[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSP2Xu24Z_8dLu9HX9lnr1096D6IMz13RQ3U4jL9oYgY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":66,"analysis":169,"fingerprints":727},"wp-discourse","WP Discourse","2.6.1","scossar","https:\u002F\u002Fprofiles.wordpress.org\u002Fscossar\u002F","\u003Cp>The WP Discourse plugin acts as an interface between your WordPress site and your\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.discourse.org\u002F\" rel=\"nofollow ugc\">Discourse\u003C\u002Fa> community.\u003C\u002Fp>\n\u003Ch3>Use Discourse for comments:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically creates a forum topic for discussion when a new blog post is published.\u003C\u002Fli>\n\u003Cli>Associates WP author accounts with their respective Discourse accounts. Does not require DiscourseConnect.\u003C\u002Fli>\n\u003Cli>Replies from the forum discussion can be embedded in the WP blog post. Select which replies to display\u003Cbr \u002F>\nbased on post score and commenter “trust level” — see docs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>See it live\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.discourse.org\u002F\" rel=\"nofollow ugc\">blog.discourse.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fboingboing.net\u002F\" rel=\"nofollow ugc\">boingboing.net\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>DiscourseConnect\u003C\u002Fh3>\n\u003Cp>The plugin also comes with optional DiscourseConnect functionality which lets you use your WordPress site as the\u003Cbr \u002F>\nDiscourseConnect provider for your Discourse forum.\u003C\u002Fp>\n\u003Cp>This will override Discourse’s native (and powerful) login flow and is only recommended for use cases\u003Cbr \u002F>\nthat strictly require such a setup, e.g. a site that is already using WordPress for large scale user management.\u003C\u002Fp>\n\u003Ch3>Authentication from Discourse to WordPress\u003C\u002Fh3>\n\u003Cp>The plugin allows you to use Discourse as an authentication provider for your WordPress site.\u003C\u002Fp>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>The WP Discourse plugin requires PHP version 5.4.0 and greater. If >=PHP-5.4.0 is not available, the plugin installation\u003Cbr \u002F>\nwill fail.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>The plugin is being developed by \u003Ca href=\"https:\u002F\u002Fmeta.discourse.org\u002Fu\u002FSimon_Cossar\u002Fsummary\" rel=\"nofollow ugc\">Simon Cossar\u003C\u002Fa> on behalf of the Discourse team.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bug reports and other developer inquiries should be directed at our GitHub Issues:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse\u002Fissues\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Please post support requests to our \u003Ca href=\"https:\u002F\u002Fmeta.discourse.org\u002Fc\u002Fsupport\u002Fwordpress\" rel=\"nofollow ugc\">dedicated support forum\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to use Discourse as a community engine for your WordPress website. The plugin is not a substitute for Disqus type commenting sy &hellip;",1000,124484,90,8,"2026-01-29T20:10:00.000Z","6.9.0","5.1","5.6",[20,21,22,23],"comments","discourse","forum","sso","https:\u002F\u002Fgithub.com\u002Fdiscourse\u002Fwp-discourse","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-discourse.2.6.1.zip",98,2,0,"2025-10-31 16:59:07","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-11983","wp-discourse-authenticated-author-information-exposure","WP Discourse \u003C= 2.5.9 - Authenticated (Author+) Information Exposure","The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified in a post's discourse_permalink custom field during comment synchronization. This makes it possible for authenticated attackers, with author-level access and above, to exfiltrate sensitive Discourse API credentials to attacker-controlled servers, as well as query internal services and potentially perform further attacks.",null,"\u003C=2.5.9","2.6.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2025-11-01 05:40:23",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6b1524f3-1c59-49a1-bbe3-94dcfd232b1d?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-35168","wp-discourse-missing-authorization","WP Discourse \u003C= 2.5.1 - Missing Authorization","The WP Discourse plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.","\u003C=2.5.1","2.5.2","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-05-10 00:00:00","2024-05-15 19:59:49",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcfb87c87-f9dc-4f26-93f5-10d6bf6c822b?source=api-prod",6,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":63,"trust_score":64,"computed_at":65},4,99,"2026-04-04T15:19:36.622Z",[67,86,108,128,149],{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":61,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":81,"tags":82,"homepage":83,"download_link":84,"security_score":85,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"pt-wp-discourse-sso","PrimeTime WordPress + Discourse SSO","0.2.3","etcio","https:\u002F\u002Fprofiles.wordpress.org\u002Fetcio\u002F","\u003Cp>Discourse is a fantastic new forum that can add another layer to your WordPress community. This plugin allows you to create a fluid experience by using your WordPress installation as the authentication server, creating a single-sign-on (SSO) for your users!\u003C\u002Fp>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The Discourse option “Staff must approve all new user accounts before they are allowed to access the site.” needs to be disabled for this to work properly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Seamless integration into almost any WordPress installation.\u003C\u002Fli>\n\u003Cli>Get setup within minutes through 3 easy steps. Anyone can do it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Coming Soon:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Only allow access with certain capabilities or roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Request processing adapted from Adam Capirola : https:\u002F\u002Fgist.github.com\u002Fadamcapriola\u002F11300529\u003C\u002Fli>\n\u003Cli>SSO methods adapted from ArmedGuy : https:\u002F\u002Fgithub.com\u002FArmedGuy\u002Fdiscourse_sso_php\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin provides single sign-on capabilities for Discourse using WordPress user authentication.",10,6411,100,"2015-05-04T20:03:00.000Z","4.2.39","3.6","",[21,22,23],"http:\u002F\u002Fetc.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpt-wp-discourse-sso.0.2.3.zip",85,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":77,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":106,"download_link":107,"security_score":77,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"la-sentinelle-antispam","La Sentinelle antispam","4.1.0","Marcel Pol","https:\u002F\u002Fprofiles.wordpress.org\u002Fmpol\u002F","\u003Cp>Feel safe knowing that your website is safe from spam. La Sentinelle will guard your WordPress website against spam in a simple and effective way.\u003Cbr \u002F>\nIt has antispam filters for comment forms and registration forms and can be extended to support plugins.\u003Cbr \u002F>\nThe default settings should catch most spambots, and there is a settingspage to set it up according to your wishes.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>3 antispam features; Honeypot, Nonce, Form Timeout.\u003C\u002Fli>\n\u003Cli>These 3 spamfilters depend on JavaScript on the frontend.\u003C\u002Fli>\n\u003Cli>1 antispam feature; \u003Ca href=\"https:\u002F\u002Fwww.stopforumspam.com\" rel=\"nofollow ugc\">Stop Forum Spam\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Settingspage to set things up according to your wishes.\u003C\u002Fli>\n\u003Cli>Transparent to the visitor, no nagging with Captcha’s or other annoying things.\u003C\u002Fli>\n\u003Cli>By default no use of third-party services and no tracking of visitors.\u003C\u002Fli>\n\u003Cli>Lightweight and simple code.\u003C\u002Fli>\n\u003Cli>Logging for WordPress Comments and which spamfilter marked it as spam.\u003C\u002Fli>\n\u003Cli>Logging for Custom forms and which spamfilter marked it as spam.\u003C\u002Fli>\n\u003Cli>Statistics for every form how many spam submissions were blocked.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WordPress forms that are protected:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Comments form.\u003C\u002Fli>\n\u003Cli>WordPress Login form.\u003C\u002Fli>\n\u003Cli>WordPress Register form.\u003C\u002Fli>\n\u003Cli>WordPress Lost Password form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Form Plugins that are protected:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcaldera-forms\u002F\" rel=\"ugc\">Caldera Forms\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclean-login\u002F\" rel=\"ugc\">Clean Login\u003C\u002Fa> (Login form).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-digital-downloads\u002F\" rel=\"ugc\">Easy Digital Downloads\u003C\u002Fa> (Login form, Register form).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feverest-forms\u002F\" rel=\"ugc\">Everest Forms\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" rel=\"ugc\">Formidable Form Builder\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fforminator\u002F\" rel=\"ugc\">Forminator\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnewsletter-optin-box\u002F\" rel=\"ugc\">Newsletter Optin Box plugin (noptin)\u003C\u002Fa> (standalone forms).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">Ultimate Member\u003C\u002Fa> (Login form, Register form and Lost Password form).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa> (Login form, Lost Password form).\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms Lite\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-job-manager\u002F\" rel=\"ugc\">WP Job Manager plugin\u003C\u002Fa> (submit job form when registering is enabled).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have a problem or a feature request, please post it on the plugin’s support forum on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fla-sentinelle-antispam\" rel=\"ugc\">wordpress.org\u003C\u002Fa>. I will do my best to respond as soon as possible.\u003C\u002Fp>\n\u003Cp>If you send me an email, I will not reply. Please use the support forum.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Translations can be added very easily through \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fla-sentinelle-antispam\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>.\u003Cbr \u002F>\nYou can start translating strings there for your locale. They need to be validated though, so if there’s no validator yet, and you want to apply for being validator (PTE), please post it on the support forum.\u003Cbr \u002F>\nI will make a request on make\u002Fpolyglots to have you added as validator for this plugin\u002Flocale.\u003C\u002Fp>\n\u003Ch4>How to choose an antispam plugin\u003C\u002Fh4>\n\u003Cp>When you look through the WordPress Plugin Repository you will see more than a hundred antispam plugins.\u003Cbr \u002F>\nWhich one is the best one? Short answer, there is no “best one”. No spamfilter and no method for spamfiltering is perfect.\u003Cbr \u002F>\nSlightly longer answer, you could try about twenty and choose the one that fits your needs best.\u003C\u002Fp>\n\u003Cp>But there is also a really long answer.\u003Cbr \u002F>\nThere are different methods that can be used against spam, and every method has its drawbacks.\u003Cbr \u002F>\nIn my opinion, having a low number of false positives is more important than perfectly marking all spam, you don’t want to miss out on important people or information. Nagging the user in some way has a similar effect, the user might not even want to bother with that and just walk away.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Third party services: Services like Akismet, OOPSpam, Stop Forum Spam and also reCAPTCHA offer third party services to check for spam. This can be very effective, but you are giving user submitted data away to these third parties and are also giving your users up for tracking them.\u003C\u002Fli>\n\u003Cli>Captcha’s, reCAPTCHA and Quizz Questions: You are annoying your users and probably sending some of them away. This especially counts for reCAPTCHA for visitors who have third party cookies disabled.\u003C\u002Fli>\n\u003Cli>Blacklists: Often running behind the facts. That goes for the way of getting users off that list, and also in getting users on that list.\u003C\u002Fli>\n\u003Cli>Referer check: check if the Referer header is set correctly. You can never trust it is set correctly. Modern browsers are limiting the use of Referers, though for now that is mostly for third-party domains.\u003C\u002Fli>\n\u003Cli>JavaScript methods: Spammers often (always?) don’t use JavaScript, they just post the form with spammy data. Drawback for this method is that statistics say that about 1 percent of users has JavaScript disabled. Also, some websites have broken JavaScript, which might make the spamfilter break as well.\u003C\u002Fli>\n\u003Cli>Activation email for registering users. Users only get activated after clicking a link in an activation email. You still have all the non-activated users in your site however.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You could have a bright idea about combining several methods, but then you get the drawbacks of all the methods you use.\u003C\u002Fp>\n\u003Cp>Another complication of choosing a good plugin is that most antispam plugins don’t tell you what methods they use. The documentation doesn’t tell you, and looking at the source code just leaves you confused at the chaos that it often is.\u003C\u002Fp>\n\u003Cp>My main motivation for writing this plugin is to offer a plugin that does spamfiltering with JavaScript methods in a simple and effective way.\u003Cbr \u002F>\nThe claimed 1 percent of users that has JavaScript disabled will also be tech-savy enough to enable it again for your website.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin is compatible with \u003Ca href=\"https:\u002F\u002Fwww.classicpress.net\" rel=\"nofollow ugc\">ClassicPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>This plugin is also available in \u003Ca href=\"https:\u002F\u002Fcodeberg.org\u002Fcyclotouriste\u002Fla-sentinelle-antispam\" rel=\"nofollow ugc\">Codeberg\u003C\u002Fa>.\u003C\u002Fp>\n","Feel safe knowing that your website is safe from spam. La Sentinelle will guard your WordPress website against spam in a simple and effective way.",3000,49712,20,"2026-01-20T09:48:00.000Z","6.9.4","4.1","7.0",[102,103,20,104,105],"anti-spam","antispam","registration","stop-forum-spam","https:\u002F\u002Ftimelord.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fla-sentinelle-antispam.4.1.0.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":98,"requires_at_least":81,"requires_php":81,"tags":121,"homepage":125,"download_link":126,"security_score":77,"vuln_count":47,"unpatched_count":28,"last_vuln_date":127,"fetched_at":30},"bbpress-post-topics","Post Comments as bbPress Topics","2.2.9","Robin W","https:\u002F\u002Fprofiles.wordpress.org\u002Frobin-w\u002F","\u003Cp>Adds an option to the Discussion meta box to use a bbPress topic instead of WordPress comments, and displays that topic beneath the post on your site.\u003C\u002Fp>\n\u003Cp>You can let the plugin create a new topic for you in the forum of your choice, or specify an existing topic to attach to the post.\u003Cbr \u002F>\nA topic can be attached to as many posts as you’d like, but only one topic can currently be attached to a post.\u003C\u002Fp>\n","Replace the comments on your WordPress blog posts with topics from an integrated bbPress install",300,36232,86,18,"2025-12-05T16:23:00.000Z",[122,20,123,22,124],"bbpress","discussion","topic","http:\u002F\u002Fwww.rewweb.co.uk\u002Fbbp-topics-for-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress-post-topics.2.2.9.zip","2022-06-22 00:00:00",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":138,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":81,"tags":143,"homepage":147,"download_link":148,"security_score":85,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"muut","Muut – Commenting and Forums Re-Imagined","3.0.6","Paul","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaulhughes01\u002F","\u003Cp>Muut represents a complete re-imagination of what internet discussion forums and commenting should be. It’s a modern, fast, highly scalable discussion platform that you can embed onto your WordPress website, and personalize with css to match the design of your site.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FhuOjL8t-q_0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Starting at just $16 a month, you have a discussion platform that offers unlimited posts, comments, users, threads — and we never charge you based on usage. That means you’ll never be punished by having to pay more for a successful community.\u003C\u002Fp>\n\u003Cp>Whether you’re setting up for the first time or have just updated to the new version of the plugin, you’re going to love what we’ve done to make implementing Muut in your WordPress website easy and flexible.\u003C\u002Fp>\n\u003Ch4>Why Muut?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Unified system for both forums and commenting. Same users and design\u003C\u002Fli>\n\u003Cli>Full featured forums makes your WordPress site conversational\u003C\u002Fli>\n\u003Cli>Flat or threaded commenting for small or big topics\u003C\u002Fli>\n\u003Cli>Real-time. No page reloads – posts, replies, likes and users appear in real-time\u003C\u002Fli>\n\u003Cli>Spam filtering, email notifications and 20+ different language versions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built For WordPress\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Skinnable style the discussion directly from the WordPress CSS editor\u003C\u002Fli>\n\u003Cli>Focus on content. Text focused, uncluttered and linear user interface\u003C\u002Fli>\n\u003Cli>Comes with five widgets, all of which update in real-time \u003C\u002Fli>\n\u003Cli>Single Sign-On. Use the WordPress login, users and avatars\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Optimized for SEO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Micro format optimized static content\u003C\u002Fli>\n\u003Cli>Static content served from your domain\u003C\u002Fli>\n\u003Cli>Custom S3 bucket support for Developer accounts\u003C\u002Fli>\n\u003Cli>Escaped fragment support for Google\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>New! Widget Details\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cem>Online Users\u003C\u002Fem> – Now the Online Users list isn’t limited to just your main forum page and channel embeds. You can use the Online Users widget on any of your pages to show who is currently logged in (and how many other people are viewing the site). Watch users’ portraits appear on the fly as they sign in to join the discussion.\u003C\u002Fli>\n\u003Cli>\u003Cem>Latest Comments\u003C\u002Fem> – Since Muut is so great to use as the commenting system on your posts and pages, the Latest Comments widget keeps track of which posts have received the latest comments and who made them, and all the users on your website can see it update in real-time as they participate in the discussions on all your posts.\u003C\u002Fli>\n\u003Cli>\u003Cem>Trending Topics\u003C\u002Fem> – If you want to help users stay on top of which posts are getting the most activity on your forum, the Trending Posts widget does just that, with real-time updates to comments and likes—not to mention the trademark Muut green “currently typing” circle.\u003C\u002Fli>\n\u003Cli>\u003Cem>Discussion Channel\u003C\u002Fem> – You can now embed a single specific channel in your website’s sidebar. Users can watch and join the discussion without having to stop browsing the rest of your website.\u003C\u002Fli>\n\u003Cli>\u003Cem>My Feed\u003C\u002Fem> – By using the My Feed widget, users can keep track of all the activity on all the discussions they’ve joined and postes they’ve made right in your website’s sidebars.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can find more information about Muut at our \u003Ca href=\"https:\u002F\u002Fmuut.com\" rel=\"nofollow ugc\">website\u003C\u002Fa> and read the full \u003Ca href=\"http:\u002F\u002Flearn.muut.com\u002Fintegrations\u002Fwordpress\u002Fgetting-started\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa>. For more information about why we do what we do, check out our \u003Ca href=\"https:\u002F\u002Fmuut.com\u002Fmanifesto\u002F\" rel=\"nofollow ugc\">Manifesto\u003C\u002Fa> and see our \u003Ca href=\"https:\u002F\u002Fmuut.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">pricing page\u003C\u002Fa> for details on the features available on your Muut subscription.\u003C\u002Fp>\n","Muut represents a complete re-imagination of what internet discussion forums and commenting should be. It’s a modern, fast, highly scalable discussion &hellip;",50,32400,78,19,"2015-11-02T02:26:00.000Z","4.8.0","3.7",[144,20,22,145,146],"commenting","realtime","social","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmuut\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmuut.3.0.6.zip",{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":75,"downloaded":157,"rating":28,"num_ratings":28,"last_updated":158,"tested_up_to":159,"requires_at_least":160,"requires_php":81,"tags":161,"homepage":167,"download_link":168,"security_score":85,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bainternet-user-ranks","Bainternet User Ranks","1.5.2","Bainternet","https:\u002F\u002Fprofiles.wordpress.org\u002Fbainternet\u002F","\u003Cp>Create and display user rank titles based on there post count, comment count or both.\u003C\u002Fp>\n\u003Cp>This is aimed at multi Author,User blogs which you can create rank levels in your blog based on author post count, comment count or both. Its ranking system similar to a forum.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add as many Titles as you want and the minimum point to reach that Title.\u003C\u002Fli>\n\u003Cli>Set the point count for each post.\u003C\u002Fli>\n\u003Cli>Set the point count for each comment.\u003C\u002Fli>\n\u003Cli>Display Title, points or both.\u003C\u002Fli>\n\u003Cli>Insert automagicaly.(NEW)\u003C\u002Fli>\n\u003Cli>User rank ShortCode.(NEW)\u003C\u002Fli>\n\u003Cli>Get top Ranked ShortCode.(NEW)\u003C\u002Fli>\n\u003Cli>Get top Ranked Template Tag.(NEW)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>any feedback or suggestions are welcome.\u003C\u002Fp>\n\u003Cp>check out my \u003Ca href=\"http:\u002F\u002Fen.bainternet.info\u002Fcategory\u002Fplugins\" rel=\"nofollow ugc\">other plugins\u003C\u002Fa>\u003C\u002Fp>\n","Create and display user rank titles based on there post count, comment count or both.",7552,"2016-12-13T13:52:00.000Z","4.7.0","2.9.2",[162,163,164,165,166],"forum-like-ranking","post-and-comments-ranking","user-karma","user-ranking","user-titles","http:\u002F\u002Fwww.bainternet.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbainternet-user-ranks.1.5.2.zip",{"attackSurface":170,"codeSignals":664,"taintFlows":681,"riskAssessment":710,"analyzedAt":726},{"hooks":171,"ajaxHandlers":608,"restRoutes":623,"shortcodes":660,"cronEvents":661,"entryPointCount":662,"unprotectedCount":663},[172,178,183,187,192,195,199,202,206,209,212,215,219,222,225,228,231,234,237,240,244,248,251,255,259,263,267,270,272,277,281,285,288,292,295,298,302,305,308,310,312,315,318,321,325,329,332,336,339,342,345,348,351,355,358,362,365,368,371,374,377,381,385,389,393,397,401,405,409,412,415,418,421,424,427,430,433,436,439,442,445,448,451,454,457,460,463,466,469,473,477,481,484,488,491,495,498,502,505,508,512,515,518,522,526,529,532,535,538,541,544,547,550,553,556,559,562,565,568,571,574,578,582,586,588,592,594,598,601,604],{"type":173,"name":174,"callback":175,"file":176,"line":177},"action","admin_menu","add_menu_pages","admin\\admin-menu.php",41,{"type":173,"name":179,"callback":180,"file":181,"line":182},"admin_notices","set_admin_notices","admin\\admin-notice.php",30,{"type":173,"name":184,"callback":185,"file":181,"line":186},"admin_init","setup_options",31,{"type":173,"name":188,"callback":189,"file":190,"line":191},"admin_enqueue_scripts","anonymous","admin\\admin.php",47,{"type":173,"name":193,"callback":189,"file":190,"line":194},"admin_print_scripts",49,{"type":173,"name":184,"callback":196,"file":197,"line":198},"register_comment_settings","admin\\comment-settings.php",42,{"type":173,"name":184,"callback":200,"file":201,"line":198},"register_text_settings","admin\\configurable-text-settings.php",{"type":173,"name":203,"callback":204,"file":201,"line":205},"wpdc_options_page_after_form","reset_options_form",43,{"type":173,"name":184,"callback":207,"file":208,"line":136},"register_connection_settings","admin\\connection-settings.php",{"type":173,"name":210,"callback":185,"file":211,"line":198},"init","admin\\discourse-sidebar\\discourse-sidebar.php",{"type":173,"name":213,"callback":214,"file":211,"line":205},"rest_api_init","register_sidebar_routes",{"type":173,"name":216,"callback":217,"file":211,"line":218},"enqueue_block_editor_assets","enqueue_scripts",44,{"type":173,"name":184,"callback":185,"file":220,"line":221},"admin\\form-helper.php",51,{"type":173,"name":179,"callback":223,"file":220,"line":224},"disconnected",337,{"type":173,"name":179,"callback":226,"file":220,"line":227},"connected",339,{"type":173,"name":179,"callback":229,"file":220,"line":230},"no_matching_discourse_user",348,{"type":173,"name":184,"callback":185,"file":232,"line":233},"admin\\log-viewer.php",80,{"type":173,"name":184,"callback":235,"file":232,"line":236},"setup_log_viewer",81,{"type":173,"name":184,"callback":185,"file":238,"line":239},"admin\\meta-box.php",38,{"type":173,"name":241,"callback":242,"file":238,"line":243},"add_meta_boxes","add_meta_box",39,{"type":173,"name":245,"callback":246,"priority":75,"file":238,"line":247},"save_post","save_meta_box",40,{"type":173,"name":249,"callback":250,"file":238,"line":177},"auto-draft_to_draft","check_for_quickdrafts",{"type":173,"name":184,"callback":252,"file":253,"line":254},"setup","admin\\network-options.php",24,{"type":173,"name":256,"callback":257,"file":253,"line":258},"network_admin_menu","add_network_settings_page",25,{"type":173,"name":260,"callback":261,"file":253,"line":262},"network_admin_edit_discourse_network_options","save_network_settings",26,{"type":173,"name":264,"callback":265,"file":253,"line":266},"network_admin_notices","network_config_notices",28,{"type":173,"name":184,"callback":268,"file":269,"line":136},"register_publish_settings","admin\\publish-settings.php",{"type":173,"name":184,"callback":185,"file":271,"line":85},"admin\\settings-validator.php",{"type":273,"name":274,"callback":275,"file":271,"line":276},"filter","wpdc_validate_url","validate_url",87,{"type":273,"name":278,"callback":279,"file":271,"line":280},"wpdc_validate_api_key","validate_api_key",88,{"type":273,"name":282,"callback":283,"file":271,"line":284},"wpdc_validate_publish_username","validate_publish_username",89,{"type":273,"name":286,"callback":287,"file":271,"line":13},"wpdc_validate_connection_logs","validate_checkbox",{"type":273,"name":289,"callback":290,"file":271,"line":291},"wpdc_validate_publish_category","validate_publish_category",92,{"type":273,"name":293,"callback":287,"file":271,"line":294},"wpdc_validate_publish_category_update",93,{"type":273,"name":296,"callback":287,"file":271,"line":297},"wpdc_validate_allow_tags",94,{"type":273,"name":299,"callback":300,"file":271,"line":301},"wpdc_validate_max_tags","validate_max_tags",95,{"type":273,"name":303,"callback":287,"file":271,"line":304},"wpdc_validate_publish_as_unlisted",96,{"type":273,"name":306,"callback":287,"file":271,"line":307},"wpdc_validate_full_post_content",97,{"type":273,"name":309,"callback":287,"file":271,"line":26},"wpdc_validate_auto_publish",{"type":273,"name":311,"callback":287,"file":271,"line":64},"wpdc_validate_force_publish",{"type":273,"name":313,"callback":314,"file":271,"line":77},"wpdc_validate_force_publish_max_age","validate_force_publish_max_age",{"type":273,"name":316,"callback":287,"file":271,"line":317},"wpdc_validate_add_featured_link",101,{"type":273,"name":319,"callback":287,"file":271,"line":320},"wpdc_validate_auto_track",102,{"type":273,"name":322,"callback":323,"file":271,"line":324},"wpdc_validate_allowed_post_types","validate_allowed_post_types",103,{"type":273,"name":326,"callback":327,"file":271,"line":328},"wpdc_validate_exclude_tags","validate_exclude_tags",104,{"type":273,"name":330,"callback":287,"file":271,"line":331},"wpdc_validate_publish_failure_notice",105,{"type":273,"name":333,"callback":334,"file":271,"line":335},"wpdc_validate_publish_failure_email","validate_email",106,{"type":273,"name":337,"callback":287,"file":271,"line":338},"wpdc_validate_hide_discourse_name_field",107,{"type":273,"name":340,"callback":287,"file":271,"line":341},"wpdc_validate_discourse_username_editable",108,{"type":273,"name":343,"callback":287,"file":271,"line":344},"wpdc_validate_direct_db_publication_flags",109,{"type":273,"name":346,"callback":287,"file":271,"line":347},"wpdc_validate_verbose_publication_logs",110,{"type":273,"name":349,"callback":287,"file":271,"line":350},"wpdc_validate_enable_discourse_comments",112,{"type":273,"name":352,"callback":353,"file":271,"line":354},"wpdc_validate_comment_type","validate_radio_string_value",113,{"type":273,"name":356,"callback":287,"file":271,"line":357},"wpdc_validate_cache_html",114,{"type":273,"name":359,"callback":360,"file":271,"line":361},"wpdc_validate_clear_cached_comment_html","validate_clear_comments_html",115,{"type":273,"name":363,"callback":287,"file":271,"line":364},"wpdc_validate_ajax_load",116,{"type":273,"name":366,"callback":287,"file":271,"line":367},"wpdc_validate_load_comment_css",117,{"type":273,"name":369,"callback":287,"file":271,"line":370},"wpdc_validate_discourse_new_tab",118,{"type":273,"name":372,"callback":287,"file":271,"line":373},"wpdc_validate_hide_wordpress_comments",119,{"type":273,"name":375,"callback":287,"file":271,"line":376},"wpdc_validate_show_existing_comments",120,{"type":273,"name":378,"callback":379,"file":271,"line":380},"wpdc_validate_existing_comments_heading","validate_existing_comments_heading",121,{"type":273,"name":382,"callback":383,"file":271,"line":384},"wpdc_validate_max_comments","validate_max_comments",122,{"type":273,"name":386,"callback":387,"file":271,"line":388},"wpdc_validate_min_replies","validate_min_replies",123,{"type":273,"name":390,"callback":391,"file":271,"line":392},"wpdc_validate_min_score","validate_min_score",124,{"type":273,"name":394,"callback":395,"file":271,"line":396},"wpdc_validate_min_trust_level","validate_min_trust_level",125,{"type":273,"name":398,"callback":399,"file":271,"line":400},"wpdc_validate_bypass_trust_level_score","validate_bypass_trust_level_score",126,{"type":273,"name":402,"callback":403,"file":271,"line":404},"wpdc_validate_custom_excerpt_length","validate_custom_excerpt_length",127,{"type":273,"name":406,"callback":407,"file":271,"line":408},"wpdc_validate_custom_datetime_format","validate_text_input",128,{"type":273,"name":410,"callback":287,"file":271,"line":411},"wpdc_validate_only_show_moderator_liked",129,{"type":273,"name":413,"callback":287,"file":271,"line":414},"wpdc_validate_display_subcategories",130,{"type":273,"name":416,"callback":287,"file":271,"line":417},"wpdc_validate_verbose_comment_logs",131,{"type":273,"name":419,"callback":407,"file":271,"line":420},"wpdc_validate_discourse_link_text",133,{"type":273,"name":422,"callback":407,"file":271,"line":423},"wpdc_validate_start_discussion_text",134,{"type":273,"name":425,"callback":407,"file":271,"line":426},"wpdc_validate_continue_discussion_text",135,{"type":273,"name":428,"callback":407,"file":271,"line":429},"wpdc_validate_join_discussion_text",136,{"type":273,"name":431,"callback":407,"file":271,"line":432},"wpdc_validate_comments_singular_text",137,{"type":273,"name":434,"callback":407,"file":271,"line":435},"wpdc_validate_comments_plural_text",138,{"type":273,"name":437,"callback":407,"file":271,"line":438},"wpdc_validate_no_comments_text",139,{"type":273,"name":440,"callback":407,"file":271,"line":441},"wpdc_validate_notable_replies_text",140,{"type":273,"name":443,"callback":407,"file":271,"line":444},"wpdc_validate_comments_not_available_text",141,{"type":273,"name":446,"callback":407,"file":271,"line":447},"wpdc_validate_participants_text",142,{"type":273,"name":449,"callback":407,"file":271,"line":450},"wpdc_validate_published_at_text",143,{"type":273,"name":452,"callback":407,"file":271,"line":453},"wpdc_validate_single_reply_text",144,{"type":273,"name":455,"callback":407,"file":271,"line":456},"wpdc_validate_many_replies_text",145,{"type":273,"name":458,"callback":407,"file":271,"line":459},"wpdc_validate_more_replies_more_text",146,{"type":273,"name":461,"callback":407,"file":271,"line":462},"wpdc_validate_external_login_text",147,{"type":273,"name":464,"callback":407,"file":271,"line":465},"wpdc_validate_link_to_discourse_text",148,{"type":273,"name":467,"callback":407,"file":271,"line":468},"wpdc_validate_linked_to_discourse_text",149,{"type":273,"name":470,"callback":471,"file":271,"line":472},"wpdc_validate_use_discourse_webhook","validate_use_discourse_webhook",151,{"type":273,"name":474,"callback":475,"file":271,"line":476},"wpdc_validate_webhook_match_old_topics","validate_webhook_match_old_topics",152,{"type":273,"name":478,"callback":479,"file":271,"line":480},"wpdc_validate_use_discourse_user_webhook","validate_use_discourse_user_webhook",153,{"type":273,"name":482,"callback":287,"file":271,"line":483},"wpdc_validate_webhook_match_user_email",154,{"type":273,"name":485,"callback":486,"file":271,"line":487},"wpdc_validate_webhook_secret","validate_webhook_secret",155,{"type":273,"name":489,"callback":287,"file":271,"line":490},"wpdc_validate_verbose_webhook_logs",156,{"type":273,"name":492,"callback":493,"file":271,"line":494},"wpdc_validate_sso_client_enabled","validate_sso_client_enabled",158,{"type":273,"name":496,"callback":287,"file":271,"line":497},"wpdc_validate_sso_client_login_form_change",159,{"type":273,"name":499,"callback":500,"file":271,"line":501},"wpdc_validate_sso_client_login_form_redirect","validate_sso_client_login_form_redirect",160,{"type":273,"name":503,"callback":287,"file":271,"line":504},"wpdc_validate_sso_client_sync_by_email",161,{"type":273,"name":506,"callback":287,"file":271,"line":507},"wpdc_validate_sso_client_sync_logout",162,{"type":273,"name":509,"callback":510,"file":271,"line":511},"wpdc_validate_enable_sso","validate_enable_sso",164,{"type":273,"name":513,"callback":287,"file":271,"line":514},"wpdc_validate_auto_create_sso_user",165,{"type":273,"name":516,"callback":287,"file":271,"line":517},"wpdc_validate_verbose_sso_logs",166,{"type":273,"name":519,"callback":520,"file":271,"line":521},"wpdc_validate_sso_secret","validate_sso_secret",168,{"type":273,"name":523,"callback":524,"file":271,"line":525},"wpdc_validate_login_path","validate_login_path",169,{"type":273,"name":527,"callback":287,"file":271,"line":528},"wpdc_validate_real_name_as_discourse_name",170,{"type":273,"name":530,"callback":287,"file":271,"line":531},"wpdc_validate_force_avatar_update",171,{"type":273,"name":533,"callback":287,"file":271,"line":534},"wpdc_validate_redirect_without_login",172,{"type":273,"name":536,"callback":287,"file":271,"line":537},"wpdc_validate_site_multisite_configuration_enabled",174,{"type":273,"name":539,"callback":275,"file":271,"line":540},"wpdc_validate_site_url",175,{"type":273,"name":542,"callback":279,"file":271,"line":543},"wpdc_validate_site_api_key",176,{"type":273,"name":545,"callback":283,"file":271,"line":546},"wpdc_validate_site_publish_username",177,{"type":273,"name":548,"callback":471,"file":271,"line":549},"wpdc_validate_site_use_discourse_webhook",178,{"type":273,"name":551,"callback":287,"file":271,"line":552},"wpdc_validate_site_webhook_match_old_topics",179,{"type":273,"name":554,"callback":486,"file":271,"line":555},"wpdc_validate_site_webhook_secret",180,{"type":273,"name":557,"callback":287,"file":271,"line":558},"wpdc_validate_site_webhook_match_user_email",181,{"type":273,"name":560,"callback":287,"file":271,"line":561},"wpdc_validate_site_use_discourse_user_webhook",182,{"type":273,"name":563,"callback":287,"file":271,"line":564},"wpdc_validate_site_hide_discourse_name_field",183,{"type":273,"name":566,"callback":520,"file":271,"line":567},"wpdc_validate_site_sso_secret",184,{"type":273,"name":569,"callback":287,"file":271,"line":570},"wpdc_validate_site_enable_sso",185,{"type":273,"name":572,"callback":287,"file":271,"line":573},"wpdc_validate_site_sso_client_enabled",186,{"type":173,"name":184,"callback":575,"file":576,"line":577},"register_sso_settings","admin\\sso-settings.php",66,{"type":173,"name":579,"callback":580,"priority":75,"file":576,"line":581},"wpdc_options_page_append_settings_tabs","sso_settings_secondary_tabs",67,{"type":173,"name":583,"callback":584,"file":576,"line":585},"wpdc_options_page_after_tab_switch","sso_settings_fields",68,{"type":173,"name":210,"callback":185,"file":587,"line":266},"admin\\user-profile.php",{"type":173,"name":589,"callback":590,"file":587,"line":591},"edit_user_profile","add_discourse_fields_to_profile",29,{"type":173,"name":593,"callback":590,"file":587,"line":186},"show_user_profile",{"type":173,"name":595,"callback":596,"file":587,"line":597},"edit_user_profile_update","update_discourse_user_metadata",32,{"type":173,"name":599,"callback":596,"file":587,"line":600},"personal_options_update",34,{"type":173,"name":184,"callback":602,"file":603,"line":136},"register_webhook_settings","admin\\webhook-settings.php",{"type":173,"name":210,"callback":605,"file":606,"line":607},"register_wpdc_blocks","blocks\\comments\\comments.php",55,[609,614,617,620],{"action":610,"nopriv":611,"callback":612,"hasNonce":613,"hasCapCheck":613,"file":201,"line":218},"text_options_reset",false,"process_text_options_reset",true,{"action":615,"nopriv":611,"callback":616,"hasNonce":613,"hasCapCheck":613,"file":232,"line":367},"wpdc_view_log","log_file_contents",{"action":618,"nopriv":611,"callback":619,"hasNonce":613,"hasCapCheck":613,"file":232,"line":370},"wpdc_view_logs_metafile","meta_file_contents",{"action":621,"nopriv":611,"callback":622,"hasNonce":613,"hasCapCheck":613,"file":232,"line":373},"wpdc_download_logs","download_logs",[624,629,632,636,640,644,648,652,656],{"namespace":625,"route":626,"methods":627,"callback":189,"permissionCallback":37,"file":211,"line":514},"wp-discourse\u002Fv1","get-discourse-categories",[628],"GET",{"namespace":625,"route":630,"methods":631,"callback":189,"permissionCallback":37,"file":211,"line":555},"update-topic",[628],{"namespace":625,"route":633,"methods":634,"callback":189,"permissionCallback":37,"file":211,"line":635},"publish-topic",[628],194,{"namespace":625,"route":637,"methods":638,"callback":189,"permissionCallback":37,"file":211,"line":639},"unlink-post",[628],208,{"namespace":625,"route":641,"methods":642,"callback":189,"permissionCallback":37,"file":211,"line":643},"link-topic",[628],222,{"namespace":625,"route":645,"methods":646,"callback":189,"permissionCallback":37,"file":211,"line":647},"set-publish-meta",[628],236,{"namespace":625,"route":649,"methods":650,"callback":189,"permissionCallback":37,"file":211,"line":651},"set-category-meta",[628],250,{"namespace":625,"route":653,"methods":654,"callback":189,"permissionCallback":37,"file":211,"line":655},"set-tag-meta",[628],265,{"namespace":625,"route":657,"methods":658,"callback":189,"permissionCallback":37,"file":211,"line":659},"set-pin-meta",[628],280,[],[],13,9,{"dangerousFunctions":665,"sqlUsage":666,"outputEscaping":673,"fileOperations":679,"externalRequests":28,"nonceChecks":663,"capabilityChecks":119,"bundledLibraries":680},[],{"prepared":28,"raw":27,"locations":667},[668,671],{"file":669,"line":600,"context":670},"uninstall.php","$wpdb->query() with variable interpolation",{"file":669,"line":672,"context":670},35,{"escaped":674,"rawEcho":47,"locations":675},264,[676],{"file":587,"line":677,"context":678},73,"raw output",7,[],[682],{"entryPoint":683,"graph":684,"unsanitizedCount":47,"severity":40},"\u003Cmeta-box> (admin\\meta-box.php:0)",{"nodes":685,"edges":706},[686,691,697,700,704],{"id":687,"type":688,"label":689,"file":238,"line":690},"n0","source","$_POST",234,{"id":692,"type":693,"label":694,"file":238,"line":695,"wp_function":696},"n1","sink","echo() [XSS]",354,"echo",{"id":698,"type":688,"label":689,"file":238,"line":699},"n2",426,{"id":701,"type":702,"label":703,"file":238,"line":699},"n3","transform","→ pin_topic_input()",{"id":705,"type":693,"label":694,"file":238,"line":695,"wp_function":696},"n4",[707,708,709],{"from":687,"to":692,"sanitized":613},{"from":698,"to":701,"sanitized":611},{"from":701,"to":705,"sanitized":611},{"summary":711,"deductions":712},"The wp-discourse plugin version 2.6.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent output escaping practices with 100% of outputs being properly escaped, and it avoids dangerous functions and external HTTP requests.  Furthermore, the vulnerability history indicates no currently unpatched CVEs, suggesting active maintenance and timely remediation of past issues.\n\nHowever, significant concerns arise from the attack surface analysis. A substantial portion of the plugin's entry points, specifically 9 out of 13, are exposed without proper permission callbacks or authentication checks. This includes all 9 REST API routes and 4 AJAX handlers, presenting a large area for potential unauthorized access or manipulation if vulnerabilities exist within these endpoints. The taint analysis, while only covering one flow, did reveal an unsanitized path, which could be a gateway for attacks if exploited, though its severity is not classified as critical or high.\n\nThe vulnerability history shows two past medium-severity CVEs related to \"Exposure of Sensitive Information to an Unauthorized Actor\" and \"Missing Authorization.\" While these are patched, the recurring theme of authorization issues in the past warrants caution, especially given the current lack of permission checks on a significant portion of its entry points. In conclusion, while the plugin has strong output handling and no active critical or high vulnerabilities, the large unprotected attack surface and past authorization-related vulnerabilities present a notable risk that requires careful monitoring and mitigation.",[713,715,717,719,721,724],{"reason":714,"points":75},"Large attack surface without auth checks",{"reason":716,"points":14},"REST API routes without permission callbacks",{"reason":718,"points":679},"AJAX handlers without auth checks",{"reason":720,"points":75},"SQL queries not using prepared statements",{"reason":722,"points":723},"Taint flow with unsanitized paths",5,{"reason":725,"points":75},"Past medium severity CVEs (x2)","2026-03-16T19:01:50.785Z",{"wat":728,"direct":739},{"assetPaths":729,"generatorPatterns":733,"scriptPaths":734,"versionParams":735},[730,731,732],"\u002Fwp-content\u002Fplugins\u002Fwp-discourse\u002Fcss\u002Fadmin-styles.css","\u002Fwp-content\u002Fplugins\u002Fwp-discourse\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fwp-discourse\u002Fadmin\u002Fcss\u002Fnetwork-admin-styles.css",[],[731],[736,737,738],"wp-discourse\u002Fcss\u002Fadmin-styles.css?ver=","wp-discourse\u002Fjs\u002Fadmin.js?ver=","wp-discourse\u002Fadmin\u002Fcss\u002Fnetwork-admin-styles.css?ver=",{"cssClasses":740,"htmlComments":748,"htmlAttributes":751,"restEndpoints":755,"jsGlobals":756,"shortcodeOutput":758},[741,742,743,744,745,746,747],"wpdc-admin","wpdc-discourse-sync-status","wpdc-discourse-publish-settings","wpdc-discourse-comment-settings","wpdc-discourse-connection-settings","wpdc-discourse-sso-settings","wpdc-discourse-webhook-settings",[749,750],"WP-Discourse admin settings","Add the Gutenberg Sidebar.",[752,753,754],"data-max-tags","data-ajax","data-nonce",[],[757],"wpdc",[]]