[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5f6JgT9946kmf8Jw53GaSI9xJD6SGenFcuvi-7k-fLE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":156,"fingerprints":235},"wp-dashboard-beacon","Dashboard Beacon","1.2.0","janhenckens","https:\u002F\u002Fprofiles.wordpress.org\u002Fjanhenckens\u002F","\u003Cp>This plugin makes it fast and easy to integrate Help Scout’s Beacon feature into your WordPress dashboard. That way, your client has easy access to your documentation and\u002For has an easy way of contacting you in case they encounter a problem.\u003C\u002Fp>\n\u003Cp>Read more about Help Scout Beaon \u003Ca href=\"http:\u002F\u002Fwww.helpscout.net\u002Fblog\u002Fintroducing-beacon\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: the plugin or it’s author are not affiliated with Help Scout in any way.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>After installation, you can customize the beacon’s options, icon and colour.\u003Cbr \u002F>\nYou can also enable the plugin for selected member roles, giving you control over which of your users has access to the beacon and can contact you.\u003C\u002Fp>\n","Easily integrate a Help Scout beacon in your site's dashboard.",10,1843,0,"","4.5.33","3.5.0",[18,19,20,21,22],"client","dashboard","documentation","helpscout","support","http:\u002F\u002Fonedge.be","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-beacon.1.2.0.zip",78,1,"2025-12-31 00:00:00","2026-03-15T10:48:56.248Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-49337","dashboard-beacon-authenticated-administrator-stored-cross-site-scripting","Dashboard Beacon \u003C= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Dashboard Beacon plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.2.0","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-05 18:15:33",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd6558119-35fe-4aa9-8e5a-4b9df329d8b6?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},3,50,82,2188,66,"2026-04-04T13:46:09.532Z",[52,71,91,114,141],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":11,"downloaded":60,"rating":13,"num_ratings":13,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":14,"tags":64,"homepage":14,"download_link":68,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":70},"wp-dash-support","WP Dash Support","1.1.2","Moe Loubani","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoeloubani1\u002F","\u003Cp>A simple plugin that you can use that will let your clients contact you from right on their dashboard. The email you get\u003Cbr \u002F>\nfrom them will include a bunch of diagnostic info that you can use to help get an idea about the problem.\u003C\u002Fp>\n\u003Cp>This includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP Version\u003C\u002Fli>\n\u003Cli>Server type (Apache \u002F Ngnix)\u003C\u002Fli>\n\u003Cli>MySQL version\u003C\u002Fli>\n\u003Cli>WordPress version\u003C\u002Fli>\n\u003Cli>Site URL\u003C\u002Fli>\n\u003Cli>Active plugins\u003C\u002Fli>\n\u003Cli>Inactive plugins\u003C\u002Fli>\n\u003Cli>And more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have any questions feel free to visit my website http:\u002F\u002Fwww.moeloubani.com and ask.\u003C\u002Fp>\n\u003Cp>Enjoy!\u003C\u002Fp>\n","A plugin that adds a contact form on the dashboard for developers to use to give clients an easier way to contact them.",1816,"2016-08-16T19:17:00.000Z","4.8.28","4.0",[65,66,67],"client-support","dashboard-widget","developer-tool","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dash-support.zip",85,"2026-03-15T15:16:48.613Z",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":14,"tags":86,"homepage":14,"download_link":90,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":70},"display-php-version","Display PHP Version","1.8","David Gwyer","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgwyer\u002F","\u003Cp>Very lightweight and simple plugin that displays the currently installed PHP\u002FMySQL version in the “At a Glance” admin dashboard widget.\u003C\u002Fp>\n\u003Cp>In the latest plugin version you can also view the current MySQL version when hovering over the PHP version text. We chose to implement it this way as you may not need to know the MySQL version as often as the PHP version, and it just adds unnecessary visual noise.\u003C\u002Fp>\n\u003Cp>Just hover over the PHP version label to display the installed MySQL version.\u003C\u002Fp>\n\u003Cp>Also, on some Windows based servers the returned MySQL version can be displayed with a \u003Ccode>5.5.5-\u003C\u002Fcode> prefix which can be a little annoying, so this is removed for convenience.\u003C\u002Fp>\n\u003Cp>Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdisplay-php-version\" rel=\"ugc\">\u003Cstrong>rate\u003C\u002Fstrong>\u003C\u002Fa> this Plugin if you find it useful. It only takes a moment but it’s very much appreciated. 🙂\u003C\u002Fp>\n\u003Cp>And here’s how you can \u003Ca href='https:\u002F\u002Fwww.paypal.com\u002Fbiz\u002Ffund?id=6EW7V4MWJP8ZE' rel=\"nofollow ugc\">help support\u003C\u002Fa> our open source work. We couldn’t do this without you!\u003C\u002Fp>\n\u003Cp>For more plugins see our \u003Ca href=\"https:\u002F\u002Fwww.wpgoplugins.com\" rel=\"nofollow ugc\">WordPress plugin site\u003C\u002Fa>.\u003C\u002Fp>\n","Displays the currently installed PHP\u002FMySQL version in the \"At a Glance\" admin dashboard widget.",30000,500094,98,35,"2023-05-16T17:30:00.000Z","6.2.9","3.0",[87,19,88,22,89],"admin","server","version","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-php-version.1.8.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":14,"tags":106,"homepage":111,"download_link":112,"security_score":113,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":70},"wp-help","WP Help","1.7.5","Mark Jaquith","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkjaquith\u002F","\u003Cp>Site operators can create detailed, hierarchical documentation for the site’s authors, editors, and contributors, viewable in the WordPress admin. Powered by Custom Post Types, you get all the power of WordPress to create, edit, and arrange your documentation. Perfect for customized client sites. Never send another “here’s how to use your site” e-mail again!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NEW\u003C\u002Fstrong>: You can now pull in help documents from another WP Help install, and they will be automatically updated when the source documents change (even additions and deletions!). Perfect for WordPress multisite installs, or consultants with a large number of client installs.\u003C\u002Fp>\n","Site operators can create detailed, hierarchical documentation for the site's authors, editors, and contributors, viewable in the WordPress admin &hellip;",10000,287232,96,54,"2024-04-20T18:45:00.000Z","6.5.8","4.9",[107,108,109,20,110],"client-sites","clients","docs","help","http:\u002F\u002Ftxfx.net\u002Fwordpress-plugins\u002Fwp-help\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-help.1.7.5.zip",92,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":136,"download_link":137,"security_score":138,"vuln_count":139,"unpatched_count":13,"last_vuln_date":140,"fetched_at":70},"wp-client-reports","WP Client Reports","1.0.24","Mike Gillihan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikegillihan\u002F","\u003Cp>WP Client Reports is a powerful plugin designed for WordPress freelancers, agencies, and website managers who provide care and maintenance services for their clients and stakeholders.\u003C\u002Fp>\n\u003Ch3>Streamline Your Maintenance Reporting\u003C\u002Fh3>\n\u003Cp>This essential tool tracks WordPress core, plugin, and theme updates on the fly and provides detailed, professional reports directly inside the WordPress admin dashboard.\u003C\u002Fp>\n\u003Cp>You and your clients can quickly switch between different time periods to view update statistics, giving you and them a clear, on-demand understanding of maintenance activities.\u003C\u002Fp>\n\u003Ch3>Email Maintenance Reports to Key Stakeholders\u003C\u002Fh3>\n\u003Cp>Keeping your clients and other site stakeholders updated with a detailed, professional-looking email report is a simple point-and-click! The are no PDFs here, just a nicely designed email.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>WP Client Reports Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  This plugin is the lite version of WP Client Reports Pro, which includes custom branding, automated report scheduling, maintenance notes, and many other integrations.\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002Fwpclientreports.com\u002F?utm_source=wporg&utm_medium=link&utm_campaign=wpclientreports&utm_content=readme\" rel=\"nofollow ugc\">Click here to purchase the best WordPress reporting plugin now!\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>— Pro Version —\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpclientreports.com?utm_source=wporg&utm_medium=link&utm_campaign=wpclientreports&utm_content=readme\" rel=\"nofollow ugc\">WP Client Reports Pro\u003C\u002Fa> takes your client reporting to the next level. With this upgrade, you can brand your maintenance reports with your logo and company color, schedule automatic report delivery, and integrate additional statistics from a variety of services and plugins.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpclientreports.com\u002Fpricing\u002F?utm_source=wporg&utm_medium=link&utm_campaign=wpclientreports&utm_content=readme\" rel=\"nofollow ugc\">Click here to purchase WP Client Reports Pro now!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Pro Version Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Branding\u003C\u002Fstrong>: Personalize your reports with your company’s branding, adding a professional touch to your communications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scheduled Reports\u003C\u002Fstrong>: Set up automatic delivery of reports on a weekly or monthly basis, ensuring consistent and timely updates for your clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extended Integrations\u003C\u002Fstrong>: Enhance your reports with additional statistics from:\n\u003Cul>\n\u003Cli>Site Maintenance Notes\u003C\u002Fli>\n\u003Cli>Google Analytics\u003C\u002Fli>\n\u003Cli>Form Plugins (Gravity Forms, Ninja Forms, WP Forms, Formidable Forms, Contact Form 7)\u003C\u002Fli>\n\u003Cli>Uptime Monitoring (Uptime Robot, Pingdom)\u003C\u002Fli>\n\u003Cli>Backup Solutions (UpdraftPlus, BackWPup, BackupBuddy, WPEngine Backups)\u003C\u002Fli>\n\u003Cli>Email Marketing (Mailchimp)\u003C\u002Fli>\n\u003Cli>Search Optimization (SearchWP)\u003C\u002Fli>\n\u003Cli>E-commerce and Donations (WooCommerce, Easy Digital Downloads, GiveWP, Stripe)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The Perfect Solution for WordPress Professionals\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Elevate Your Brand\u003C\u002Fstrong>: Stand out with reports that reflect your company’s identity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamline Your Workflow\u003C\u002Fstrong>: Automate report delivery, saving you time and effort.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provide Comprehensive Insights\u003C\u002Fstrong>: Offer clients a complete overview of their website’s performance and your maintenance activities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Have an idea that should be added? Submit a feature request at \u003Ca href=\"https:\u002F\u002Fwpclientreports.com\u002Ffeature-requests\u002F?utm_source=wporg&utm_medium=link&utm_campaign=wpclientreports&utm_content=readme\" rel=\"nofollow ugc\">wpclientreports.com\u003C\u002Fa>.\u003C\u002Fp>\n","The best maintenance reporting tool for WordPress professionals. Display update statistics directly in the WordPress admin or send reports via email.",6000,56093,100,5,"2025-04-17T01:04:00.000Z","6.8.5","5.3.0","5.6.2",[131,132,133,134,135],"analytics","client-dashboard","client-reports","maintenance-reports","reports","https:\u002F\u002Fwpclientreports.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-client-reports.1.0.24.zip",99,2,"2024-04-12 00:00:00",{"slug":142,"name":143,"version":144,"author":145,"author_profile":146,"description":147,"short_description":148,"active_installs":149,"downloaded":150,"rating":124,"num_ratings":26,"last_updated":151,"tested_up_to":127,"requires_at_least":85,"requires_php":14,"tags":152,"homepage":154,"download_link":155,"security_score":124,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":70},"wp-php-version-display","WP PHP Version Display","2.0","Arul Prasad J","https:\u002F\u002Fprofiles.wordpress.org\u002Farulprasadj\u002F","\u003Cp>This is a lightweight WordPress plugin that displays the current running PHP\u002FMySQL version inside “At a Glance” admin dashboard widget.\u003C\u002Fp>\n\u003Cp>Plugin uses standard actions and filters only. (No jQuery used)\u003C\u002Fp>\n\u003Cp>If you love this plugin, \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Farulprasadj?locale.x=en_GB\" rel=\"nofollow ugc\">buy me a cup of coffee\u003C\u002Fa>\u003C\u002Fp>\n","Displays the current running PHP\u002FMySQL version inside \"At a Glance\" admin dashboard widget.",3000,20171,"2025-04-25T13:28:00.000Z",[87,19,153,88,22],"php","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-php-version-display\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-php-version-display.2.0.zip",{"attackSurface":157,"codeSignals":187,"taintFlows":220,"riskAssessment":221,"analyzedAt":234},{"hooks":158,"ajaxHandlers":183,"restRoutes":184,"shortcodes":185,"cronEvents":186,"entryPointCount":13,"unprotectedCount":13},[159,165,168,170,172,175,178,181],{"type":160,"name":161,"callback":162,"file":163,"line":164},"action","plugins_loaded","anonymous","includes\\class-wp-dashboard-beacon.php",140,{"type":160,"name":166,"callback":162,"file":163,"line":167},"admin_enqueue_scripts",155,{"type":160,"name":166,"callback":162,"file":163,"line":169},156,{"type":160,"name":166,"callback":162,"file":163,"line":171},157,{"type":160,"name":173,"callback":162,"file":163,"line":174},"admin_menu",158,{"type":160,"name":176,"callback":162,"file":163,"line":177},"admin_init",159,{"type":160,"name":179,"callback":162,"file":163,"line":180},"wp_enqueue_scripts",173,{"type":160,"name":179,"callback":162,"file":163,"line":182},174,[],[],[],[],{"dangerousFunctions":188,"sqlUsage":189,"outputEscaping":191,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":219},[],{"prepared":13,"raw":13,"locations":190},[],{"escaped":192,"rawEcho":193,"locations":194},4,11,[195,199,201,203,205,207,209,211,213,215,217],{"file":196,"line":197,"context":198},"admin\\class-wp-dashboard-beacon-admin.php",352,"raw output",{"file":196,"line":200,"context":198},361,{"file":196,"line":202,"context":198},367,{"file":196,"line":204,"context":198},373,{"file":196,"line":206,"context":198},383,{"file":196,"line":208,"context":198},390,{"file":196,"line":210,"context":198},411,{"file":196,"line":212,"context":198},428,{"file":196,"line":214,"context":198},433,{"file":196,"line":216,"context":198},434,{"file":196,"line":218,"context":198},435,[],[],{"summary":222,"deductions":223},"The wp-dashboard-beacon plugin v1.2.0 presents a mixed security posture.  On the positive side, the static analysis reveals no identified dangerous functions, no direct SQL queries outside of prepared statements, and a complete absence of file operations or external HTTP requests. The attack surface is reported as zero entry points, and importantly, zero unprotected entry points, suggesting a generally secure design in these areas. However, a significant concern arises from the low rate of output escaping (27%), indicating a high likelihood of cross-site scripting (XSS) vulnerabilities, especially when considering the plugin's vulnerability history. The absence of nonce and capability checks on the identified entry points is also a notable weakness, despite the zero count, as it suggests a lack of built-in protective measures for potential future entry points.",[224,227,230,232],{"reason":225,"points":226},"Unpatched CVEs",20,{"reason":228,"points":229},"Low output escaping percentage",6,{"reason":231,"points":125},"No nonce checks",{"reason":233,"points":125},"No capability checks","2026-03-16T23:17:56.329Z",{"wat":236,"direct":245},{"assetPaths":237,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[238,239],"\u002Fwp-content\u002Fplugins\u002Fwp-dashboard-beacon\u002Fadmin\u002Fcss\u002Fwp-dashboard-beacon-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-dashboard-beacon\u002Fadmin\u002Fjs\u002Fwp-dashboard-beacon-beacon.js",[],[],[243,244],"wp-dashboard-beacon-admin.css?ver=","wp-dashboard-beacon-beacon.js?ver=",{"cssClasses":246,"htmlComments":247,"htmlAttributes":248,"restEndpoints":258,"jsGlobals":259,"shortcodeOutput":261},[],[],[249,250,251,252,253,254,255,256,257],"hsb_allowed_user_roles","hsb_helpscout_form_id","hsb_helpscout_subdomain","hsb_beacon_options","hsb_beacon_icon","hsb_beacon_colour","hsb_hide_credits","hsb_beacon_intro","hsb_allow_attachments",[],[260],"hsb_settings",[]]