[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f00aBPtXN31waPKknZEeWLBRvSwomiWUvO2am2Xpryws":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":135,"fingerprints":242},"wp-customizer","WP Customizer","1.0.2","vicchi","https:\u002F\u002Fprofiles.wordpress.org\u002Fvicchi\u002F","\u003Cp>This plugin allows you to manage and load site specific functions, scripts and CSS files into your WordPress site without the need to edit your theme’s \u003Ccode>functions.php\u003C\u002Fcode> or any other source file.\u003C\u002Fp>\n\u003Cp>Settings and options include:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Choose the type of customization you want to load; functions, scripts, CSS in any combination.\u003C\u002Fli>\n\u003Cli>Choose where you want the customizations to load; in the WordPress front-end, in the WordPress admin screens or both.\u003C\u002Fli>\n\u003Cli>Choose where you want to store your customization files, without the need to add to or modify your theme’s or your plugin’s source files.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Filter Support And Usage\u003C\u002Fh3>\n\u003Cp>WP Customizer supports multiple filters; the plugin’s filters allow you to\u003C\u002Fp>\n\u003Cul>\n\u003Cli>modify the set of functions files that are about to be loaded\u003C\u002Fli>\n\u003Cli>modify the set of script files that are about to be loaded\u003C\u002Fli>\n\u003Cli>modify the characteristics of each script file that is about to be loaded and which will be passed as arguments to \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_enqueue_script\" rel=\"nofollow ugc\">\u003Ccode>wp_enqueue_script\u003C\u002Fcode>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>modify the set of CSS files that are about to be loaded\u003C\u002Fli>\n\u003Cli>modify the characteristics of each CSS file that is about to be loaded and which will be passed as arguments to \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_enqueue_style\" rel=\"nofollow ugc\">\u003Ccode>wp_enqueue_style\u003C\u002Fcode>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each filter will be only be called if the customization type is enabled in the plugin’s options; if a customization type is enabled but no files are found to be loaded, the filter will still be called but will be passed an empty argument.\u003C\u002Fp>\n\u003Cp>As with all WordPress filters, any filter hook function should either return the modified argument or the original argument if no modification were made.\u003C\u002Fp>\n\u003Ch4>wp_customizer_functions, wp_customizer_admin_functions, wp_customizer_common_functions\u003C\u002Fh4>\n\u003Cp>The \u003Cem>functions\u003C\u002Fem> filters are called when preparing to load the list of front-end functions (\u003Ccode>wp_customizer_functions\u003C\u002Fcode>), of admin functions (\u003Ccode>wp_customizer_admin_functions\u003C\u002Fcode>) and of common functions (\u003Ccode>wp_customizer_common_functions\u003C\u002Fcode>). The arguments that each filter hook function receives is identical in all cases. The filter hook function takes a single argument which is an array of file names.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example:\u003C\u002Fem> Prevent all function files from loading by returning an empty file list.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_customizer_functions', 'function_handler', 10, 1);\n\nfunction function_handler($files) {\n    \u002F\u002F $files = array(\n    \u002F\u002F      array(\n    \u002F\u002F          'file' => (absolute path of function file)\n    \u002F\u002F      ),\n    \u002F\u002F      array(...)\n    \u002F\u002F  );\n\n    return array();\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>wp_customizer_scripts, wp_customizer_admin_scripts, wp_customizer_common_scripts\u003C\u002Fh4>\n\u003Cp>The \u003Cem>scripts\u003C\u002Fem> filters are called when preparing to load the list of front-end scripts (\u003Ccode>wp_customizer_scripts\u003C\u002Fcode>), of admin scripts (\u003Ccode>wp_customizer_admin_scripts\u003C\u002Fcode>) and of common scripts (\u003Ccode>wp_customizer_common_scripts\u003C\u002Fcode>). The arguments that each filter hook function receives is identical in all cases. The filter hook function takes a single argument which is an array of file details.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example:\u003C\u002Fem> Add jQuery as a dependency to all scripts and enable each script to load in the post’s footer.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_customizer_scripts', 'script_handler', 10, 1);\n\nfunction script_handler($files) {\n    \u002F\u002F $files = array(\n    \u002F\u002F      array(\n    \u002F\u002F          'file' => (absolute path of script file),\n    \u002F\u002F          'handle' => (auto-generated handle for script),\n    \u002F\u002F          'src' => (URL of script file),\n    \u002F\u002F          'deps' => (dependencies, defaults to an empty array),\n    \u002F\u002F          'ver' => (version, defaults to false),\n    \u002F\u002F          'in_footer' => (load in footer, defaults to false),\n    \u002F\u002F      ),\n    \u002F\u002F      array(...)\n    \u002F\u002F );\n\n    foreach ($files as $file) {\n        $file['deps'] = array('jquery');\n        $file['in_footer'] = true;\n    }\n\n    return $files;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>wp_customizer_css, wp_customizer_admin_css, wp_customizer_common_css\u003C\u002Fh4>\n\u003Cp>The \u003Cem>CSS\u003C\u002Fem> filters are called when preparing to load the list of front-end CSS (\u003Ccode>wp_customizer_css\u003C\u002Fcode>), of admin CSS (\u003Ccode>wp_customizer_admin_css\u003C\u002Fcode>) and of common CSS (\u003Ccode>wp_customizer_common_css\u003C\u002Fcode>). The arguments that each filter hook function receives is identical in all cases. The filter hook function takes a single argument which is an array of file details.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example:\u003C\u002Fem> Override the media type for all CSS files to use the \u003Ccode>screen\u003C\u002Fcode> media type.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_customizer_css', 'css_handler', 10, 1);\n\nfunction css_handler($files) {\n    \u002F\u002F $files = array(\n    \u002F\u002F      array(\n    \u002F\u002F          'file' => (absolute path of css file),\n    \u002F\u002F          'handle' => (auto-generated handle for CSS),\n    \u002F\u002F          'src' => (URL of CSS file),\n    \u002F\u002F          'deps' => (dependencies, defaults to an empty array),\n    \u002F\u002F          'ver' => (version, defaults to false),\n    \u002F\u002F          'media' => (media type, defaults to 'all')\n    \u002F\u002F      ),\n    \u002F\u002F      array(...)\n    \u002F\u002F );\n\n    foreach ($files as $file) {\n        $file['media'] = 'screen';\n    }\n\n    return $files;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Easily load site specific functions, scripts and CSS files into your site without editing your theme's functions.php or other source files.",20,4421,100,2,"2017-11-09T17:31:00.000Z","4.8.28","4.8","",[20,21,22,23,4],"customise","customize","functions","scripts","http:\u002F\u002Fwww.vicchi.org\u002Fcodeage\u002Fwp-customizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-customizer.1.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},4,70,30,84,"2026-04-04T14:10:14.647Z",[38,58,81,97,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":56,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"ms-custom-login","MS Custom Login","1.1","Mizue Imai (Mignon Style)","https:\u002F\u002Fprofiles.wordpress.org\u002Fmignonstyle\u002F","\u003Cp>This plugin enables you to customize the login screen page by uploading image and choosing color in MS Custom Login Settings page. It utilize the media uploader and color picker of WordPress.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change the logo.\u003C\u002Fli>\n\u003Cli>Change the link of the logo to your homepage.\u003C\u002Fli>\n\u003Cli>Change the color of the ‘Login’ button.\u003C\u002Fli>\n\u003Cli>Set the size of the rounded rectangle of the login form.\u003C\u002Fli>\n\u003Cli>Set the background color and background image of the login form and login page.\u003C\u002Fli>\n\u003Cli>Set the background image repeat and position.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>GitHub\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fmignonstyle\u002Fms-custom-login\u003C\u002Fp>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese (ja) : Mignon Style\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cp>Special Thanks!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shinichi Nishikawa\u003C\u002Fli>\n\u003C\u002Ful>\n","Customize login page of your WordPress with images, colors and more.",900,32440,96,8,"2017-07-03T15:57:00.000Z","3.9",[53,54,20,21,55],"admin","custom","login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fms-custom-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fms-custom-login.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":32,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":18,"download_link":79,"security_score":80,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"customizer-disabler","Disable Customizer","2.2.7","joppuyo","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoppuyo\u002F","\u003Cp>Disable Customizer lets you completely disable Customizer on your WordPress site. This is useful in cases where you develop custom sites or themes that don’t use Customizer. Removing the extra “Customize” button that doesn’t actually do anything useful simplifies the WordPress admin user experience.\u003C\u002Fp>\n\u003Cp>The code is based on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fparallelus\u002Fcustomizer-remove-all-parts\" rel=\"nofollow ugc\">Customizer Remove All Parts\u003C\u002Fa> by Jesse Petersen and Andy Wilkerson.\u003C\u002Fp>\n\u003Ch3>Improvements compared to the original plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>I’ve added automated tests that ensure plugin works in new versions of WordPress and PHP.\u003C\u002Fli>\n\u003Cli>With the help of the automated tests, I’ve tested that the plugin works in WordPress 5.0 and later. The original plugin was only tested up to WordPress 4.4.\u003C\u002Fli>\n\u003Cli>The automated tests also ensure that the plugin works in PHP 7 and 8. The original plugin was only tested with PHP 5.\u003C\u002Fli>\n\u003Cli>Customizer Remove All Parts was removed from the plugin directory due to being “unused”, presumably since it hasn’t been updated in 5 years. Disable Customizer is available in the plugin directory so it can be easily installed and kept up to date\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In the process, I’ve dropped support for old versions of WordPress and PHP. I would have liked the continue supporting these but supporting a very wide range of WordPress and PHP versions becomes increasingly difficult. The upside is that since the tests are automated, I can be very certain that the versions claim to be supported are actually so. According to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fstats\u002F\" rel=\"ugc\">wordpress.org statistics\u003C\u002Fa> WordPress 5.0 and PHP 7 should cover around 90% of WordPress users.\u003C\u002Fp>\n\u003Ch3>Support the plugin\u003C\u002Fh3>\n\u003Cp>Maintaining a WordPress plugin is a lot of work. If you like the plugin, please consider rating it on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcustomizer-disabler\u002Freviews\u002F#new-post\" rel=\"ugc\">WordPress.org\u003C\u002Fa>. Thank you!\u003C\u002Fp>\n\u003Cp>If you are interested, you can also check out my other WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-media-pages\u002F\" rel=\"ugc\">Disable Media Pages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-drop-cap\u002F\" rel=\"ugc\">Disable Drop Cap\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-image-aspect-ratio-crop\u002F\" rel=\"ugc\">ACF Image Aspect Ratio Crop\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Completely disable Customizer on your WordPress site.",400,9593,80,"2024-04-04T10:25:00.000Z","6.5.8","5.0","7.0",[74,75,76,77,78],"customiser","customizer","disable","hide","remove","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomizer-disabler.2.2.7.zip",92,{"slug":82,"name":83,"version":6,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":13,"downloaded":88,"rating":27,"num_ratings":27,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":18,"download_link":96,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"woohoo","WooHoo! – WooCommerce customiser","MS","https:\u002F\u002Fprofiles.wordpress.org\u002Fcorgdesign\u002F","\u003Cp>Want to easily and quickly customise your WooCommerce shop? WooHoo! integrates seamlessly into the WooCommerce settings and allows you to easily and quickly:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a cart icon to your site\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable product gallery lightbox, slider, and zoom\u003C\u002Fli>\n\u003Cli>Change Add to cart button text\u003C\u002Fli>\n\u003Cli>Change product’s Description, Additional information, and Reviews tabs and titles\u003C\u002Fli>\n\u003Cli>Add a prefix to order numbers\u003C\u002Fli>\n\u003Cli>Add content to the Order complete page\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable WooCommerce breadcrumbs\u003C\u002Fli>\n\u003Cli>Autocomplete all orders – good if your shops sells just virtual or downloadable products\u003C\u002Fli>\n\u003Cli>Choose number of gallery thumbnails per row on product page\u003C\u002Fli>\n\u003Cli>Choose number of products per row on shop \u002F archive page\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable Order notes in checkout\u003C\u002Fli>\n\u003Cli>Change Place order button text in checkout\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable categories and tags on product page\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable product images in cart\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable related products on the product page\u003C\u002Fli>\n\u003Cli>Rename coupon field in cart\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WooHoo! requires WooCommerce 3.0+. Compatible with StoreFront Theme.\u003C\u002Fp>\n","Easily and quickly customise your WooCommerce shop.",5340,"2020-08-26T16:04:00.000Z","5.3.21","4.9.4",[93,94,95],"woocommerce","woocommerce-customiser","woocommerce-customizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoohoo.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":27,"num_ratings":27,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":18,"download_link":117,"security_score":80,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"secure-admin-login-with-customize","Secure Admin Login With Customize","1.4","Dilip Bheda","https:\u002F\u002Fprofiles.wordpress.org\u002Fdilipbheda\u002F","\u003Cp>Create your own custom admin login page with google recaptcha and captcha code.\u003C\u002Fp>\n\u003Cp>Plugin allows to change custom logo with replace with wordpress default logo, background color, background image, background slide show, form color, font size, login form position and many more features.\u003C\u002Fp>\n\u003Cp>Supports full features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can add Google Recaptcha in your wordpress admin form (Site Key & Secret Key are required).\u003C\u002Fli>\n\u003Cli>You can add Captcha Code in your wordpress admin form.\u003C\u002Fli>\n\u003Cli>You can add customer logo above wordpress admin form.\u003C\u002Fli>\n\u003Cli>You can add background color and background image to the wordpress admin form.\u003C\u002Fli>\n\u003Cli>You can add custom message\u002Ftext above & bottom of your wordpress admin login form.\u003C\u002Fli>\n\u003Cli>Free support.\u003C\u002Fli>\n\u003Cli>Multi-lingual support.\u003C\u002Fli>\n\u003Cli>Translation ready (Gujarati, Hindi).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Main features.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Recaptcha.\u003C\u002Fli>\n\u003Cli>Captcha Code.\u003C\u002Fli>\n\u003Cli>Login button hover color.\u003C\u002Fli>\n\u003Cli>Login button color.\u003C\u002Fli>\n\u003Cli>Admin form custom color.\u003C\u002Fli>\n\u003Cli>Admin form border custom style.\u003C\u002Fli>\n\u003Cli>Admin form label size.\u003C\u002Fli>\n\u003Cli>Admin form opacity.\u003C\u002Fli>\n\u003Cli>Admin form custom background image.\u003C\u002Fli>\n\u003Cli>Change label color.\u003C\u002Fli>\n\u003Cli>Change login form color.\u003C\u002Fli>\n\u003Cli>Set custom background image.\u003C\u002Fli>\n\u003Cli>Set background color.\u003C\u002Fli>\n\u003Cli>Add custom logo to admin login form.\u003C\u002Fli>\n\u003Cli>Logo width.\u003C\u002Fli>\n\u003Cli>Logo height.\u003C\u002Fli>\n\u003Cli>Logo link.\u003C\u002Fli>\n\u003Cli>Logo title.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure admin login with customize allows you to customize your WordPress admin login page within WordPress customizer.",10,2092,"2025-01-29T16:32:00.000Z","6.7.5","5.9","7.2",[112,113,114,115,116],"custom-admin-login","custom-login-logo","custom-wp-login","customise-wordpress-login","login-customizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-admin-login-with-customize.1.4.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":105,"downloaded":126,"rating":27,"num_ratings":27,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":133,"download_link":134,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"tt-options","TT-Options","1.0.6","thesabeltuto","https:\u002F\u002Fprofiles.wordpress.org\u002Fthesabeltuto\u002F","\u003Cp>This plugin is a simplified theme options where you can save styles, scripts and other codes to the database without having to edit any files on your theme. Makes your theme updates a worry-free! TT-Options is a plugin that provides users with limited theme options the unlimited possibilities to fully customize their website. Created by Thesabel Tuto.\u003C\u002Fp>\n","A simplified theme options where you can save styles, scripts and other codes to the database without having to edit any files on your theme.",1886,"2018-07-10T02:18:00.000Z","4.9.29","3.5.1",[54,21,131,23,132],"options","theme-options","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftt-options\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftt-options.1.0.6.zip",{"attackSurface":136,"codeSignals":142,"taintFlows":189,"riskAssessment":230,"analyzedAt":241},{"hooks":137,"ajaxHandlers":138,"restRoutes":139,"shortcodes":140,"cronEvents":141,"entryPointCount":27,"unprotectedCount":27},[],[],[],[],[],{"dangerousFunctions":143,"sqlUsage":144,"outputEscaping":147,"fileOperations":145,"externalRequests":27,"nonceChecks":187,"capabilityChecks":27,"bundledLibraries":188},[],{"prepared":145,"raw":27,"locations":146},1,[],{"escaped":27,"rawEcho":148,"locations":149},17,[150,154,156,158,160,162,163,165,168,170,172,174,176,179,181,183,185],{"file":151,"line":152,"context":153},"includes\\class-wp-customizer-admin.php",504,"raw output",{"file":151,"line":155,"context":153},538,{"file":151,"line":157,"context":153},539,{"file":151,"line":159,"context":153},540,{"file":151,"line":161,"context":153},544,{"file":151,"line":161,"context":153},{"file":151,"line":164,"context":153},552,{"file":166,"line":167,"context":153},"includes\\class-wp-customizer-files.php",130,{"file":166,"line":169,"context":153},134,{"file":166,"line":171,"context":153},137,{"file":166,"line":173,"context":153},140,{"file":166,"line":175,"context":153},141,{"file":177,"line":178,"context":153},"includes\\class-wp-customizer-pointers.php",195,{"file":177,"line":180,"context":153},199,{"file":177,"line":182,"context":153},214,{"file":177,"line":184,"context":153},216,{"file":177,"line":186,"context":153},218,3,[],[190,213],{"entryPoint":191,"graph":192,"unsanitizedCount":145,"severity":212},"admin_print_footer_scripts (includes\\class-wp-customizer-pointers.php:47)",{"nodes":193,"edges":208},[194,199,203],{"id":195,"type":196,"label":197,"file":177,"line":198},"n0","source","$_GET",187,{"id":200,"type":201,"label":202,"file":177,"line":198},"n1","transform","→ make_pointer_script()",{"id":204,"type":205,"label":206,"file":177,"line":182,"wp_function":207},"n2","sink","echo() [XSS]","echo",[209,211],{"from":195,"to":200,"sanitized":210},false,{"from":200,"to":204,"sanitized":210},"medium",{"entryPoint":214,"graph":215,"unsanitizedCount":145,"severity":212},"\u003Cclass-wp-customizer-pointers> (includes\\class-wp-customizer-pointers.php:0)",{"nodes":216,"edges":225},[217,219,220,221,223],{"id":195,"type":196,"label":197,"file":177,"line":218},107,{"id":200,"type":205,"label":206,"file":177,"line":182,"wp_function":207},{"id":204,"type":196,"label":197,"file":177,"line":198},{"id":222,"type":201,"label":202,"file":177,"line":198},"n3",{"id":224,"type":205,"label":206,"file":177,"line":182,"wp_function":207},"n4",[226,228,229],{"from":195,"to":200,"sanitized":227},true,{"from":204,"to":222,"sanitized":210},{"from":222,"to":224,"sanitized":210},{"summary":231,"deductions":232},"The 'wp-customizer' plugin v1.0.2 exhibits a mixed security posture. On one hand, the absence of known vulnerabilities and CVEs, along with the lack of an apparent attack surface via AJAX, REST API, shortcodes, or cron events, suggests a generally low risk of exploitation through common entry points. The use of prepared statements for its single SQL query is also a positive sign. However, several critical concerns emerge from the static code analysis. The fact that 100% of the 17 output operations are not properly escaped presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis revealing two flows with unsanitized paths, even if not classified as critical or high severity, warrants attention as these could potentially lead to unintended behavior or security breaches if combined with other factors. The plugin's vulnerability history is clean, which is encouraging, but this could also indicate limited testing or a very small user base, not necessarily guaranteed future security.",[233,236,238],{"reason":234,"points":235},"All outputs are unescaped, leading to XSS risk",16,{"reason":237,"points":49},"Taint flows with unsanitized paths detected",{"reason":239,"points":240},"No capability checks implemented",5,"2026-03-16T22:48:04.003Z",{"wat":243,"direct":254},{"assetPaths":244,"generatorPatterns":246,"scriptPaths":247,"versionParams":253},[245],"\u002Fwp-content\u002Fplugins\u002Fwp-customizer\u002Fincludes\u002Fwp-plugin-base\u002Fwp-plugin-base.php",[],[248,249,250,251,252],"\u002Fwp-content\u002Fplugins\u002Fwp-customizer\u002Fincludes\u002Fclass-wp-customizer-admin.php","\u002Fwp-content\u002Fplugins\u002Fwp-customizer\u002Fincludes\u002Fclass-wp-customizer-loader.php","\u002Fwp-content\u002Fplugins\u002Fwp-customizer\u002Fincludes\u002Fclass-wp-customizer-pointers.php","\u002Fwp-content\u002Fplugins\u002Fwp-customizer\u002Fincludes\u002Fclass-wp-customizer-upgrade.php","\u002Fwp-content\u002Fplugins\u002Fwp-customizer\u002Fincludes\u002Fclass-wp-customizer.php",[],{"cssClasses":255,"htmlComments":256,"htmlAttributes":258,"restEndpoints":260,"jsGlobals":261,"shortcodeOutput":263},[],[257],"\u003C!-- The way is shut. It was made by those who are dead, and the dead keep it. The way is shut. -->",[259],"data-wp-customizer-tab",[],[262],"window.wp_customizer_admin_data",[]]