[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmE25DY-iXgfStIkHA01y0VdPuGcEBc64p0YBWPnCa6o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":122,"fingerprints":407},"wp-developer-assistant","WP Developer Assistant","1.0.3","Chris Jean","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrisjean\u002F","\u003Cp>\u003Cstrong>WP Developer Assistant\u003C\u002Fstrong> is a WordPress plugin developed by a WordPress developer for WordPress developers.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Have you ever needed to run a query when you didn’t have access to phpMyAdmin or SSH?\u003C\u002Fli>\n\u003Cli>Don’t you hate it when you need to upload a plugin, theme, or other file and don’t have FTP access?\u003C\u002Fli>\n\u003Cli>Have you ever wondered where that action or filter hook gets called?\u003C\u002Fli>\n\u003Cli>Want to enable errors while hiding them from everyone else?\u003C\u002Fli>\n\u003Cli>Wouldn’t it be great if you could output a full listing of PHP global variable values on each page so debugging would be easier?\u003C\u002Fli>\n\u003Cli>Ever wanted to modify one of those serialized options?\u003C\u002Fli>\n\u003Cli>Would you like to quickly see a full list of defined constants?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s thoughts like these that caused me to make this plugin. WP Developer Assistant is the first WordPress plugin of its kind. It essentially is a toolkit that makes life as a WordPress developer easier.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable enabling of PHP errors that only show for your user.\u003C\u002Fli>\n\u003Cli>Display values of PHP’s built-in global variables (_POST, _REQUEST, _FILE, _ENV, etc) on each page.\u003C\u002Fli>\n\u003Cli>Easily modify Options table values, including serialized data.\u003C\u002Fli>\n\u003Cli>View a full list of all the add_action, do_action, add_filter, and apply_filters function calls complete with information on function names, priorities, number of accepted arguments, source file name, and file line number.\u003C\u002Fli>\n\u003Cli>Quickly execute queries with the Run Query tool.\u003C\u002Fli>\n\u003Cli>Show phpinfo().\u003C\u002Fli>\n\u003Cli>View a comprehensive list of all the defined named constants, their current value, the declared value, the source file name of the definition, and the file line number of the definition.\u003C\u002Fli>\n\u003Cli>Quickly and easily upload files to any place inside your WordPress installation. The uploader will even automatically extract archives to the destination directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are many more features planned for this plugin. For more information about this plugin and its development, visit the \u003Ca href=\"http:\u002F\u002Fblog.realthemes.com\u002Fwp-developer-assistant\u002F\" title=\"wp developer assistant home page\" rel=\"nofollow ugc\">WP Developer Assistant Home Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP 4+\u003C\u002Fli>\n\u003Cli>WordPress 2.2+\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Version History\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>1.0.1 – 2008-06-26 – Initial release version\u003C\u002Fli>\n\u003Cli>1.0.2 – 2008-06-26 – Slight modification that required a new version\u003C\u002Fli>\n\u003Cli>1.0.3 – 2008-07-01 – Added support for PHP 4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Cp>For more information about this plugin and its development, visit the \u003Ca href=\"http:\u002F\u002Fblog.realthemes.com\u002Fwp-developer-assistant\u002F\" title=\"wp developer assistant home page\" rel=\"nofollow ugc\">WP Developer Assistant Home Page\u003C\u002Fa>.\u003C\u002Fp>\n","A plugin by a WordPress developer for WordPress developers.",30,9467,100,1,"2008-07-02T02:29:00.000Z","2.5.1","2.2","",[20,21,22],"debug","developer","development","http:\u002F\u002Fblog.realthemes.com\u002Fwp-developer-assistant\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-developer-assistant.1.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"chrisjean",4,70830,84,"2026-04-04T11:37:23.400Z",[37,56,74,90,107],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":54,"download_link":55,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"spatie-ray","Ray","1.7.10","freekmurze","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreekmurze\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fmyray.app\" rel=\"nofollow ugc\">Ray\u003C\u002Fa> is a beautiful, lightweight desktop app that helps you debug your app. There’s a \u003Ca href=\"https:\u002F\u002Fmyray.app\" rel=\"nofollow ugc\">free demo\u003C\u002Fa> available that can be unlocked with a \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fproducts\u002Fray\" rel=\"nofollow ugc\">license\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>After installing this plugin, you can use the \u003Ccode>ray()\u003C\u002Fcode> function to quickly dump stuff. Any variable(s) that you pass to \u003Ccode>ray()\u003C\u002Fcode> will be displayed.\u003C\u002Fp>\n\u003Cp>Here some examples:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ray('Hello world');\n\nray(['a' => 1, 'b' => 2])->color('red');\n\nray('multiple', 'arguments', 'are', 'welcome');\n\nray()->showQueries();\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>There are many other helper functions available on Ray that allow you to display things that can help you debug such as \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fdocs\u002Fray\u002Fv1\u002Fusage\u002Fframework-agnostic-php-project#measuring-performance-and-memory-usage\" rel=\"nofollow ugc\">runtime and memory usage\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fdocs\u002Fray\u002Fv1\u002Fusage\u002Fwordpress#showing-queries\" rel=\"nofollow ugc\">queries that were executed\u003C\u002Fa>, and much more.\u003C\u002Fp>\n\u003Ch3>Full Documentation\u003C\u002Fh3>\n\u003Cp>The extensive documentation can be found \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fdocs\u002Fray\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>It contains the \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fdocs\u002Fray\u002Fv1\u002Finstallation-in-your-project\u002Fwordpress\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa> for WordPress.\u003C\u002Fp>\n\u003Cp>After it is installed you can use any of the \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fdocs\u002Fray\u002Fv1\u002Fusage\u002Fframework-agnostic-php-project\" rel=\"nofollow ugc\">framework agnostic\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fspatie.be\u002Fdocs\u002Fray\u002Fv1\u002Fusage\u002Fwordpress\" rel=\"nofollow ugc\">WordPress specific functions\u003C\u002Fa>.\u003C\u002Fp>\n","Easily debug WordPress sites using Ray.",500,34993,10,"2025-12-10T09:18:00.000Z","6.8.5","5.5","8.0",[20,53,21,22],"debugging","https:\u002F\u002Fgithub.com\u002Fspatie\u002Fwordpress-ray","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspatie-ray.1.7.10.zip",{"slug":57,"name":58,"version":6,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":72,"download_link":73,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"asset-queue-manager","Asset Queue Manager","NateWr","https:\u002F\u002Fprofiles.wordpress.org\u002Fnatewr\u002F","\u003Cp>This tool allows you to monitor, dequeue and requeue scripts and styles that are enqueued on your site. It is designed for frontend performance engineers who want to view and manage all assets enqueued on any page and control the minification and concatenation themselves.\u003C\u002Fp>\n\u003Cp>For background, please read \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Fchriscoyier\u002F2074e17ce9ae5e6d537e\" rel=\"nofollow ugc\">Chris Coyier’s initial request\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Warning: This plugin makes it easy to break your site. Don’t use this unless you know what you’re doing.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>How to use\u003C\u002Fh4>\n\u003Cp>Once the plugin is activated, browse to any page on the front of your site. An Assets link will appear on the top right of the admin bar. Click that to view and manage all assets.\u003C\u002Fp>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cp>Development takes place on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNateWr\u002Fasset-queue-manager\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Patches welcome.\u003C\u002Fp>\n","A tool for experienced frontend performance engineers to take control over the scripts and styles enqueued on their site.",200,15840,94,14,"2016-03-10T10:16:00.000Z","4.4.34","4.0",[20,21,22,71],"tool","https:\u002F\u002Fgithub.com\u002FNateWr\u002Fasset-queue-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fasset-queue-manager.1.0.3.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":47,"downloaded":82,"rating":13,"num_ratings":14,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":88,"download_link":89,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"apermo-xdebug","Apermo Xdebug","1.2.2","Christoph Daum","https:\u002F\u002Fprofiles.wordpress.org\u002Fapermo\u002F","\u003Cp>This plugin helps you to read Xdebug messages inside the WordPress backend, without the need to adjust them everytime.\u003Cbr \u002F>\nIt simply indents the Xdebug messages, so that these are no longer partly hidden underneath the admin menu.\u003Cbr \u002F>\nAnd it will also give you links to directly search for the error message on Google or Stackoverflow.\u003C\u002Fp>\n\u003Cp>If you have issues or want to help \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapermo\u002Fapermo-xdebug\" rel=\"nofollow ugc\">head over to GitHub\u003C\u002Fa>!\u003C\u002Fp>\n","This plugin helps developers that use Xdebug.",2111,"2018-06-21T12:49:00.000Z","4.9.29","4.6.0",[87,20,53,21,22],"admin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fapermo-xdebug\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapermo-xdebug.1.2.2.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":47,"downloaded":98,"rating":26,"num_ratings":26,"last_updated":18,"tested_up_to":49,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":104,"download_link":105,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":106},"current-page-template-viewer","Current Page Template Viewer","1.1.0","Nagaoka Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fnagaokadesign\u002F","\u003Cp>This plugin helps WordPress developers by showing which template files are being used on the current page. It displays the current template file name and directory path in a convenient overlay, making it easy to identify which template is rendering the current page during development.\u003C\u002Fp>\n\u003Cp>The plugin shows a small, unobtrusive display that can be clicked to reveal detailed information about all template files loaded for the current page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Shows current template file name\u003Cbr \u002F>\n* Displays template directory path\u003Cbr \u002F>\n* Click to view all included template files\u003Cbr \u002F>\n* Configurable display position (top-left, top-right, bottom-left, bottom-right)\u003Cbr \u002F>\n* Customizable background and text colors\u003Cbr \u002F>\n* Admin-only display option for security\u003Cbr \u002F>\n* Debug mode option (only shows when WP_DEBUG is enabled)\u003Cbr \u002F>\n* Lightweight and performance-optimized\u003Cbr \u002F>\n* Clean, modern interface\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Theme developers\u003Cbr \u002F>\n* WordPress developers\u003Cbr \u002F>\n* Site debugging\u003Cbr \u002F>\n* Template hierarchy understanding\u003Cbr \u002F>\n* Development and staging environments\u003C\u002Fp>\n\u003Cp>The plugin is designed to be completely safe and non-intrusive, with options to restrict visibility to administrators only.\u003C\u002Fp>\n","Display current template file and directory name on screen for WordPress development.",319,"5.0","7.4",[20,21,22,102,103],"template","theme","https:\u002F\u002Fgithub.com\u002Fnagaoka-design\u002Fcurrent-page-template-viewer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcurrent-page-template-viewer.1.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":47,"downloaded":115,"rating":26,"num_ratings":26,"last_updated":18,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":120,"download_link":121,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":106},"tivwp-dm-development-manager","TIVWP-DM Development Manager","14.03.25","Gregory Karpinsky (@tivnet)","https:\u002F\u002Fprofiles.wordpress.org\u002Ftivnet\u002F","\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong> The current version of the TIVWP-DM plugin was released mostly for educational purposes.\u003C\u002Fp>\n\u003Cp>I appreciate your comments and ideas. Please see the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTIVWP\u002Ftivwp-dm\" rel=\"nofollow ugc\">TIVWP-DM Development Manager’s GitHub repo\u003C\u002Fa> for \u003Cstrong>additional files showing how to setup Travis-CI\u002FPHPUnit for automatic testing\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>TIVWP-DM Development Manager\u003C\u002Fstrong> is a plugin for WordPress developers. Its main features are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prompts to automatically install and activate popular development plugins from the WordPress repository\u003C\u002Fli>\n\u003Cli>Allows to activate \u002F deactivate those plugins in bulk – with a single admin menu click or automatically, according to the wp-config settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3rd Party Software Used\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthomasgriffin\u002FTGM-Plugin-Activation\" rel=\"nofollow ugc\">TGM-Plugin-Activation\u003C\u002Fa> by\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Thomas Griffin \u003Ca href=\"mailto:thomas@thomasgriffinmedia.com\" rel=\"nofollow ugc\">thomas@thomasgriffinmedia.com\u003C\u002Fa> and\u003C\u002Fli>\n\u003Cli>Gary Jones \u003Ca href=\"mailto:gamajo@gamajo.com\" rel=\"nofollow ugc\">gamajo@gamajo.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Install and manage development plugins",1592,"4.0.38","3.8",[20,53,21,22,119],"plugins","https:\u002F\u002Fgithub.com\u002FTIVWP\u002Ftivwp-dm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftivwp-dm-development-manager.zip",{"attackSurface":123,"codeSignals":143,"taintFlows":283,"riskAssessment":398,"analyzedAt":406},{"hooks":124,"ajaxHandlers":139,"restRoutes":140,"shortcodes":141,"cronEvents":142,"entryPointCount":26,"unprotectedCount":26},[125,131,135],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","plugins_loaded","init","wp-developer-assistant.php",144,{"type":126,"name":132,"callback":133,"file":129,"line":134},"admin_head","showSelectedMessages",163,{"type":126,"name":136,"callback":137,"file":129,"line":138},"admin_menu","addPages",165,[],[],[],[],{"dangerousFunctions":144,"sqlUsage":145,"outputEscaping":151,"fileOperations":280,"externalRequests":14,"nonceChecks":32,"capabilityChecks":281,"bundledLibraries":282},[],{"prepared":146,"raw":14,"locations":147},2,[148],{"file":129,"line":149,"context":150},368,"$wpdb->get_results() with variable interpolation",{"escaped":14,"rawEcho":152,"locations":153},73,[154,158,161,163,165,167,169,170,171,172,174,175,176,177,179,180,181,182,184,186,188,190,192,194,196,198,200,202,204,206,208,209,211,213,215,217,219,221,223,225,227,229,231,232,234,236,238,240,242,244,246,248,250,252,253,254,256,257,258,259,260,261,263,265,266,268,269,270,271,272,274,276,278],{"file":155,"line":156,"context":157},"pear\\File\\Archive\\Writer\\Output.php",86,"raw output",{"file":159,"line":160,"context":157},"pear\\PEAR.php",174,{"file":129,"line":162,"context":157},243,{"file":129,"line":164,"context":157},362,{"file":129,"line":166,"context":157},389,{"file":129,"line":168,"context":157},393,{"file":129,"line":168,"context":157},{"file":129,"line":168,"context":157},{"file":129,"line":168,"context":157},{"file":129,"line":173,"context":157},395,{"file":129,"line":173,"context":157},{"file":129,"line":173,"context":157},{"file":129,"line":173,"context":157},{"file":129,"line":178,"context":157},397,{"file":129,"line":178,"context":157},{"file":129,"line":178,"context":157},{"file":129,"line":178,"context":157},{"file":129,"line":183,"context":157},453,{"file":129,"line":185,"context":157},458,{"file":129,"line":187,"context":157},480,{"file":129,"line":189,"context":157},485,{"file":129,"line":191,"context":157},521,{"file":129,"line":193,"context":157},526,{"file":129,"line":195,"context":157},548,{"file":129,"line":197,"context":157},553,{"file":129,"line":199,"context":157},593,{"file":129,"line":201,"context":157},598,{"file":129,"line":203,"context":157},601,{"file":129,"line":205,"context":157},602,{"file":129,"line":207,"context":157},606,{"file":129,"line":207,"context":157},{"file":129,"line":210,"context":157},627,{"file":129,"line":212,"context":157},652,{"file":129,"line":214,"context":157},701,{"file":129,"line":216,"context":157},711,{"file":129,"line":218,"context":157},713,{"file":129,"line":220,"context":157},740,{"file":129,"line":222,"context":157},753,{"file":129,"line":224,"context":157},758,{"file":129,"line":226,"context":157},867,{"file":129,"line":228,"context":157},872,{"file":129,"line":230,"context":157},873,{"file":129,"line":230,"context":157},{"file":129,"line":233,"context":157},887,{"file":129,"line":235,"context":157},928,{"file":129,"line":237,"context":157},969,{"file":129,"line":239,"context":157},996,{"file":129,"line":241,"context":157},1002,{"file":129,"line":243,"context":157},1018,{"file":129,"line":245,"context":157},1022,{"file":129,"line":247,"context":157},1036,{"file":129,"line":249,"context":157},1040,{"file":129,"line":251,"context":157},1057,{"file":129,"line":251,"context":157},{"file":129,"line":251,"context":157},{"file":129,"line":255,"context":157},1058,{"file":129,"line":255,"context":157},{"file":129,"line":255,"context":157},{"file":129,"line":255,"context":157},{"file":129,"line":255,"context":157},{"file":129,"line":255,"context":157},{"file":129,"line":262,"context":157},1059,{"file":129,"line":264,"context":157},1068,{"file":129,"line":264,"context":157},{"file":129,"line":267,"context":157},1069,{"file":129,"line":267,"context":157},{"file":129,"line":267,"context":157},{"file":129,"line":267,"context":157},{"file":129,"line":267,"context":157},{"file":129,"line":273,"context":157},1070,{"file":129,"line":275,"context":157},1183,{"file":129,"line":277,"context":157},1444,{"file":129,"line":279,"context":157},1452,51,3,[],[284,317,380,389],{"entryPoint":285,"graph":286,"unsanitizedCount":32,"severity":316},"uploadsPage (wp-developer-assistant.php:772)",{"nodes":287,"edges":310},[288,293,297,302,305,308],{"id":289,"type":290,"label":291,"file":129,"line":292},"n0","source","$_POST (x2)",833,{"id":294,"type":295,"label":296,"file":129,"line":292},"n1","transform","→ showStatusMessage()",{"id":298,"type":299,"label":300,"file":129,"line":277,"wp_function":301},"n2","sink","echo() [XSS]","echo",{"id":303,"type":290,"label":291,"file":129,"line":304},"n3",845,{"id":306,"type":295,"label":307,"file":129,"line":304},"n4","→ showErrorMessage()",{"id":309,"type":299,"label":300,"file":129,"line":279,"wp_function":301},"n5",[311,313,314,315],{"from":289,"to":294,"sanitized":312},false,{"from":294,"to":298,"sanitized":312},{"from":303,"to":306,"sanitized":312},{"from":306,"to":309,"sanitized":312},"medium",{"entryPoint":318,"graph":319,"unsanitizedCount":379,"severity":316},"\u003Cwp-developer-assistant> (wp-developer-assistant.php:0)",{"nodes":320,"edges":366},[321,324,325,328,332,334,338,340,342,344,346,348,350,353,356,358,361,364],{"id":289,"type":290,"label":322,"file":129,"line":323},"$_POST (x16)",339,{"id":294,"type":299,"label":300,"file":129,"line":168,"wp_function":301},{"id":298,"type":290,"label":326,"file":129,"line":327},"$_POST (x3)",795,{"id":303,"type":299,"label":329,"file":129,"line":330,"wp_function":331},"file_get_contents() [SSRF\u002FLFI]",1308,"file_get_contents",{"id":306,"type":290,"label":333,"file":129,"line":327},"$_POST",{"id":309,"type":299,"label":335,"file":129,"line":336,"wp_function":337},"fopen() [File Access]",1552,"fopen",{"id":339,"type":290,"label":291,"file":129,"line":292},"n6",{"id":341,"type":295,"label":296,"file":129,"line":292},"n7",{"id":343,"type":299,"label":300,"file":129,"line":277,"wp_function":301},"n8",{"id":345,"type":290,"label":291,"file":129,"line":304},"n9",{"id":347,"type":295,"label":307,"file":129,"line":304},"n10",{"id":349,"type":299,"label":300,"file":129,"line":279,"wp_function":301},"n11",{"id":351,"type":290,"label":291,"file":129,"line":352},"n12",1318,{"id":354,"type":295,"label":355,"file":129,"line":352},"n13","→ findFilesWithMatch()",{"id":357,"type":299,"label":329,"file":129,"line":330,"wp_function":331},"n14",{"id":359,"type":290,"label":291,"file":129,"line":360},"n15",1517,{"id":362,"type":295,"label":363,"file":129,"line":360},"n16","→ writeFile()",{"id":365,"type":299,"label":335,"file":129,"line":336,"wp_function":337},"n17",[367,369,370,371,372,373,374,375,376,377,378],{"from":289,"to":294,"sanitized":368},true,{"from":298,"to":303,"sanitized":368},{"from":306,"to":309,"sanitized":368},{"from":339,"to":341,"sanitized":312},{"from":341,"to":343,"sanitized":312},{"from":345,"to":347,"sanitized":312},{"from":347,"to":349,"sanitized":312},{"from":351,"to":354,"sanitized":312},{"from":354,"to":357,"sanitized":312},{"from":359,"to":362,"sanitized":312},{"from":362,"to":365,"sanitized":312},8,{"entryPoint":381,"graph":382,"unsanitizedCount":26,"severity":388},"optionsPage (wp-developer-assistant.php:324)",{"nodes":383,"edges":386},[384,385],{"id":289,"type":290,"label":326,"file":129,"line":323},{"id":294,"type":299,"label":300,"file":129,"line":168,"wp_function":301},[387],{"from":289,"to":294,"sanitized":368},"low",{"entryPoint":390,"graph":391,"unsanitizedCount":26,"severity":388},"searchFiles (wp-developer-assistant.php:920)",{"nodes":392,"edges":396},[393,395],{"id":289,"type":290,"label":333,"file":129,"line":394},980,{"id":294,"type":299,"label":300,"file":129,"line":239,"wp_function":301},[397],{"from":289,"to":294,"sanitized":368},{"summary":399,"deductions":400},"The \"wp-developer-assistant\" v1.0.3 plugin exhibits a mixed security posture. On one hand, the absence of known CVEs and a lack of critical taint flows are positive indicators. The plugin also demonstrates some adherence to good security practices, with nonce and capability checks in place for a portion of its functionality. However, significant concerns arise from the static analysis of its code. The extremely low rate of properly escaped output (1%) presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data is likely to be rendered directly in the browser without proper sanitization. Furthermore, the presence of unsanitized paths in taint flows, even if not critical, suggests potential for local file inclusion or path traversal vulnerabilities if these flows are exposed externally.\n\nThe vulnerability history is clean, which is promising, but it does not negate the clear risks identified in the code. The limited number of SQL queries and external HTTP requests are minor strengths, but they are overshadowed by the output escaping deficiency. The plugin's attack surface appears small and protected from external access, but this analysis may not capture all potential interaction points. Overall, while the plugin has a clean CVE record, the severe lack of output escaping and the presence of unsanitized paths in taint flows indicate a high-risk profile that requires immediate attention and remediation.",[401,404],{"reason":402,"points":403},"Low rate of proper output escaping",15,{"reason":405,"points":47},"Unsanitized paths in taint flows","2026-03-16T22:36:03.235Z",{"wat":408,"direct":417},{"assetPaths":409,"generatorPatterns":412,"scriptPaths":413,"versionParams":414},[410,411],"\u002Fwp-content\u002Fplugins\u002Fwp-developer-assistant\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-developer-assistant\u002Fjs\u002Fscript.js",[],[411],[415,416],"wp-developer-assistant\u002Fcss\u002Fstyle.css?ver=","wp-developer-assistant\u002Fjs\u002Fscript.js?ver=",{"cssClasses":418,"htmlComments":420,"htmlAttributes":421,"restEndpoints":423,"jsGlobals":424,"shortcodeOutput":426},[419],"wpdeveloperassistant-settings-wrap",[],[422],"data-wpdeveloperassistant-menu-slug",[],[425],"window.WPDeveloperAssistant",[]]