[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHiQC4SseRF3ZMv8vReAHwFA5Re7yZJUbv36k0KtXgaI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":128,"fingerprints":219},"wp-cms","WP-CMS","2.1","Gilbert Pellegrom","https:\u002F\u002Fprofiles.wordpress.org\u002Fgilbitron\u002F","\u003Cp>WP-CMS is a plugin for WordPress that changes the functionality of the WordPress admin backend to act more like a CMS.\u003Cbr \u002F>\nThe blog functionality becomes optional and the focus is on writing pages to make WordPress as user friendly for\u003Cbr \u002F>\nyou and your clients as possible.\u003C\u002Fp>\n","WP-CMS is a plugin for Wordpress that changes the functionality of the Wordpress admin backend to act more like a CMS.",20,19118,0,"2009-08-17T15:19:00.000Z","2.8.4","2.7","",[19,20,21,22,23],"admin","blog","cms","content","pages","http:\u002F\u002Fwww.gilbertpellegrom.co.uk\u002Fprojects\u002Fwp-cms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-cms.2.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"gilbitron",6,260,30,84,"2026-04-04T16:20:43.297Z",[38,59,79,94,111],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"more-types","More Types","1.2","henrikmelin","https:\u002F\u002Fprofiles.wordpress.org\u002Fhenrikmelin\u002F","\u003Cp>More Types is a WordPress plugin that adds new post types to the WordPress admin. For instance, if you run a music site you could create a review post type (based on the post). If you run a food blog you could create a post type for recipes.\u003C\u002Fp>\n\u003Cp>If you use More Fields in addition to More Types you could for instance add an input field where you put the ingredients and another where you input cooking time.\u003C\u002Fp>\n\u003Cp>With More Types you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create additional post types\u003C\u002Fli>\n\u003Cli>Allow different WordPress User roles to have different rights to review, save, and publish a specific post type (even built in post types)\u003C\u002Fli>\n\u003Cli>List posts in specific menus in the WordPress admin\u003C\u002Fli>\n\u003Cli>Set a range of editing capabilities of the post type based on user level\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More Types is part of a suite of plugins created to enhance the functionality of a vanilla WordPress installation. With More Fields you can create additional input fields for easier management of Custom fields, with More Taxonomies you can create additional taxonomies besides Categories and Tags. More Types works without the other plugins but interacts with them nicely.\u003C\u002Fp>\n\u003Cp>This plugins was born out of the development work done for \u003Ca href=\"http:\u002F\u002Fdagensskiva.com\u002F\" rel=\"nofollow ugc\">Dagensskiva\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fdagensbok.com\u002F\" rel=\"nofollow ugc\">Dagensbok\u003C\u002Fa> and user requests.\u003C\u002Fp>\n\u003Ch3>Upgrading from More Fields 1.x?\u003C\u002Fh3>\n\u003Cp>If you’re upgrading from More Fields 1.x you need to take a couple of steps to continue working with your already defined Post Types.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Upgrade to More Fields 1.5.1 (this prepares the More Fields fields and Post types for WP 3.0)\u003C\u002Fli>\n\u003Cli>Update to WordPress 3.0 still using More Fields 1.5.1\u003C\u002Fli>\n\u003Cli>Upgrade to More Fields 2.0\u003C\u002Fli>\n\u003Cli>Install More Types 1.0\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds any number of extra Post types, besides Post and Page, for the WordPess Admin. Also allows for special editing rights for specific User roles for …",900,38030,100,2,"2011-09-03T07:21:00.000Z","3.1.4","3.1",[19,21,54,55,56],"custom-post-types","extra-content","post-type","http:\u002F\u002Flabs.dagensskiva.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmore-types.1.2.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":77,"download_link":78,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"content-management-system-dashboard","CMS Dashboard","2.0","3pointross","https:\u002F\u002Fprofiles.wordpress.org\u002F3pointross\u002F","\u003Cp>Improve the usability of your WordPress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common tasks one would perform when using wordpress as a content management system.\u003C\u002Fp>\n\u003Cp>I have found that particularly when handing a WordPress CMS over to less than tech-savvy clients, there is often confusion on how to perform some of the more simple tasks simply because the WordPress side menu can be overwhelming. This plugin creates a simple to use dashboard interface that will let clients easily post, edit, manage users and change widgets with out having to do any hunting or searching.\u003C\u002Fp>\n","Improve the usability of your Wordpress CMS system. This plug-in creates a dashboard widget with clearly labeled large buttons of the most common task …",300,23105,80,1,"2010-09-07T19:39:00.000Z","3.0.5","3.0",[19,75,76,21,23],"administration","client","http:\u002F\u002Fworkshop.37designs.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-management-system-dashboard.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":67,"downloaded":87,"rating":69,"num_ratings":49,"last_updated":88,"tested_up_to":89,"requires_at_least":73,"requires_php":17,"tags":90,"homepage":92,"download_link":93,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"lock-pages","Lock Pages","0.3.1","Steve Taylor","https:\u002F\u002Fprofiles.wordpress.org\u002Fgyrus\u002F","\u003Cp>NOTE: This plugin is not tested with Gutenberg, and we have no near-term plans to do so. If using WP > 5.0, use the Classic Editor if there are problems.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin was originally designed to only lock pages, and only later added custom post type functionality. Hence the name, and sometimes the terminology will say “pages” when it means “any post type”.\u003C\u002Fp>\n\u003Cp>Sometimes some pages or other posts are too important to allow them to be casually moved about or deleted by site editors. An editor may think nothing of renaming a page’s slug, or deleting a page to replace it with something similar, perhaps unaware of effects on SEO. Also, certain pages might be essential to keep in place because of a site’s structure, or because of aspects of a custom theme.\u003C\u002Fp>\n\u003Cp>This plugin lets administrators “lock” any or all pages, and any post of any post type. “Locking” here basically means preventing non-admins from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Editing the item’s slug\u003C\u002Fli>\n\u003Cli>Changing the item’s parent\u003C\u002Fli>\n\u003Cli>Changing the item’s template\u003C\u002Fli>\n\u003Cli>Deleting the item\u003C\u002Fli>\n\u003Cli>Changing the item’s status\u003C\u002Fli>\n\u003Cli>Changing the item’s password protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Locking is implemented by preventing the actual database update being performed as well as, where possible, having the interface element for that field removed. Where possible interface elements are removed via WP filters on the server; otherwise, jQuery is used on the client.\u003C\u002Fp>\n\u003Cp>NOTE: Currently, I’ve been unable to get this working with the Quick Edit functionality. As a stop-gap measure, which is only in place because it seems to be better than nothing, the Quick Edit link is removed for users who can’t edit locked pages. I know, it’s not great. But until I work out how to selectively block Quick Editing, I’m assuming a locked page should be locked. Users can always edit the other fields via the normal edit page.\u003C\u002Fp>\n\u003Cp>Go to GitHub for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgyrus\u002FLock-Pages\" rel=\"nofollow ugc\">development code\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgyrus\u002FLock-Pages\u002Fissues\" rel=\"nofollow ugc\">issue tracking\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Quick Edit presents problems. I’ve worked out how to create hidden fields in the Quick Edit box, and to put the values in the hidden div, but I can’t work out how to dynamically populate the fields with the values, so the old values can be used if necessary on saving. For now Quick Edit is blocked for users who can’t edit locked pages.\u003C\u002Fli>\n\u003Cli>Although I’ve fixed the lock_parent function so it allows uploaded files to be attached to a locked page, it still prevents media already in the library from being attached when inserted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Ideas\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Include the locking checkbox for admins in the Quick Edit form.\u003C\u002Fli>\n\u003Cli>On the settings screen, use a drop-down for selecting which capability is needed for editing locked page elements.\u003C\u002Fli>\n\u003Cli>Implement a system to deal with descendants, e.g. an option to lock all descendants of a locked page or not.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lock Pages prevents specified pages (or all pages), posts, or custom post types from having their slug, parent, status or password edited, or from bei …",17843,"2018-12-19T15:28:00.000Z","4.9.29",[19,75,21,91,23],"page","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flock-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flock-pages.0.3.1.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":67,"downloaded":102,"rating":35,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":17,"tags":107,"homepage":109,"download_link":110,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"pagely-multiedit","Pagely MultiEdit","0.9.8.6","joshua strebel","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshuastrebel\u002F","\u003Cp>One thing I always wished WP would do better is allow for multiple editable content blocks on page templates. This plugin uses custom fields to create simple tinyMCE editable regions on page templates.\u003C\u002Fp>\n\u003Cp>See Instructions and Usage Examples here: \u003Ca href=\"https:\u002F\u002Fpagely.com\u002Fmultiedit-plugin\u002F\" rel=\"nofollow ugc\">Pagely MultiEdit plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>NOTE: Must be used inside\u002Fafter the opening loop statement:\u003Cbr \u002F>\nwhile (have_posts()) : the_post();\u003Cbr \u002F>\n  multieditDisplay(‘YourBlockName’);\u003C\u002Fp>\n\u003Cp>Brought to you by: \u003Ca href=\"https:\u002F\u002Fpagely.com\" rel=\"nofollow ugc\">Pagely WordPress Hosting\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fstrebel\" rel=\"nofollow ugc\">@strebel\u003C\u002Fa> and feel free to check out \u003Ca href=\"https:\u002F\u002Fpagely.com\" rel=\"nofollow ugc\">Pagely\u003C\u002Fa>\u003C\u002Fp>\n","MultiEdit adds tinyMCE editable \"blocks\" to WordPress custom page templates.",34377,5,"2016-05-10T20:26:00.000Z","4.5.33","2.9",[19,21,108,91,23],"formatting","https:\u002F\u002Fpagely.com\u002Fmultiedit-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpagely-multiedit.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":11,"downloaded":119,"rating":48,"num_ratings":49,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":126,"download_link":127,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"multiple-content-types","Multiple Content Types","1.0.0","Micah Wood","https:\u002F\u002Fprofiles.wordpress.org\u002Fwoodent\u002F","\u003Cp>\u003Cstrong>Multiple Content Types\u003C\u002Fstrong> is an intuitive plugin for easily selecting which content types (custom post types) you want to display on your main blog and archive pages.\u003C\u002Fp>\n\u003Ch4>How?\u003C\u002Fh4>\n\u003Cp>Using this plugin is simple:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>In the WordPress admin, click on ‘Settings’\u003C\u002Fli>\n\u003Cli>Click on ‘Reading’ in the sub-menu.\u003C\u002Fli>\n\u003Cli>Look for the item labeled ‘Content types to show on the main blog and archive pages’.\u003C\u002Fli>\n\u003Cli>Use the checkboxes to select the content types you want to show on your main blog and archive pages.\u003C\u002Fli>\n\u003Cli>Click ‘Save Changes’.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once you have completed the steps above, just visit your blog page to see the new content types!\u003C\u002Fp>\n\u003Ch4>Why?\u003C\u002Fh4>\n\u003Cp>Many sites have multiple content types and just displaying posts on your blog can be limiting. What if you wanted to feature other content types like ‘News’, ‘Announcements’, ‘Deals’, etc.? Well, now you can!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Provides the ability to show multiple content types on your main blog and archive pages.\u003C\u002Fli>\n\u003Cli>A minimal, yet intuitive, user interface.\u003C\u002Fli>\n\u003Cli>Clean, well written code that won’t bog down your site.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily select which content types (custom post types) you want to display on your main blog and archive pages.",1458,"2016-12-19T00:34:00.000Z","4.7.32","3.3",[124,20,125,54],"archive-pages","content-types","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultiple-content-types\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-content-types.1.0.0.zip",{"attackSurface":129,"codeSignals":148,"taintFlows":177,"riskAssessment":204,"analyzedAt":218},{"hooks":130,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":13,"unprotectedCount":13},[131,137,141],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","admin_menu","wp_cms","wp-cms.php",43,{"type":132,"name":138,"callback":139,"priority":48,"file":135,"line":140},"admin_head","update_css",44,{"type":132,"name":138,"callback":142,"file":135,"line":143},"add_javascript",45,[],[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":167,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":176},[],{"prepared":13,"raw":32,"locations":151},[152,156,158,161,163,165],{"file":153,"line":154,"context":155},"wp-cms.class.php",82,"$wpdb->get_results() with variable interpolation",{"file":153,"line":35,"context":157},"$wpdb->query() with variable interpolation",{"file":153,"line":159,"context":160},88,"$wpdb->get_var() with variable interpolation",{"file":135,"line":162,"context":155},63,{"file":135,"line":164,"context":157},65,{"file":135,"line":166,"context":160},69,{"escaped":13,"rawEcho":168,"locations":169},3,[170,173,174],{"file":135,"line":171,"context":172},79,"raw output",{"file":135,"line":35,"context":172},{"file":135,"line":175,"context":172},91,[],[178,195],{"entryPoint":179,"graph":180,"unsanitizedCount":49,"severity":194},"wp_cms_settings (wp-cms.php:53)",{"nodes":181,"edges":191},[182,186],{"id":183,"type":184,"label":185,"file":135,"line":171},"n0","source","$_SERVER['PHP_SELF'] (x2)",{"id":187,"type":188,"label":189,"file":135,"line":171,"wp_function":190},"n1","sink","echo() [XSS]","echo",[192],{"from":183,"to":187,"sanitized":193},false,"medium",{"entryPoint":196,"graph":197,"unsanitizedCount":49,"severity":203},"\u003Cwp-cms> (wp-cms.php:0)",{"nodes":198,"edges":201},[199,200],{"id":183,"type":184,"label":185,"file":135,"line":171},{"id":187,"type":188,"label":189,"file":135,"line":171,"wp_function":190},[202],{"from":183,"to":187,"sanitized":193},"low",{"summary":205,"deductions":206},"The \"wp-cms\" v2.1 plugin exhibits a concerning lack of security best practices, despite its seemingly small attack surface and zero recorded CVEs. The static analysis reveals significant vulnerabilities in how the plugin handles data. All 6 SQL queries are unparameterized, posing a high risk of SQL injection. Furthermore, none of the 3 output operations are properly escaped, creating a strong possibility of cross-site scripting (XSS) vulnerabilities. The taint analysis also flagged 2 flows with unsanitized paths, which, while not classified as critical or high severity in this report, directly correlate with the observed lack of escaping and could lead to serious security breaches if exploited.\n\nThe absence of any identified CVEs or past vulnerabilities might suggest a recent or less targeted plugin. However, the internal code quality issues are a significant red flag. The complete lack of capability checks, nonce checks, and proper output escaping on all analyzed entry points (even if the attack surface is currently zero) means that any future expansion or modification of the plugin could introduce critical vulnerabilities. The plugin's current state does not demonstrate robust security architecture, and the identified flaws require immediate attention to prevent potential compromise.",[207,209,211,214,216],{"reason":208,"points":11},"All SQL queries use prepared statements",{"reason":210,"points":11},"No output operations are properly escaped",{"reason":212,"points":213},"Taint flows with unsanitized paths found",10,{"reason":215,"points":103},"No capability checks",{"reason":217,"points":103},"No nonce checks","2026-03-16T23:06:00.150Z",{"wat":220,"direct":229},{"assetPaths":221,"generatorPatterns":224,"scriptPaths":225,"versionParams":226},[222,223],"\u002Fwp-content\u002Fplugins\u002Fwp-cms\u002Fwp-cms.css","\u002Fwp-content\u002Fplugins\u002Fwp-cms\u002Fwp-cms.js",[],[223],[227,228],"wp-cms\u002Fwp-cms.css?ver=","wp-cms\u002Fwp-cms.js?ver=",{"cssClasses":230,"htmlComments":232,"htmlAttributes":233,"restEndpoints":234,"jsGlobals":235,"shortcodeOutput":237},[231],"wp-cms-settings",[],[],[],[236],"window.location",[]]