct_descendant); ?>\n\u003C?php is_child_of_category($parent_category, $child_category, $direct_descendant);?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Parameters\u003C\u002Fh4>\n\u003Cp>(object\u002Fstring\u002Finteger) (required) Category of the would-be parent\u002Fchild respectively.\u003Cbr \u002F>\n(object\u002Fstring\u002Finteger) (optional) Category of the would-be child\u002Fparent respectfully. Default: Current Category\u003Cbr \u002F>\n(boolean) (optional) Whether or not the child should be a direct child of the parent. Default: True\u003Cbr \u002F>\n *\u003C\u002Fp>\n\u003Ch4>Return Values\u003C\u002Fh4>\n\u003Cp>(boolean) If the $direct_descendant flag set to true, function returns true if the child is a direct descendant of the parent, if child is no direct it will return false. If $direct_descendant is set to false it will return the same results as cat_is_ancestor_of().\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cp>The following function will return True…\u003C\u002Fp>\n\u003Cpre>\u003Ccode>is_child_of_category(0);\n\u002F\u002F When a top level category is being displayed, zero being the parent id value for top level categories (e.g. categories with no parents).\n\nis_child_of_category(12);\n\u002F\u002F When the current category is a direct child of the category whose ID is '12'.\n\nis_child_of_category('tv-shows')\n\u002F\u002F When the current category is a direct child of the category with the slug 'tv-shows' (can also be category ID's).\n\nis_child_of_category('tv-shows', 'dexter');\n\u002F\u002F When the category with slug 'dexter' is a direct child of the category with the slug 'tv-shows' (can also be category ID's). This may come in handy when manipulating categories while not in a category template.\n\nis_child_of_category('tv-shows', 'dexter', false);\n\u002F\u002F When the category with the slug 'dexter' is a descendant of the category 'tv-shows' at any level. (uses cat_is_ancestor_of())\n\nis_child_of_category('tv-shows', null, false);\n\u002F\u002F When the current category is a descendant of the 'tv-shows' category at any level. (uses cat_is_ancestor_of())\n\nis_parent_of_category(13);\n\u002F\u002F When the current category is the direct parent of a category with the ID '13'.\n\nis_parent_of_category('dexter');\n\u002F\u002F When the current category is the direct parent of the category with the slug 'dexter'.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Backward Compatibility\u003C\u002Fh3>\n\u003Cp>The changes this plugin makes to the template hierarchy are significantly different\u003Cbr \u002F>\nfrom that in 1.0.5 and before. If you prefer to use that version please find it\u003Cbr \u002F>\nin the Older Versions in the WordPress plugins directory, it is tagged as 1.0.5.\u003C\u002Fp>\n\u003Cp>While I do not actively support to QA the older version, I would gladly take a\u003Cbr \u002F>\nlook at any future bugs that crop up and are reported.\u003C\u002Fp>\n","Adds parent-category.php, child-category.php, and child-category-{slug|id} templates to the hierarchy and conditional tags to match.",18999,"2012-03-24T03:12:00.000Z","3.3.2","3.0",[113,114,22,115,116],"category","hierarchy","theme","theme-development","http:\u002F\u002Feddiemoya.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-template-hierarchy.zip",85,{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":27,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":77,"tags":134,"homepage":136,"download_link":137,"security_score":119,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"what-template-am-i-using","What Template Am I Using","0.2.0","webdeveric","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdeveric\u002F","\u003Cp>This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.\u003C\u002Fp>\n\u003Cp>The info is only displayed for users that have the edit_theme_options capability.\u003C\u002Fp>\n\u003Cp>Information displayed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Current template\u003C\u002Fli>\n\u003Cli>General Information (post type, are you on the front page, etc.)\u003C\u002Fli>\n\u003Cli>Additional files used. For example, header.php or footer.php\u003C\u002Fli>\n\u003Cli>What sidebars are being used and what widgets are in them.\u003C\u002Fli>\n\u003Cli>List of enqueued scripts and styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>This plugin is intended for use by theme developers and it requires a standards compliant browser. This plugin will not work in IE8 or below.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.",9190,96,13,"2015-12-08T05:17:00.000Z","4.4.0","3.1.0",[75,135,22,116],"server-information","http:\u002F\u002Fphplug.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-template-am-i-using.0.2.0.zip",{"attackSurface":139,"codeSignals":198,"taintFlows":210,"riskAssessment":238,"analyzedAt":244},{"hooks":140,"ajaxHandlers":194,"restRoutes":195,"shortcodes":196,"cronEvents":197,"entryPointCount":28,"unprotectedCount":28},[141,147,153,158,162,165,170,174,177,181,185,190],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_notices","display_admin_notice","classes\\class-nag.php",61,{"type":148,"name":149,"callback":150,"file":151,"line":152},"filter","plugin_action_links_what-the-file\u002Fwhat-the-file.php","add_links","classes\\class-plugin-links.php",9,{"type":142,"name":154,"callback":155,"file":156,"line":157},"init","frontend_hooks","what-the-file.php",57,{"type":142,"name":159,"callback":160,"file":156,"line":161},"admin_init","admin_hooks",58,{"type":142,"name":163,"callback":164,"file":156,"line":27},"wp_head","print_css",{"type":142,"name":166,"callback":167,"priority":168,"file":156,"line":169},"wp_footer","print_frontend_js",50,101,{"type":148,"name":171,"callback":172,"file":156,"line":173},"template_include","save_current_page",102,{"type":142,"name":175,"callback":175,"priority":90,"file":156,"line":176},"admin_bar_menu",103,{"type":142,"name":178,"callback":179,"file":156,"line":180},"wp_enqueue_scripts","enqueue_frontend_script",105,{"type":142,"name":182,"callback":183,"file":156,"line":184},"bp_core_pre_load_template","save_buddy_press_template",109,{"type":142,"name":186,"callback":187,"priority":188,"file":156,"line":189},"all","save_template_parts",1,113,{"type":142,"name":191,"callback":192,"file":156,"line":193},"plugins_loaded","__what_the_file_main",337,[],[],[],[],{"dangerousFunctions":199,"sqlUsage":200,"outputEscaping":202,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":92,"bundledLibraries":209},[],{"prepared":28,"raw":28,"locations":201},[],{"escaped":28,"rawEcho":80,"locations":203},[204,207],{"file":156,"line":205,"context":206},281,"raw output",{"file":156,"line":208,"context":206},324,[],[211,230],{"entryPoint":212,"graph":213,"unsanitizedCount":28,"severity":229},"catch_hide_notice (classes\\class-nag.php:19)",{"nodes":214,"edges":226},[215,220],{"id":216,"type":217,"label":218,"file":145,"line":219},"n0","source","$_SERVER",37,{"id":221,"type":222,"label":223,"file":145,"line":224,"wp_function":225},"n1","sink","wp_redirect() [Open Redirect]",40,"wp_redirect",[227],{"from":216,"to":221,"sanitized":228},true,"low",{"entryPoint":231,"graph":232,"unsanitizedCount":28,"severity":229},"\u003Cclass-nag> (classes\\class-nag.php:0)",{"nodes":233,"edges":236},[234,235],{"id":216,"type":217,"label":218,"file":145,"line":219},{"id":221,"type":222,"label":223,"file":145,"line":224,"wp_function":225},[237],{"from":216,"to":221,"sanitized":228},{"summary":239,"deductions":240},"The 'what-the-file' v1.6.1 plugin exhibits a strong security posture regarding its attack surface and known vulnerabilities. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly reduces the potential entry points for attackers. Furthermore, the plugin has no recorded CVEs, indicating a history of responsible development or minimal public exposure of vulnerabilities. The code analysis also shows a positive sign with 100% of SQL queries utilizing prepared statements, a crucial practice for preventing SQL injection. The presence of capability checks (3) is also a good indicator of access control being considered.\n\nHowever, there are significant concerns regarding output escaping. With 2 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from user input or external sources without proper sanitization and escaping is a direct pathway for XSS attacks. The taint analysis, while reporting no critical or high severity flows, might not be capturing potential XSS if the output escaping is universally poor. The lack of nonce checks on any potential entry points (though none are apparent, this is a general concern for any plugin interacting with the frontend or backend) is also a missed opportunity for preventing Cross-Site Request Forgery (CSRF).\n\nIn conclusion, while the plugin benefits from a small attack surface and a clean vulnerability history, the complete lack of output escaping is a severe weakness that overshadows these strengths. This single flaw presents a clear and present danger of XSS vulnerabilities, which can lead to session hijacking, defacement, and other malicious activities. Developers must prioritize implementing proper output escaping mechanisms immediately.",[241],{"reason":242,"points":243},"0% output escaping",15,"2026-03-16T17:20:35.847Z",{"wat":246,"direct":257},{"assetPaths":247,"generatorPatterns":249,"scriptPaths":250,"versionParams":253},[248],"\u002Fwp-content\u002Fplugins\u002Fwhat-the-file\u002Fassets\u002Fimages\u002Fnever5-logo.png",[],[251,252],"\u002Fwp-content\u002Fplugins\u002Fwhat-the-file\u002Fassets\u002Fjs\u002Fadmin-bar-tweaks.js","\u002Fwp-content\u002Fplugins\u002Fwhat-the-file\u002Fassets\u002Fjs\u002Fwhat-the-file.js",[254,255,256],"what-the-file\u002Fassets\u002Fcss\u002Fadmin-bar-tweaks.css?ver=","what-the-file\u002Fassets\u002Fjs\u002Fadmin-bar-tweaks.js?ver=","what-the-file\u002Fassets\u002Fjs\u002Fwhat-the-file.js?ver=",{"cssClasses":258,"htmlComments":259,"htmlAttributes":260,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":264},[],[],[],[],[263],"window.whatTheFile",[]]