[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fffDHuACav7F_6ZlJdPfL3niFYBEqXim5y91PuoPLRlQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":130,"fingerprints":277},"wowholic-core","Wowholic CORE","1.1.3","Wowholic","https:\u002F\u002Fprofiles.wordpress.org\u002Fwowholic\u002F","\u003Ch3>CORE: WordPress utilities\u003C\u002Fh3>\n\u003Cp>CORE is a utility-based, unintrusive WordPress plugin. It offers a simple UI to tweak many sensible default settings to quickstart your new fresh WordPress project. It’s recommended for developers building custom themes with ACF.\u003C\u002Fp>\n\u003Cp>CORE builds on top of Wowholic’s +5 years of experience developing fully custom WordPress sites, for all sorts of customers and industries. We made this plugin to be more efficient and productive in our own work, and we hope it helps you too!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean up unnecessary WordPress’ defaults:\n\u003Cul>\n\u003Cli>Remove comments widget styles\u003C\u002Fli>\n\u003Cli>Remove WP version from RSS feed\u003C\u002Fli>\n\u003Cli>Remove Gutenberg block library CSS (only if Classic Editor plugin is active)\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove post, category and comment feed links\u003C\u002Fli>\n\u003Cli>Remove Windows Live Writer link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove relational adjacent links\u003C\u002Fli>\n\u003Cli>Remove emoji detection script and styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Disable Theme & Plugin Editors, Widgets Admin Page, Default Post Type and Comments\u003C\u002Fli>\n\u003Cli>Set up some default redirections (archives, attachment pages…)\u003C\u002Fli>\n\u003Cli>Set up a visual grid on different breakpoints for debugging layout styles\u003C\u002Fli>\n\u003Cli>Enable layout spacing utility for debugging distances between elements (using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstevenlei\u002Fspacingjs\" rel=\"nofollow ugc\">spacingjs\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Add custom format options to TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow removing unnecessary buttons from TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable Theme Options \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Add label next to Flexible Content Layout name \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow shortcodes in excerpts, textareas and text fields \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable pretty Search URL\u003C\u002Fli>\n\u003Cli>Enable \u003Ccode>[email]\u003C\u002Fcode> shortcode for antispam\u003C\u002Fli>\n\u003Cli>Change WordPress’ upload size limit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these features are contextual, which means that they won’t show or work unless some condition is met (usually, if a given plugin is active or not).\u003C\u002Fp>\n\u003Ch3>Community Feedback\u003C\u002Fh3>\n\u003Cp>Although already providing many features, this plugin is still in its early stages of development. Please reach out to us for any constructive feedback you might have!\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you want to read contributing guidelines, you can find them at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>\u003C\u002Fp>\n","CORE makes you faster and more efficient when developing custom WordPress sites.",40,2316,0,"2025-12-04T09:20:00.000Z","6.9.4","5.6","7.0",[19,20,21,22,23],"custom-themes","development","efficiency","productivity","utility","https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwowholic-core.1.1.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"wowholic",1,30,94,"2026-04-04T15:11:05.755Z",[37,58,77,97,113],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":26,"downloaded":45,"rating":26,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"dash-todo","Simple Dashboard Todo","1.1.5","Sharif ME","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmeunus\u002F","\u003Cp>The Todo Plugin is a tool designed to enhance productivity and task management within the WordPress admin area. This plugin allows admins to easily create and manage tasks, keeping track of what needs to be done.\u003C\u002Fp>\n\u003Cp>You can manage the Todo from \u003Cem>Dashboard -> Todo\u003C\u002Fem> or from the \u003Cem>Dashboard widget\u003C\u002Fem>.\u003C\u002Fp>\n","A simple todo management plugin for WordPress site admins. Stay consistent and never forget anything.",5529,5,"2024-06-10T04:25:00.000Z","6.5.8","6.0","7.4",[52,22,53,23,54],"dashboard","todo","widget","https:\u002F\u002Fgithub.com\u002Fshariffff\u002Fdash-todo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdash-todo.1.1.5.zip",92,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"quickstart","QuickStart","1.13.0","Doug Wollison","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougwollison\u002F","\u003Cp>\u003Cstrong>This plugin is no longer being developed.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is no longer being developed.",10,4310,"2024-10-18T16:58:00.000Z","0.0.0","",[20,72,73,74,23],"framework","function","utilities","https:\u002F\u002Fgithub.com\u002Fdougwollison\u002Fquickstart","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquickstart.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":13,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"b-productiv-lite","B-Productiv Lite","1.0.0","calettso","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalettso\u002F","\u003Cp>B-Productiv Lite is a free productivity improvement plugin that helps improve productivity and efficiency.\u003Cbr \u002F>\nBuilt to integrate seamlessly with WordPress, you can set up tasks, alerts, step-by-step procedures, reminders, schedules,\u003Cbr \u002F>\nand their priority levels. The B-Productiv plugin will assist you by making sure these tasks are done. In essence,\u003Cbr \u002F>\nit is like the perfect office manager with the same passion for your business that you have, with exceptional organizational skills.\u003Cbr \u002F>\nIt frees you up from many of the everyday indirect operations within your organization, improves communication among your team,\u003Cbr \u002F>\nand allows you to get back to the core tasks of your organization. Even more……it helps you get back to making MONEY.\u003C\u002Fp>\n\u003Ch3>Need Support?\u003C\u002Fh3>\n\u003Cp>Rather than answering questions on multiple sites, we will consolidate our efforts to one site. To serve you better,\u003Cbr \u002F>\nwe will not offer support on the WordPress.org forum.\u003C\u002Fp>\n\u003Cp>To receive support you may visit our \u003Ca href=\"http:\u002F\u002Fclydelettsome.com\u002Fblog\u002Fb-productiv-help\u002F\" rel=\"nofollow ugc\">B-Productiv Help Page\u003C\u002Fa> where we can address any issues you are experiencing.\u003C\u002Fp>\n","The purpose of this plugin is to improve business productivity for small businesses and organizations especially those with employees and contractors &hellip;",1340,"2018-07-04T00:54:00.000Z","4.9.29","4.6","5.2.4",[91,21,22,92,93],"business","small-business","tasks","http:\u002F\u002Fclydelettsome.com\u002Fblog\u002Fb-productiv\u002F%20‎","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fb-productiv-lite.1.0.0.zip",85,{"slug":98,"name":99,"version":80,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":13,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":70,"tags":108,"homepage":70,"download_link":112,"security_score":96,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"development-mode","Development Mode","Jakobodb","https:\u002F\u002Fprofiles.wordpress.org\u002Fjakobodb\u002F","\u003Cp>This utility plugin changes the theme of the current user to Sunrise, and uses the Sunrise color scheme when browsing the front-end, to help ensure you are viewing and editing the Development Site when making crucial changes to a site.\u003C\u002Fp>\n\u003Cp>This plugin also adds a menu item to the admin bar to further confirm that you are on the Development Site.\u003C\u002Fp>\n","Uses Sunrise theme on Dashboard and Frontend to visually represent development mode",1151,"2017-05-09T10:41:00.000Z","4.7.32","3.0.1",[109,110,111,20,23],"admin","admin-bar","developer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevelopment-mode.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":13,"downloaded":121,"rating":26,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":50,"tags":126,"homepage":128,"download_link":129,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"safe-wp-updates-by-wp-boom","\"Safe WP Updates\" by WP Boom","1.3.61","wpboom","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpboom\u002F","\u003Cp>A site cloning and visual testing tool that allows creation of development sites for WordPress update testing through visual comparison via the Wp Boom service.\u003C\u002Fp>\n\u003Ch3>3rd Party or External Services\u003C\u002Fh3>\n\u003Cp>This plugin utilizes (2) 3rd party services located at:\u003C\u002Fp>\n\u003Ch4>https:\u002F\u002Fapp.wpboom.com\u002Fapi\u002Fv1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This service is the core of our plugin which allows us to queue remote screenshot of web pages and manage account-specific details for registered and unregistered usage of our snapshot service.\u003C\u002Fli>\n\u003Cli>Terms of Service Link: https:\u002F\u002Fwww.wpboom.com\u002Fterms-of-service\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>https:\u002F\u002Fopenai.chrisbond.dev\u002Ftunnel.php\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This service allows us to overcome certain roadblocks that occur due restrictions that users may not know exist on their host (such as internal IP addressing and DNS). These issues usually result in the inability for this plugin to communicate with our service located at https:\u002F\u002Fapp.wpboom.com\u003C\u002Fli>\n\u003Cli>Terms of Service Link: Link is embedded in JSON response when unauthenticated requests are made (you can see the response just by visiting the page at https:\u002F\u002Fopenai.chrisbond.dev\u002Ftunnel.php) and are the same terms located at https:\u002F\u002Fwww.wpboom.com\u002Fterms-of-service\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","A site cloning and visual testing tool that allows creation of development sites for WordPress update testing.",696,2,"2025-01-21T11:14:00.000Z","6.7.5","6.2",[20,127,23],"testing","https:\u002F\u002Fwww.wpboom.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-wp-updates-by-wp-boom.1.3.61.zip",{"attackSurface":131,"codeSignals":260,"taintFlows":270,"riskAssessment":271,"analyzedAt":276},{"hooks":132,"ajaxHandlers":253,"restRoutes":254,"shortcodes":255,"cronEvents":259,"entryPointCount":32,"unprotectedCount":13},[133,139,144,147,150,153,158,162,166,170,173,175,179,182,184,188,191,195,197,199,201,203,206,208,211,215,219,221,223,224,227,230,234,236,238,240,243,246,250],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","acf\u002Finit","closure","includes\\actions\\acf.php",7,{"type":140,"name":141,"callback":142,"file":137,"line":143},"filter","get_the_excerpt","do_shortcode",22,{"type":140,"name":145,"callback":142,"file":137,"line":146},"acf\u002Fformat_value\u002Ftype=textarea",23,{"type":140,"name":148,"callback":142,"file":137,"line":149},"acf\u002Fformat_value\u002Ftype=text",24,{"type":140,"name":151,"callback":136,"file":137,"line":152},"acf\u002Fsettings\u002Fshow_admin",31,{"type":134,"name":154,"callback":155,"file":156,"line":157},"init","wowcore_cleanup_head","includes\\actions\\cleanup.php",8,{"type":134,"name":159,"callback":160,"priority":26,"file":156,"line":161},"wp_enqueue_scripts","wowcore_remove_global_style_and_svg_filters",11,{"type":140,"name":163,"callback":164,"file":156,"line":165},"the_generator","__return_empty_string",14,{"type":140,"name":167,"callback":168,"priority":32,"file":156,"line":169},"wp_head","wowcore_remove_wp_widget_recent_comments_style",17,{"type":134,"name":167,"callback":171,"priority":32,"file":156,"line":172},"wowcore_remove_recent_comments_style",20,{"type":134,"name":159,"callback":174,"file":156,"line":146},"wowcore_remove_wp_block_library_css",{"type":140,"name":176,"callback":177,"priority":66,"file":178,"line":172},"script_loader_tag","wowcore_script_async_defer","includes\\actions\\filters.php",{"type":134,"name":180,"callback":136,"file":181,"line":138},"admin_menu","includes\\actions\\general.php",{"type":134,"name":183,"callback":136,"file":181,"line":149},"admin_init",{"type":140,"name":185,"callback":186,"priority":172,"file":181,"line":187},"comments_open","__return_false",45,{"type":140,"name":189,"callback":186,"priority":172,"file":181,"line":190},"pings_open",46,{"type":140,"name":192,"callback":193,"priority":66,"file":181,"line":194},"comments_array","__return_empty_array",49,{"type":134,"name":180,"callback":136,"file":181,"line":196},52,{"type":134,"name":154,"callback":136,"file":181,"line":198},58,{"type":134,"name":183,"callback":136,"file":181,"line":200},69,{"type":134,"name":180,"callback":136,"file":181,"line":202},78,{"type":140,"name":204,"callback":136,"file":181,"line":205},"upload_size_limit",87,{"type":134,"name":154,"callback":136,"file":181,"line":207},126,{"type":134,"name":209,"callback":136,"file":181,"line":210},"template_redirect",140,{"type":134,"name":167,"callback":212,"priority":26,"file":213,"line":214},"wowcore_add_grid_css","includes\\actions\\grid.php",221,{"type":134,"name":216,"callback":217,"priority":26,"file":213,"line":218},"wp_footer","wowcore_add_grid",222,{"type":134,"name":159,"callback":136,"file":220,"line":138},"includes\\actions\\layout.php",{"type":134,"name":209,"callback":136,"file":222,"line":138},"includes\\actions\\redirects.php",{"type":134,"name":209,"callback":136,"file":222,"line":143},{"type":140,"name":225,"callback":136,"file":226,"line":138},"tiny_mce_before_init","includes\\actions\\tinymce.php",{"type":140,"name":228,"callback":136,"file":226,"line":229},"mce_buttons_2",39,{"type":140,"name":231,"callback":232,"file":226,"line":233},"mce_buttons","wowcore_remove_tinymce_buttons",50,{"type":140,"name":228,"callback":232,"file":226,"line":235},51,{"type":140,"name":225,"callback":136,"file":226,"line":237},68,{"type":140,"name":225,"callback":136,"file":226,"line":239},84,{"type":134,"name":241,"callback":136,"file":242,"line":157},"after_setup_theme","includes\\boot.php",{"type":134,"name":244,"callback":136,"file":242,"line":245},"admin_enqueue_scripts",16,{"type":134,"name":247,"callback":136,"file":248,"line":249},"carbon_fields_register_fields","includes\\settings-page.php",6,{"type":134,"name":251,"callback":136,"file":248,"line":252},"carbon_fields_fields_registered",225,[],[],[256],{"tag":257,"callback":136,"file":181,"line":258},"email",98,[],{"dangerousFunctions":261,"sqlUsage":262,"outputEscaping":264,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":32,"bundledLibraries":266},[],{"prepared":13,"raw":13,"locations":263},[],{"escaped":165,"rawEcho":13,"locations":265},[],[267],{"name":268,"version":27,"knownCves":269},"TinyMCE",[],[],{"summary":272,"deductions":273},"The \"wowholic-core\" v1.1.3 plugin exhibits a strong security posture based on the provided static analysis. All identified entry points, including a shortcode, appear to be protected by capability checks. The code demonstrates excellent practices in database interaction, with 100% of SQL queries utilizing prepared statements. Furthermore, all output is properly escaped, and there are no detected dangerous functions, file operations, or external HTTP requests, indicating a low risk of common vulnerabilities such as SQL injection, arbitrary file access, or cross-site scripting (XSS) originating from these areas. The absence of any recorded CVEs further reinforces this positive assessment.\n\nWhile the plugin benefits from robust coding practices, the lack of nonce checks on its single shortcode entry point presents a potential, albeit minor, concern. Although capability checks are in place, nonce validation is a critical defense against Cross-Site Request Forgery (CSRF) attacks, especially for actions that might be triggered by user interaction. The taint analysis also reports zero flows, which is a good sign, but it's worth noting that this is based on zero analyzed flows, meaning the analysis might not have been exhaustive or comprehensive in uncovering all potential issues.\n\nIn conclusion, \"wowholic-core\" v1.1.3 appears to be a well-secured plugin with a clean vulnerability history and good adherence to secure coding principles. The primary area for improvement would be the implementation of nonce checks on its shortcode to mitigate the risk of CSRF. However, given the other security measures in place, the overall risk is currently assessed as low.",[274],{"reason":275,"points":46},"Shortcode entry point without nonce check","2026-03-16T22:07:07.382Z",{"wat":278,"direct":286},{"assetPaths":279,"generatorPatterns":283,"scriptPaths":284,"versionParams":285},[280,281,282],"\u002Fwp-content\u002Fplugins\u002Fwowholic-core\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fwowholic-core\u002Fassets\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fwowholic-core\u002Fassets\u002Fjs\u002Fspacing.min.js",[],[282,281],[],{"cssClasses":287,"htmlComments":294,"htmlAttributes":295,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":299},[288,289,290,291,292,293],"wowcore-grid","wowcore-grid_container","wowcore-grid_row","wowcore-grid_col","wowcore-toggle-grid","is-active",[],[296],"data-wowcore-grid",[],[],[]]