[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fND_lKV3Mdm96AjqppTlbJx1mmmJK0PYvWR6nXS1hKoA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":146},"wp-developers-toolbox","WP Developer's Toolbox","1.0.1","James-Read","https:\u002F\u002Fprofiles.wordpress.org\u002Fjames-read-1\u002F","\u003Cp>This handy plugin speeds up some debugging actions; when developing web applications, websites and plugins with WordPress.\u003C\u002Fp>\n\u003Cp>For more information visit : https:\u002F\u002Freadwebtechnology.com\u002Fwp-developers-tool-box\u002F\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Toggle error reporting messages on and off from the dashboard and the WP Admin bar\u003C\u002Fli>\n\u003Cli>Hide and turn off error messages\u003C\u002Fli>\n\u003Cli>Toggle error logging on and off from the dashboard\u003C\u002Fli>\n\u003Cli>Display errors only to logged in Administrators\u003C\u002Fli>\n\u003Cli>Display errors only to visitors from a whitelisted IP address\u003C\u002Fli>\n\u003Cli>Quickly and safely rename the “\u002Fplugins” directory from the dashboard; to ascertain if the error is in a plugin, or not\u003C\u002Fli>\n\u003Cli>Toggle the WP Admin bar to display on or off, from the WP Admin bar and dashboard\u003C\u002Fli>\n\u003Cli>Show System information using phpinfo\u003C\u002Fli>\n\u003Cli>Quickly export the active database, with a conditional drop statement; to a .htaccess protected directory\u003C\u002Fli>\n\u003C\u002Ful>\n","\"Great for turning DEBUG mode on and off - quickly!\" * Hide or show error notifications - globally or conditionally!",10,1473,0,"2016-05-05T21:48:00.000Z","4.5.33","3.0.1","",[19],"developer-tools-error-logging-hide-errors-system-info-php-export-database","https:\u002F\u002Freadwebtechnology.com\u002Fwp-developers-tool-box\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-developers-toolbox.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"james-read-1",2,20,93,30,89,"2026-04-04T16:24:18.721Z",[],{"attackSurface":36,"codeSignals":70,"taintFlows":135,"riskAssessment":136,"analyzedAt":145},{"hooks":37,"ajaxHandlers":66,"restRoutes":67,"shortcodes":68,"cronEvents":69,"entryPointCount":13,"unprotectedCount":13},[38,44,47,49,52,55,58,61,63],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","plugins_loaded","anonymous","includes\\class-wp-developers-toolbox.php",148,{"type":39,"name":45,"callback":41,"file":42,"line":46},"admin_enqueue_scripts",163,{"type":39,"name":45,"callback":41,"file":42,"line":48},164,{"type":39,"name":50,"callback":41,"file":42,"line":51},"admin_menu",165,{"type":39,"name":53,"callback":41,"file":42,"line":54},"admin_bar_menu",166,{"type":39,"name":56,"callback":41,"file":42,"line":57},"admin_init",167,{"type":39,"name":59,"callback":41,"file":42,"line":60},"wp_enqueue_scripts",181,{"type":39,"name":59,"callback":41,"file":42,"line":62},182,{"type":39,"name":64,"callback":41,"file":42,"line":65},"after_setup_theme",183,[],[],[],[],{"dangerousFunctions":71,"sqlUsage":72,"outputEscaping":81,"fileOperations":133,"externalRequests":13,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":134},[],{"prepared":73,"raw":28,"locations":74},1,[75,78],{"file":76,"line":31,"context":77},"includes\\db-backup.php","$wpdb->get_row() with variable interpolation",{"file":76,"line":79,"context":80},34,"$wpdb->get_results() with variable interpolation",{"escaped":82,"rawEcho":83,"locations":84},11,26,[85,88,90,91,93,95,96,98,100,101,103,105,106,108,110,112,113,114,116,118,120,123,125,127,129,131],{"file":86,"line":57,"context":87},"admin\\class-wp-developers-toolbox-admin.php","raw output",{"file":86,"line":89,"context":87},180,{"file":86,"line":89,"context":87},{"file":86,"line":92,"context":87},185,{"file":86,"line":94,"context":87},202,{"file":86,"line":94,"context":87},{"file":86,"line":97,"context":87},207,{"file":86,"line":99,"context":87},224,{"file":86,"line":99,"context":87},{"file":86,"line":102,"context":87},229,{"file":86,"line":104,"context":87},246,{"file":86,"line":104,"context":87},{"file":86,"line":107,"context":87},251,{"file":86,"line":109,"context":87},269,{"file":86,"line":111,"context":87},271,{"file":86,"line":111,"context":87},{"file":86,"line":111,"context":87},{"file":86,"line":115,"context":87},412,{"file":86,"line":117,"context":87},420,{"file":86,"line":119,"context":87},431,{"file":121,"line":122,"context":87},"admin\\partials\\wp-developers-toolbox-admin-display.php",40,{"file":121,"line":124,"context":87},58,{"file":121,"line":126,"context":87},60,{"file":76,"line":128,"context":87},64,{"file":76,"line":130,"context":87},72,{"file":132,"line":11,"context":87},"includes\\rename-plugins-dir.php",12,[],[],{"summary":137,"deductions":138},"The \"wp-developers-toolbox\" v1.0.1 plugin exhibits a generally good security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points suggests a limited attack surface. Furthermore, the lack of identified dangerous functions, critical or high-severity taint flows, and any recorded vulnerabilities (CVEs) are positive indicators. The presence of nonces and capability checks, although minimal, also points towards some attention to security best practices.\n\nHowever, there are areas for concern within the code. A significant portion of SQL queries (67%) are not using prepared statements, which presents a risk of SQL injection vulnerabilities. Similarly, a substantial number of output operations (70%) are not properly escaped, creating potential for cross-site scripting (XSS) attacks. The plugin also performs a notable number of file operations (12), which, without proper sanitization, could lead to insecure file handling. While no vulnerabilities are currently recorded, the codebase's reliance on raw SQL and unescaped output indicates potential weaknesses that could be exploited if vulnerabilities are introduced in future updates or if specific attack vectors are targeted.\n\nIn conclusion, the plugin has a strong foundation with a small attack surface and no known historical vulnerabilities. However, the high percentage of unescaped output and raw SQL queries are significant security weaknesses that warrant attention. These issues, while not leading to critical or high severity findings in this static analysis, represent potential vulnerabilities that could be exploited. Addressing these code-level concerns will further strengthen the plugin's security.",[139,142],{"reason":140,"points":141},"SQL queries not using prepared statements (67%)",8,{"reason":143,"points":144},"Output not properly escaped (70%)",6,"2026-03-17T00:02:56.233Z",{"wat":147,"direct":156},{"assetPaths":148,"generatorPatterns":151,"scriptPaths":152,"versionParams":153},[149,150],"\u002Fwp-content\u002Fplugins\u002Fwp-developers-toolbox\u002Fadmin\u002Fcss\u002Fwp-developers-toolbox-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-developers-toolbox\u002Fadmin\u002Fjs\u002Fwp-developers-toolbox-admin.js",[],[150],[154,155],"wp-developers-toolbox-admin.css?ver=","wp-developers-toolbox-admin.js?ver=",{"cssClasses":157,"htmlComments":158,"htmlAttributes":159,"restEndpoints":160,"jsGlobals":161,"shortcodeOutput":162},[],[],[],[],[],[]]