[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZggEOtGnel0TVvTqP3jz0DMc0svooyUT1bAfg6xFR5Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":139,"fingerprints":291},"wp-dev-flag","WP Dev Flag","2.0.1","Poodle Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpoodleplugins\u002F","\u003Cp>This plugin makes it easy to distinguish between your local development site, and your live site.\u003Cbr \u002F>\nI created this because I often use a local duplicate of my live site, for development, with the same DB, and the same URL.\u003C\u002Fp>\n\u003Cp>I needed a quick & easy way of distinguishing between my live and development sites at a glance. This plugin acheives that in the simplest way possible.\u003C\u002Fp>\n\u003Cp>There are settings for colour, positioning and the text displayed on the badge. It is also possible to add a link onto the badge.\u003C\u002Fp>\n","Shows a floating badge on the front end, to visually distinguish your development site from production.",10,2426,100,3,"2025-01-27T08:30:00.000Z","6.7.5","3.0.1","5.6",[20,21,22,23,24],"banner","development","flag","localhost","production","https:\u002F\u002Fpoodleplugins.com\u002Fwp-dev-flag","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dev-flag.2.0.1.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"poodleplugins",5010,95,280,76,"2026-04-05T01:19:39.906Z",[40,58,79,99,120],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":13,"num_ratings":14,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":55,"download_link":56,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"dx-localhost","DX localhost","1.5","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cp>Display a notice when working on a localhost site on staging environment, based on your settings and adjustments\u003C\u002Fp>\n\u003Cp>Activate the plugin and see a yellow notice bar indicating that you’re working on localhost.\u003C\u002Fp>\n\u003Cp>Super helpful whenever you’re cloning a production website with virtual hosts using the same domain name, and are not sure which site are you editing. Visible both in the admin area, and the frontend to all site visitors.\u003C\u002Fp>\n","Display a yellow notice box when you're working on localhost",2899,"2019-11-15T11:32:00.000Z","5.2.24","3.1",[21,23,53,24,54],"notice","toolbar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdx-localhost\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-localhost.1.5.zip",85,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"display-environment-type","Display Environment Type","1.6.0","Stoil Dobreff","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdobreff\u002F","\u003Cp>WordPress 5.5 introduced a way to differentiate between environment types (development, staging, production). This plugin shows your site’s environment type in the admin bar and the dashboard “At a Glance” widget.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F07\u002F24\u002Fnew-wp_get_environment_type-function-in-wordpress-5-5\u002F\" rel=\"nofollow ugc\">More info about the feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To gain additional control — for example, setting the environment or other values from the WP admin (when \u003Ccode>wp-config.php\u003C\u002Fcode> is writable) — consider installing our other plugin \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Recommended Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa> — a powerful plugin for sites that need more insight into errors and runtime behavior. It includes a Cron manager, a Transient manager (database-backed), DB manager, Snippet manager, Mail manager, Plugin Version Switcher available from the Plugins page and many more.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays WordPress 5.5's environment type setting in the admin bar and the \"At a Glance\" dashboard widget.",1000,135115,4,"2025-12-19T15:09:00.000Z","6.9.4","5.5","7.4",[21,74,75,24,76],"dtap","environment","staging","https:\u002F\u002Froytanck.com\u002F2020\u002F08\u002F21\u002Fnew-wordpress-plugin-display-environment-type\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-environment-type.1.6.0.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":13,"num_ratings":89,"last_updated":90,"tested_up_to":70,"requires_at_least":91,"requires_php":72,"tags":92,"homepage":95,"download_link":96,"security_score":13,"vuln_count":97,"unpatched_count":28,"last_vuln_date":98,"fetched_at":30},"local-development","Local Development","2.11.0","Andy Fragen","https:\u002F\u002Fprofiles.wordpress.org\u002Fafragen\u002F","\u003Cp>Places development notice for plugins or themes that are in local development. Notices are placed on the plugins page and the themes page. Prevents updating of selected plugins and themes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically adds plugins and themes under version control.\u003C\u002Fli>\n\u003Cli>Automatically allows for using a local file server.\u003C\u002Fli>\n\u003Cli>Allows for bypassing the WordPress 5.2 WSOD Shutdown Handler.\u003C\u002Fli>\n\u003Cli>Add a warning color to admin bar when running under localhost. Default is on.\u003C\u002Fli>\n\u003Cli>Add a git host icon to the plugins page. Default is off. No option if GitHub Updater is running.\u003C\u002Fli>\n\u003Cli>Allows setting of \u003Ccode>WP_ENVIRONMENT_TYPE\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pull Requests are welcome against the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fafragen\u002Flocal-development\" rel=\"nofollow ugc\">develop branch on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Requires PHP 7.4 or greater.\u003C\u002Fp>\n","Places development notice for plugins or themes that are in local development. Prevents updating of selected plugins and themes.",90,9948,5,"2025-10-08T19:04:00.000Z","5.4",[21,23,93,94],"theme","upgrade","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flocal-development","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-development.2.11.0.zip",1,"2023-07-24 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":97,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":118,"download_link":119,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-ngrok","WP-ngrok","1.1.2","Theme.id","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeid\u002F","\u003Cp>Expose a WordPress local web server to the internet ngrok allows you to expose a web server running on your local machine to the internet.\u003Cbr \u002F>\nThis plugin works by hooking to the start and end of the page creation and capturing it into an output buffer, it then uses the URL from the database for a str_replace, stripping it out before sending back out to the shutdown hook. This means that I can share either the HTTP or HTTPS versions of the ngrok URLs.\u003C\u002Fp>\n\u003Ch3>How To Use\u003C\u002Fh3>\n\u003Ch3>Step One: Install ngrok\u003C\u002Fh3>\n\u003Cp>Download and install ngrok here  \u003Ca href=\"https:\u002F\u002Fngrok.com\u002Fdownload\" title=\"Download Ngrok\" rel=\"nofollow ugc\">https:\u002F\u002Fngrok.com\u002Fdownload\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Step Two: Install WP-NGROK\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload \u003Ccode>wp-ngrok.zip\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>\n\u003Cp>run command in your terminal\u003C\u002Fp>\n\u003Cp>~\u002Fngrok http -host-header=localdomain.test 8888\u003C\u002Fp>\n\u003Ch3>Step Three: Creating the localtunnel\u003C\u002Fh3>\n\u003Cp>Send through the host name of the site that we use locally as well as the port number and this will then direct the traffic to my local site. This works whether we had created it, or using something like MAMP Pro to set this up for me.\u003C\u002Fp>\n\u003Cp>~\u002Fngrok http -host-header=sitename.localhost 8888\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once ngrok is up and running I will be presented with the display that you can see below\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Session Status                online\nAccount                       Theme.id (Plan: Pro)\nVersion                       2.3.35\nRegion                        United States (us)\nWeb Interface                 http:\u002F\u002F127.0.0.1:4040\nForwarding                    http:\u002F\u002Fyourapp.ngrok.io -> http:\u002F\u002Flocalhost:8888\nForwarding                    https:\u002F\u002Fyourapp.ngrok.io -> http:\u002F\u002Flocalhost:8888\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Minimum Requirements\u003C\u002Fh4>\n\u003Cp>WordPress 5.0 or greater\u003Cbr \u002F>\nPHP version 5.6 or greater\u003Cbr \u002F>\nMySQL version 5.0 or greater\u003C\u002Fp>\n\u003Ch4>We recommend your host supports:\u003C\u002Fh4>\n\u003Cp>PHP version 7.0 or greater\u003Cbr \u002F>\nMySQL version 5.6 or greater\u003Cbr \u002F>\nWordPress Memory limit of 64 MB or greater (128 MB or higher is preferred)\u003C\u002Fp>\n\u003Ch3>Please ask in WordPress Support\u003C\u002Fh3>\n\u003Cp>Please to ask about this plugin\u003C\u002Fp>\n","Expose your local WordPress to the world. only work in your localhost",30,6194,60,"2022-12-04T07:25:00.000Z","6.1.10","5.0","8.0",[115,21,116,23,117],"debug","local-server","ngrok","https:\u002F\u002Ftheme.id","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ngrok.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":11,"downloaded":128,"rating":129,"num_ratings":89,"last_updated":130,"tested_up_to":131,"requires_at_least":51,"requires_php":132,"tags":133,"homepage":137,"download_link":138,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"eventsads-banner","Events Ads Banner","2.0.0","Fabio M.","https:\u002F\u002Fprofiles.wordpress.org\u002Ffabiettos\u002F","\u003Ch4>Description\u003C\u002Fh4>\n\u003Cp>This plugin creates one or more* customizable Banner for advertising, events, communications, etc.;\u003Cbr \u002F>\nYou can add images & videos* to the title, subtitle, description and links to the event\u003C\u002Fp>\n\u003Cp>The banner can be set open as default option in the home page, as well in the whole website,\u003Cbr \u002F>\nor as closed in the other pages of the website.\u003C\u002Fp>\n\u003Cp>You can pre-set publication time and removal for scheduled events*.\u003C\u002Fp>\n\u003Cp>You can manage simultaneously different banners*, giving them an order, or a rotation by ID priority\u003C\u002Fp>\n\u003Cp>This plugin supports multilinguage, is WPML compatible.\u003C\u002Fp>\n\u003Ch4>Banner Settings\u003C\u002Fh4>\n\u003Cp>It is possible to full-customize general settings (for all the banners) or individually for each banner*.\u003C\u002Fp>\n\u003Cp>It is possible to customize: text formatting, paragraph, background colors, window position*, orientation (vertical \u002F horizontal)* and banner size*, label form*.\u003C\u002Fp>\n\u003Ch4>Little Guide, Forum and much more\u003C\u002Fh4>\n\u003Cp>Click here for a little \u003Ca href=\"http:\u002F\u002Fdalet-group.com\u002Fen\u002F2015\u002F10\u002Fguide-events-ads-banner\u002F\" rel=\"nofollow ugc\">guide – “Events Ads Banner”\u003C\u002Fa> o\u003Cbr \u002F>\nper la versione italiana clicca su \u003Ca href=\"http:\u002F\u002Fdalet-group.com\u002F2015\u002F10\u002Fguida-events-ads-banner\" rel=\"nofollow ugc\">guida – “Events Ads Banner”\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdalet-group.com\u002Fen\" rel=\"nofollow ugc\">Dalet Group\u003C\u002Fa>\u002F\u003Ca href=\"http:\u002F\u002Fdalet-group.com\" rel=\"nofollow ugc\">Gruppo Dalet\u003C\u002Fa> here can view my works and for any question contact me on my personal forum:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdalet-group.com\u002Fen\u002Fforums\u002Fforum\u002Fevents-ads-banner\u002F\" rel=\"nofollow ugc\">“Events Ads Banner” Forum\u003C\u002Fa> \u002F\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fdalet-group.com\u002Fforums\u002Fforum\u002Fevents-ads-banner\u002F\" rel=\"nofollow ugc\">Forum “Events Ads Banner” – It\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Special Thanks\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.bitandbox.com\" rel=\"nofollow ugc\">BeB Digital Architecture\u003C\u002Fa> for providing graphics adjustments.\u003C\u002Fp>\n\u003Ch4>*\u003C\u002Fh4>\n\u003Cp>I’m working to do this.\u003C\u002Fp>\n","Banner designed for Advertising and Events(text,links,images and videos).Personalizzabile shape, position, color; supports multilingual and roles.",11601,68,"2017-06-13T19:57:00.000Z","4.4.34","",[134,20,135,22,136],"advertising","event","publicity","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feventsads-banner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feventsads-banner.zip",{"attackSurface":140,"codeSignals":178,"taintFlows":246,"riskAssessment":275,"analyzedAt":290},{"hooks":141,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":28,"unprotectedCount":28},[142,148,151,155,160,164,166,169],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_enqueue_scripts","enqueue_admin_styles","includes\\class-wp-dev-flag-core.php",36,{"type":143,"name":144,"callback":149,"file":146,"line":150},"enqueue_admin_scripts",37,{"type":143,"name":152,"callback":153,"file":146,"line":154},"wp_enqueue_scripts","enqueue_frontend_scripts",38,{"type":143,"name":156,"callback":157,"file":158,"line":159},"admin_menu","setup_plugin_options_menu","includes\\class-wp-dev-flag-settings.php",66,{"type":143,"name":161,"callback":162,"file":158,"line":163},"admin_init","initialize_trigger_options",67,{"type":143,"name":161,"callback":165,"file":158,"line":129},"initialize_display_options",{"type":143,"name":161,"callback":167,"file":158,"line":168},"initialize_link_options",69,{"type":143,"name":170,"callback":171,"file":172,"line":173},"plugins_loaded","wp_dev_flag_load_textdomain","wp-dev-flag.php",31,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":187,"outputEscaping":189,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":245},[180,185],{"fn":181,"file":182,"line":183,"context":184},"unserialize","admin\\class-wp-dev-flag-settings.php",81,"$this->stored_environment = ( get_option( 'wp_dev_flag_trigger_options' ) ) ? unserialize( get_optio",{"fn":181,"file":158,"line":186,"context":184},63,{"prepared":28,"raw":28,"locations":188},[],{"escaped":28,"rawEcho":190,"locations":191},26,[192,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243],{"file":182,"line":193,"context":194},208,"raw output",{"file":182,"line":196,"context":194},252,{"file":182,"line":198,"context":194},264,{"file":182,"line":200,"context":194},274,{"file":182,"line":202,"context":194},492,{"file":182,"line":204,"context":194},507,{"file":182,"line":206,"context":194},559,{"file":182,"line":208,"context":194},570,{"file":182,"line":210,"context":194},581,{"file":182,"line":212,"context":194},600,{"file":182,"line":214,"context":194},619,{"file":182,"line":216,"context":194},634,{"file":182,"line":218,"context":194},653,{"file":158,"line":220,"context":194},171,{"file":158,"line":222,"context":194},215,{"file":158,"line":224,"context":194},227,{"file":158,"line":226,"context":194},237,{"file":158,"line":228,"context":194},449,{"file":158,"line":230,"context":194},464,{"file":158,"line":232,"context":194},516,{"file":158,"line":234,"context":194},527,{"file":158,"line":236,"context":194},538,{"file":158,"line":238,"context":194},557,{"file":158,"line":240,"context":194},576,{"file":158,"line":242,"context":194},591,{"file":158,"line":244,"context":194},610,[],[247,266],{"entryPoint":248,"graph":249,"unsanitizedCount":264,"severity":265},"\u003Cclass-wp-dev-flag-settings> (admin\\class-wp-dev-flag-settings.php:0)",{"nodes":250,"edges":261},[251,256],{"id":252,"type":253,"label":254,"file":182,"line":255},"n0","source","$_SERVER (x6)",134,{"id":257,"type":258,"label":259,"file":182,"line":196,"wp_function":260},"n1","sink","echo() [XSS]","echo",[262],{"from":252,"to":257,"sanitized":263},false,6,"low",{"entryPoint":267,"graph":268,"unsanitizedCount":264,"severity":265},"\u003Cclass-wp-dev-flag-settings> (includes\\class-wp-dev-flag-settings.php:0)",{"nodes":269,"edges":273},[270,272],{"id":252,"type":253,"label":254,"file":158,"line":271},97,{"id":257,"type":258,"label":259,"file":158,"line":222,"wp_function":260},[274],{"from":252,"to":257,"sanitized":263},{"summary":276,"deductions":277},"The wp-dev-flag v2.0.1 plugin exhibits a mixed security posture.  On the positive side, it demonstrates strong adherence to modern SQL practices by exclusively using prepared statements, and it has no known CVEs, indicating a generally stable history.  However, significant concerns arise from its static analysis. The presence of two 'unserialize' calls is a critical red flag, as unserialization of untrusted data can lead to remote code execution vulnerabilities if not properly sanitized.  Furthermore, the complete lack of output escaping (0%) across all 26 output points is highly problematic, opening the door to cross-site scripting (XSS) vulnerabilities.  The taint analysis also reveals two flows with unsanitized paths, which, while not flagged as critical or high severity, combined with the unserialize functions, represent potential vectors for exploitation. The complete absence of nonce checks, capability checks, and any apparent authentication on its zero entry points is also noteworthy; while there are no entry points to protect currently, this lack of defensive coding practices in the broader sense is concerning. The plugin's history of zero vulnerabilities is encouraging, but the identified code signals point to significant, exploitable weaknesses that could lead to future issues if not addressed.",[278,281,284,286,288],{"reason":279,"points":280},"Unsanitized unserialize function found",15,{"reason":282,"points":283},"No output escaping found",8,{"reason":285,"points":89},"Taint flows with unsanitized paths",{"reason":287,"points":89},"No nonce checks",{"reason":289,"points":89},"No capability checks","2026-03-16T23:48:43.464Z",{"wat":292,"direct":303},{"assetPaths":293,"generatorPatterns":297,"scriptPaths":298,"versionParams":299},[294,295,296],"\u002Fwp-content\u002Fplugins\u002Fwp-dev-flag\u002Fcss\u002Fwp-dev-flag-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-dev-flag\u002Fjs\u002Fwp-dev-flag-admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-dev-flag\u002Fjs\u002Fwp-dev-flag-public.js",[],[295,296],[300,301,302],"wp-dev-flag\u002Fcss\u002Fwp-dev-flag-admin.css?ver=","wp-dev-flag\u002Fjs\u002Fwp-dev-flag-admin.js?ver=","wp-dev-flag\u002Fjs\u002Fwp-dev-flag-public.js?ver=",{"cssClasses":304,"htmlComments":305,"htmlAttributes":306,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":311},[4],[],[307],"data-wp-dev-flag-id",[],[310],"wp_dev_flag_options",[]]