[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flkfjAz5QgXjiAtcjvbfG2j55b9KC-scyYD4_JL4EneU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":162,"fingerprints":315},"wp-compiler","WP Compiler","1.0.0","Bytes.co","https:\u002F\u002Fprofiles.wordpress.org\u002Fburlingtonbytes\u002F","\u003Cp>Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools. Simply tell WP Compiler where to find your source files and where to put the compiled results, then throw your install into Dev Mode. WP Compiler watches your source folders for you, and recompiles your CSS and JS on any file change. WP Compiler supports both SCSS and LESS precompilers for CSS, to suit anyone’s preference.\u003C\u002Fp>\n\u003Cp>When you’re ready to launch a new site, just turn off Dev Mode, and your styles and javascript will be compiled & minimized and comments & source maps will be removed. With Dev mode disabled, Compiler will stop watching source directories, so there is no effect on site performance, but you can still apply a quick change at any time, by clicking the compile button in the admin toolbar.\u003C\u002Fp>\n\u003Cp>WP Compiler relies on \u003Ca href=\"http:\u002F\u002Fleafo.github.io\u002Fscssphp\u002F\" rel=\"nofollow ugc\">scssphp\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Flessphp.typesettercms.com\u002F\" rel=\"nofollow ugc\">lessphp\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.minifier.org\u002F\" rel=\"nofollow ugc\">minify\u003C\u002Fa>.\u003Cbr \u002F>\nSpecific issues with the underlying compilation libraries should be submitted to their respective developers.\u003C\u002Fp>\n","Harness the power of pre-processed CSS and minified JS in your theme or plugin, without any complicated installs or build tools.",1000,4390,100,6,"2018-10-22T15:17:00.000Z","5.0.25","4.8","5.6",[20,21,22,23,24],"compiled","less","sass","scss","styles","https:\u002F\u002Fgithub.com\u002Fburlingtonbytes\u002FWP-Compiler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-compiler.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58032","wp-compiler-cross-site-request-forgery","WP Compiler \u003C= 1.0.0 - Cross-Site Request Forgery","The WP Compiler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-26 17:32:45",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F733c291d-b4d9-4e39-a093-877574913609?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":50,"computed_at":52},"burlingtonbytes",4,5130,81,30,"2026-04-04T07:58:21.753Z",[54,80,101,122,143],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":75,"download_link":76,"security_score":77,"vuln_count":28,"unpatched_count":78,"last_vuln_date":79,"fetched_at":30},"wp-less","WP-LESS","1.9.8","thom4","https:\u002F\u002Fprofiles.wordpress.org\u002Foncletom\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Flesscss.org\" rel=\"nofollow ugc\">LESS\u003C\u002Fa> is a templating language based on top of CSS. It provides numerous enhancements to speed up development and make its maintenance easier.\u003C\u002Fp>\n\u003Cp>Theme developers can even bundle the plugin without worrying about conflicts: just include the special \u003Ccode>bootstrap-for-theme.php\u003C\u002Fcode> and read its instructions.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Variables\u003C\u002Fli>\n\u003Cli>Mixins (inheritance of rules)\u003C\u002Fli>\n\u003Cli>Nested Rules (write less, do more)\u003C\u002Fli>\n\u003Cli>Accessors (inherit a value from a specific rule)\u003C\u002Fli>\n\u003Cli>Functions (logic operations for dynamic results)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin lets you concentrate on what you need: coding CSS. Everything else is handled automatically, from cache management to user delivery.\u003Cbr \u002F>\nSeriously.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Advanced topics on how to use the plugin API are \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Foncletom\u002Fwp-less\u002Ftree\u002Fmaster\u002Fdoc\" rel=\"nofollow ugc\">available on the Github project documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>The sole requirement is to use WordPress API and LESS convention: the \u003Ccode>.less\u003C\u002Fcode> extension.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Minimal Requirements\u003C\u002Fstrong>: PHP 5.3 and WordPress 3.2.\u003Cbr \u002F>\n\u003Cstrong>Relies on\u003C\u002Fstrong>: \u003Ca href=\"http:\u002F\u002Flessphp.gpeasy.com\u002F\" rel=\"nofollow ugc\">Less.php\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fplugin-toolkit\u002F\" rel=\"ugc\">plugin-toolkit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Notice\u003C\u002Fem>: in case you’d like to drop the usage of this plugin, it’s safe to do it. You will just need to convert back your stylesheets to CSS.\u003C\u002Fp>\n","Implementation of LESS (Leaner CSS) in order to make themes development easier.",10000,235191,92,19,"2025-05-14T13:36:00.000Z","5.8.13","3.2","",[71,72,24,73,74],"lesscss","lessphp","stylesheet","toolkit","https:\u002F\u002Fgithub.com\u002Fthom4parisot\u002Fwp-less\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-less.1.9.8.zip",99,0,"2025-04-01 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":99,"download_link":100,"security_score":13,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"wp-scss","WP-SCSS","4.0.8","Connect Think","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnectthink\u002F","\u003Cp>Compiles .scss files on your wordpress install using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscssphp\u002Fscssphp\u002F\" rel=\"nofollow ugc\">ScssPhp\u003C\u002Fa>. Includes settings page for configuring directories, error reporting, compiling options, and auto enqueuing.\u003C\u002Fp>\n\u003Cp>The plugin only compiles when changes have been made to the scss files. Compiles are made to the matching css file, so disabling this plugin will not take down your stylesheets. In the instance where a matching css file does not exist yet, the plugin will create the appropriate css file in the css directory.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS\" rel=\"nofollow ugc\">Get detailed instructions on github\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Looking for a new maintainer\u003C\u002Fh3>\n\u003Cp>If you are interested in giving back to the open source plugin respond \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS\u002Fissues\u002F242\" rel=\"nofollow ugc\">here\u003C\u002Fa> with your interest\u003C\u002Fp>\n","Compiles .scss files to .css and enqueues them.",40000,481303,86,61,"2026-03-02T13:29:00.000Z","6.8.5","3.0.1","7.2",[97,22,23,98],"css","scssphp","https:\u002F\u002Fgithub.com\u002FConnectThink\u002FWP-SCSS","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-scss.4.0.8.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":69,"requires_php":69,"tags":115,"homepage":69,"download_link":118,"security_score":119,"vuln_count":120,"unpatched_count":78,"last_vuln_date":121,"fetched_at":30},"instant-css","Instant CSS","1.2.2","dylanblokhuis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdylanblokhuis\u002F","\u003Cp>Use the power of Visual Studio Code in WordPress to write your CSS or SCSS\u003C\u002Fp>\n\u003Cp>The plugin uses autoprefixer to parse your CSS\u002FSCSS into CSS that will work on older browsers, no need to write -webkit, -moz or -o.\u003C\u002Fp>\n\u003Cp>You can also choose to use SCSS, more info about SCSS here: https:\u002F\u002Fsass-lang.com\u002Fguide\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use all the powerful features from Visual Studio Code\u003C\u002Fli>\n\u003Cli>Your CSS gets compiled with autoprefixer to work on older browsers\u003C\u002Fli>\n\u003Cli>Use SCSS to create efficient stylesheets with variables, mixins, etc.\u003C\u002Fli>\n\u003Cli>Option to minify your CSS to reduce loading times\u003C\u002Fli>\n\u003Cli>No refreshing on saving\u003C\u002Fli>\n\u003Cli>Live editor updating styles on save and have the browser update simultaneously\u003C\u002Fli>\n\u003C\u002Ful>\n","Write your styles beautifully with the power of Visual Studio Code",4000,14854,98,15,"2023-09-21T07:16:00.000Z","6.3.8",[97,116,117,22,23],"custom-css","postcss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-css.zip",84,2,"2023-09-29 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":13,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":69,"tags":136,"homepage":139,"download_link":140,"security_score":141,"vuln_count":120,"unpatched_count":120,"last_vuln_date":142,"fetched_at":30},"lenix-scss-compiler","Lenix scss compiler","1.2","yonifre","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonifre\u002F","\u003Cp>A useful plugin for developers writing SCSS.\u003Cbr \u002F>\nThe plugin allows you to write SCSS directly on the server (via FTP) without the need for a local compiler.\u003C\u002Fp>\n\u003Cp>How It Works?\u003C\u002Fp>\n\u003Cp>Choose a source folder for SCSS and a target folder for CSS.\u003Cbr \u002F>\nWrite the SCSS code in the file on the source folder, and it automatically creates a CSS file in the target folder.\u003C\u002Fp>\n\u003Cp>What’s included?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Option for multiple source and destination folders.\u003C\u002Fli>\n\u003Cli>Allows you to set a folder in the entire wp-content space.\u003C\u002Fli>\n\u003Cli>Performance – only when one of the source files change – it re-compiling itself.\u003C\u002Fli>\n\u003Cli>After development  you can turn off \u002F delete the plugin without fear, and all the files are stay where they were.\u003C\u002Fli>\n\u003Cli>Allows you to develop a theme and plugin at the same time.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>source: themes\u002Fyour-theme\u002Fassets\u002Fscss\u002Fstyle.scss\u003C\u002Fp>\n\u003Cpre>\nbody {\n    color: black;\n    .main {\n        background: red;\n    }\n}\n\u003C\u002Fpre>\n\u003Cp>target: themes\u002Fyour-theme\u002Fassets\u002Fcss\u002Fstyle.css\u003C\u002Fp>\n\u003Cpre>\nbody {\n    color: black;\n}\n\nbody .main {\n    background: red;\n}\n\u003C\u002Fpre>\n\u003Cp>— pay attention!\u003Cbr \u002F>\nIf the file already exists in the destination folder – it will be overwritten by the SCSS file\u003C\u002Fp>\n","An excellent way to write Scss in wordpress",800,5799,3,"2022-05-21T04:48:00.000Z","5.9.13","3.8",[137,97,138,22,23],"compiler","local-compiler","https:\u002F\u002Flenix.co.il\u002Fplugin\u002Flenix-scss-compiler\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flenix-scss-compiler.zip",42,"2025-09-26 00:00:00",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":151,"downloaded":152,"rating":13,"num_ratings":132,"last_updated":153,"tested_up_to":154,"requires_at_least":155,"requires_php":69,"tags":156,"homepage":159,"download_link":160,"security_score":161,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"tuxedo-css-editor","Tuxedo CSS Editor","1.1","Trevor Anderson","https:\u002F\u002Fprofiles.wordpress.org\u002Fandtrev\u002F","\u003Cp>Edit CSS\u002FSass\u002FLess and watch it update in realtime with the customizer.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use advanced CSS preprocessors Sass or Less.\u003C\u002Fli>\n\u003Cli>Autoprefixer support, write your CSS rules without vendor prefixes and let Autoprefixer add vendor prefixes for you.\u003C\u002Fli>\n\u003Cli>Syntax highlighting editor with options for color themes and font sizes.\u003C\u002Fli>\n\u003Cli>Sass and Less preprocessor options for compressed or uncompressed output.\u003C\u002Fli>\n\u003Cli>Autoprefixer options to control browser prefix output.\u003C\u002Fli>\n\u003Cli>Easily download processed output as a standalone css file.\u003C\u002Fli>\n\u003C\u002Ful>\n","Realtime CSS editing in the customizer with Sass, Less and Autoprefixer support.",80,2962,"2016-04-21T07:09:00.000Z","4.5.33","3.4",[157,97,158,21,22],"autoprefixer","customizer","https:\u002F\u002Fgithub.com\u002Fandtrev\u002FTuxedo-CSS-Editor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftuxedo-css-editor.1.1.zip",85,{"attackSurface":163,"codeSignals":234,"taintFlows":272,"riskAssessment":299,"analyzedAt":314},{"hooks":164,"ajaxHandlers":230,"restRoutes":231,"shortcodes":232,"cronEvents":233,"entryPointCount":78,"unprotectedCount":78},[165,171,176,180,184,188,191,196,201,205,208,211,214,218,222,226],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","init","watch_src_folders","wp-compiler.php",43,{"type":166,"name":172,"callback":173,"priority":174,"file":169,"line":175},"admin_bar_menu","add_compiler_button",999,44,{"type":166,"name":177,"callback":178,"file":169,"line":179},"admin_post_wp_compiler_compile","process_compile_request",45,{"type":166,"name":181,"callback":182,"file":169,"line":183},"admin_post_wp_compiler_compile_dev_mode","process_dev_mode_request",46,{"type":166,"name":185,"callback":186,"file":169,"line":187},"admin_head","adminbar_style",47,{"type":166,"name":189,"callback":186,"file":169,"line":190},"wp_head",48,{"type":192,"name":193,"callback":194,"file":169,"line":195},"filter","wp_compiler_dev_mode","announce_dev_mode",49,{"type":192,"name":197,"callback":198,"priority":199,"file":169,"line":200},"wp_compiler_script_version","compiler_script_version",10,50,{"type":192,"name":202,"callback":203,"priority":199,"file":169,"line":204},"wp_compiler_style_version","compiler_style_version",51,{"type":192,"name":206,"callback":194,"file":169,"line":207},"bbytes_dev_utils_dev_mode",52,{"type":192,"name":209,"callback":198,"priority":199,"file":169,"line":210},"bbytes_compiler_script_version",53,{"type":192,"name":212,"callback":203,"priority":199,"file":169,"line":213},"bbytes_compiler_style_version",54,{"type":166,"name":215,"callback":216,"file":169,"line":217},"admin_menu","make_options_page",55,{"type":166,"name":219,"callback":220,"file":169,"line":221},"admin_init","register_compiler_settings",56,{"type":166,"name":223,"callback":224,"file":169,"line":225},"admin_footer","enqueue_compiler_admin_scripts",57,{"type":166,"name":227,"callback":228,"file":169,"line":229},"admin_notices","show_errors",58,[],[],[],[],{"dangerousFunctions":235,"sqlUsage":236,"outputEscaping":238,"fileOperations":270,"externalRequests":78,"nonceChecks":78,"capabilityChecks":78,"bundledLibraries":271},[],{"prepared":78,"raw":78,"locations":237},[],{"escaped":239,"rawEcho":112,"locations":240},7,[241,244,247,249,252,254,255,256,257,259,260,262,264,266,268],{"file":242,"line":14,"context":243},"includes\\templates\\css-header.php","raw output",{"file":245,"line":246,"context":243},"includes\\templates\\error-message.php",17,{"file":248,"line":239,"context":243},"includes\\templates\\js-header.php",{"file":250,"line":251,"context":243},"includes\\templates\\option-page.php",36,{"file":250,"line":253,"context":243},39,{"file":250,"line":141,"context":243},{"file":250,"line":179,"context":243},{"file":250,"line":91,"context":243},{"file":250,"line":258,"context":243},62,{"file":250,"line":27,"context":243},{"file":250,"line":261,"context":243},67,{"file":250,"line":263,"context":243},75,{"file":250,"line":265,"context":243},78,{"file":169,"line":267,"context":243},70,{"file":169,"line":269,"context":243},71,9,[],[273,291],{"entryPoint":274,"graph":275,"unsanitizedCount":28,"severity":39},"redirect_to_referrer (wp-compiler.php:238)",{"nodes":276,"edges":288},[277,282],{"id":278,"type":279,"label":280,"file":169,"line":281},"n0","source","$_SERVER",239,{"id":283,"type":284,"label":285,"file":169,"line":286,"wp_function":287},"n1","sink","wp_redirect() [Open Redirect]",243,"wp_redirect",[289],{"from":278,"to":283,"sanitized":290},false,{"entryPoint":292,"graph":293,"unsanitizedCount":28,"severity":39},"\u003Cwp-compiler> (wp-compiler.php:0)",{"nodes":294,"edges":297},[295,296],{"id":278,"type":279,"label":280,"file":169,"line":281},{"id":283,"type":284,"label":285,"file":169,"line":286,"wp_function":287},[298],{"from":278,"to":283,"sanitized":290},{"summary":300,"deductions":301},"The wp-compiler v1.0.0 plugin exhibits a mixed security posture.  On one hand, the static analysis reveals a promising absence of direct attack surface entry points like AJAX handlers, REST API routes, shortcodes, and cron events that lack authentication or permission checks. Furthermore, all SQL queries are properly prepared, indicating good database interaction practices. However, there are significant concerns regarding output escaping, with only 32% of outputs being properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully. The presence of two taint flows with unsanitized paths, even if not classified as critical or high severity, warrants attention as it suggests potential injection risks.\n\nThe vulnerability history is a major red flag. The plugin has a documented medium severity CVE that remains unpatched, and the common vulnerability type being Cross-Site Request Forgery (CSRF) suggests a pattern of insecure handling of user actions. The existence of an unpatched vulnerability, especially one from a relatively recent date, indicates a lack of ongoing maintenance and proactive security patching.\n\nIn conclusion, while the plugin avoids common pitfalls like direct unauthenticated entry points and raw SQL, the insufficient output escaping, identified taint flows, and particularly the unpatched historical vulnerability point to a significant risk. The plugin's strengths lie in its limited attack surface and secure database practices, but its weaknesses in output sanitization and vulnerability management are critical concerns that outweigh these positives.",[302,304,307,310,312],{"reason":303,"points":112},"Unpatched medium severity CVE",{"reason":305,"points":306},"Taint flows with unsanitized paths",5,{"reason":308,"points":309},"Low percentage of properly escaped output",8,{"reason":311,"points":306},"No nonce checks",{"reason":313,"points":306},"No capability checks","2026-03-16T19:07:34.121Z",{"wat":316,"direct":323},{"assetPaths":317,"generatorPatterns":319,"scriptPaths":320,"versionParams":322},[318],"\u002Fwp-content\u002Fplugins\u002Fwp-compiler\u002Fincludes\u002Fcss\u002Fadmin-styles.css",[],[321],"\u002Fwp-content\u002Fplugins\u002Fwp-compiler\u002Fincludes\u002Fjs\u002FsettingsPage.js",[],{"cssClasses":324,"htmlComments":328,"htmlAttributes":329,"restEndpoints":330,"jsGlobals":331,"shortcodeOutput":332},[325,326,327],"wp_compiler_compile","wp_compiler_dev_mode_on","wp_compiler_compile_dev_mode",[],[],[],[],[]]