[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmTPz0iU7ziUYUpvR21r7-OOwysypkZ0fgH-mCb6fkbc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":229},"wp-fingerprint","WP Fingerprint","2.1.2","DanFoster","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanfoster\u002F","\u003Cp>WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit. WP Fingerprint works by collecting checksums of your plugins and comparing it with the checksums collected by WP Fingerprint. If the plugin detects any abnormalities it will let you know so you can take immediate action.\u003Cbr \u002F>\nThis plugin transmits and stores checksums on WP Fingerprint servers(all hosted in EU and run by 34SP.com) & WordPress.org to work for details see https:\u002F\u002Fwpfingerprint.com\u002Fhow-it-works\u002F for the data we collect and store.\u003C\u002Fp>\n","WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit.",9000,33795,60,2,"2025-09-03T12:16:00.000Z","6.8.5","4.9","5.6",[20,21,22],"checksums","plugins","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fingerprint.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"danfoster",1,30,94,"2026-04-05T02:27:36.628Z",[37,59,75,98,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":23,"requires_php":23,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":32,"unpatched_count":32,"last_vuln_date":58,"fetched_at":28},"plugin-security-scanner","Plugin Security Scanner","2.0.2","Glen Scott","https:\u002F\u002Fprofiles.wordpress.org\u002Fglen_scott\u002F","\u003Cp>This plugin determines whether any of your plugins or themes have security vulnerabilities.  It does this by looking up details in the WPScan Vulnerability Database.\u003C\u002Fp>\n\u003Cp>It will run a scan once a day, and e-mail the administrator if any vulnerable plugins or themes are found.\u003C\u002Fp>\n\u003Cp>\u003Cem>Please note:\u003C\u002Fem> As from version 2.0.0, you will need to \u003Ca href=\"https:\u002F\u002Fwpvulndb.com\u002Fusers\u002Fsign_up\" rel=\"nofollow ugc\">register on the WPScan Vulnerability Database\u003C\u002Fa> site in order to get an API token.  This token is required before any security scans can be performed.  Once you have your token, it can be added to the Plugin Security Scanner settings page.\u003C\u002Fp>\n\u003Cp>You can also register a webhook for notifications. The webhook will trigger daily, even if no vulnerabilities found. The webhook is a post request, with JSON payload containing the vulnerabilities.\u003C\u002Fp>\n\u003Cp>You can enable the webhook under Settings\\General tab – see the Plugin Security Scanner settings.\u003C\u002Fp>\n\u003Cp>It also adds a new menu option to the admin tools menu called “Plugin Security Scanner”.  Clicking this runs a scan.  If the scan finds any problems, it shows you a list of plugins or themes that have vulnerabilities, along with a description of the issue.\u003C\u002Fp>\n\u003Cp>The WPScan Vulnerability Database API, which this plugin uses, is free for non-commercial use. However, any commercial usage will require that you purchase a commercial license from WPScan. If you are using the API for your own site then you will not need a commercial license. However, if you are a hosting company and install the plugin systematically across all of your clients sites, then you will need to purchase a commercial license. If you are making heavy use of the API, it is likely that you will need to purchase a commercial license. To enquire about a commercial license, please contact team@wpvulndb.com\u003C\u002Fp>\n\u003Cp>Icons made by \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\u002Fauthors\u002Falessio-atzeni\" title=\"Alessio Atzeni\" rel=\"nofollow ugc\">Alessio Atzeni\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" title=\"Flaticon\" rel=\"nofollow ugc\">www.flaticon.com\u003C\u002Fa> is licensed by \u003Ca href=\"http:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby\u002F3.0\u002F\" title=\"Creative Commons BY 3.0\" rel=\"nofollow ugc\">CC BY 3.0\u003C\u002Fa>\u003C\u002Fp>\n","This plugin alerts you if any of your plugins have security vulnerabilities.  It does this by utilising the WPScan Vulnerability Database once a day.",800,69956,98,7,"2019-08-19T19:08:00.000Z","5.2.24",[21,52,53,22,54],"scanner","secure","vulnerabilities","https:\u002F\u002Fyellowsquare.com\u002Fplugin-security-scanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-security-scanner.2.0.2.zip",63,"2025-09-22 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":25,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":18,"tags":73,"homepage":23,"download_link":74,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"rename-plugins-folder","Rename Plugins Folder","0.0.1","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>Usually, for security reasons, people rename any kind of folder, but they don’t rename the plugins folder.\u003C\u002Fp>\n\u003Cp>Renaming the plugins folder makes the protection of your website stronger.\u003C\u002Fp>\n\u003Cp>Bad robots scan the net to find websites that have vulnerable plugins.\u003C\u002Fp>\n\u003Cp>Most of the time they detect the plugins by checking the path wp-content\u002Fplugins in the page HTML.\u003C\u002Fp>\n\u003Cp>If instead of wp-content\u002Fplugins the path is for example wp-content\u002Fextensions, probably the bad robot will not detect any plugin.\u003C\u002Fp>\n\u003Cp>This plugin just renames the plugins folder and updates the wp-config.php file to make work your website with the new folder name.\u003C\u002Fp>\n\u003Cp>It doesn’t save anything in the database.\u003C\u002Fp>\n\u003Cp>It’s for the users who don’t know how to modify the wp-config.php file, if you know it, of course you don’t really need this plugin.\u003C\u002Fp>\n\u003Cp>We recommend making a backup before renaming the plugins folder, especially of the file wp-config.php, so you can easily go back in case you have issues.\u003C\u002Fp>\n\u003Cp>Issues may occur if your theme or one of your plugins doesn’t follow the best practices to refer to the plugins folder.\u003C\u002Fp>\n\u003Cp>Normally, the authors of themes and plugins know that they must refer to the plugins folder by adopting best practices.\u003C\u002Fp>\n\u003Cp>If one of your plugins or the theme gives issues, we suggest restoring the original folder name but writing the author of the plugin that was giving the issue.\u003C\u002Fp>\n\u003Cp>You will find the options in Plugins => Rename Plugins Folder\u003C\u002Fp>\n\u003Ch3>How to rename the plugins folder\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the plugin Rename Plugins Folder\u003C\u002Fli>\n\u003Cli>To be very sure, make a backup of the file wp-config.php that is included in the main directory\u003C\u002Fli>\n\u003Cli>Go to Plugins => Rename Plugins Folder\u003C\u002Fli>\n\u003Cli>Assign a new name for the plugins folder\u003C\u002Fli>\n\u003Cli>Click on “Rename”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>If you want to have a look at the backend before installing the plugin, you can see the demo on \u003Ca href=\"https:\u002F\u002Fwpdemo.net\u002Fdemos\u002Fplugins\u002Frename-plugins-folder\" rel=\"nofollow ugc\">https:\u002F\u002Fwpdemo.net\u002F\u003C\u002Fa>\u003C\u002Fp>\n","With Rename Plugins Folder you can rename the plugins folder. This is an underestimated way to increase the security of your installation.",300,4621,3,"2025-12-10T09:13:00.000Z","6.9.4","4.6",[60,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-plugins-folder.0.0.1.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":14,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":23,"tags":89,"homepage":95,"download_link":96,"security_score":97,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"security-and-vulnerability-shield","Security and Vulnerability Shield","2.2","SiteCops","https:\u002F\u002Fprofiles.wordpress.org\u002Fsitecops\u002F","\u003Cp>Plugin made to ease the process of keeping your site safe (from potential exploits\u002Fvulnerabilities in WordPress or plugins).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Anyone can use it, no coding skills required\u003C\u002Fstrong>, just \u003Cstrong>click “Scan”\u003C\u002Fstrong> (next to “Add New” in the Plugins section in WordPress)\u003Cbr \u002F>\nand you will get an immediate report for all of your currently installed plugins – which one is vulnerable and which one\u003Cbr \u002F>\nis safe.\u003C\u002Fp>\n\u003Cp>No need to monitor 20 websites and receive 100+ emails (from groups and newsletters) so that you can keep up to date\u003Cbr \u002F>\nwith the \u003Cstrong>latest vulnerabilities in WordPress and its related plugins… our team will do that for you\u003C\u002Fstrong>!\u003C\u002Fp>\n\u003Cp>Note: Currently, we are limiting the number of scan per day (per ip\u002Fsite) to 10, mainly because we want to protect our\u003Cbr \u002F>\nservers from getting hammered by bad users. In the future we will most likely remove this limitation, but until then,\u003Cbr \u002F>\nplease remember that this is a \u003Cstrong>free plugin\u003C\u002Fstrong> and despite that it costs us \u003Cstrong>tons of hours (of processing emails, data,\u003Cbr \u002F>\nreviewing plugins, exploits\u002Fvulnerabilities, developing and maintaining this plugin)\u003C\u002Fstrong> we will try to \u003Cstrong>always have a\u003Cbr \u002F>\nfree version that helps the WordPress community to protect their sites\u003C\u002Fstrong>.\u003C\u002Fp>\n","This plugin will scan your plugins (and WordPress) version for more then 3000+ known vulnerabilities and exploits.",90,7172,80,"2015-10-13T16:54:00.000Z","4.3.34","3.9",[90,91,92,93,94],"free","scan-plugins","scan-vulnerable-plugins","vulnerable-plugins","wordpress-security","http:\u002F\u002Fsitecops.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-and-vulnerability-shield.2.2.zip",85,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":33,"downloaded":106,"rating":26,"num_ratings":26,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":23,"tags":110,"homepage":115,"download_link":116,"security_score":97,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wpuppy","WPuppy","1.3.4.2","Sem Wong","https:\u002F\u002Fprofiles.wordpress.org\u002Fsem-wong\u002F","\u003Cp>WPuppy is software for automatically updating WordPress Plugins, Themes and Core.\u003Cbr \u002F>\nThis has been created especially for WordPress Developers and Designer Agencies.\u003C\u002Fp>\n\u003Cp>How does it work? WPuppy creates a backup and a snapshot, updates the components and creates another snapshot.\u003Cbr \u002F>\nThen it compares the websites based on the snapshots and functionalities. When all is OK, all is ready.\u003Cbr \u002F>\nWhen there is a difference, the website is rolled-back to its previous state and you are being informed about this.\u003C\u002Fp>\n\u003Cp>You stop wasting time on updating websites and can’t be taken off guard by failed updates.\u003Cbr \u002F>\nThis allows you to spend your time more effectively on creating added value for your clients, rather than fixing things!\u003C\u002Fp>\n\u003Cp>Go to \u003Ca href=\"http:\u002F\u002Fwww.wpuppy.com\u002F?utm_source=wordpress%20plugin%20directory\" rel=\"nofollow ugc\">WPuppy.com\u003C\u002Fa> to sign up for a free trial!\u003C\u002Fp>\n","WPuppy is software for automatically updating Wordpress Plugins, Themes and Core.",7049,"2018-06-26T08:08:00.000Z","4.8.28","3.7",[22,111,112,113,114],"update-plugins","updates","wordpress-auto-update","wordpress-update-services","http:\u002F\u002Fwww.wpuppy.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpuppy.1.3.4.2.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":26,"num_ratings":26,"last_updated":23,"tested_up_to":108,"requires_at_least":127,"requires_php":23,"tags":128,"homepage":133,"download_link":134,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":135},"all-in-one-must-have","All In One Must Have","1.3","minhlinh100","https:\u002F\u002Fprofiles.wordpress.org\u002Fminhlinh100\u002F","\u003Cp>Plugins synthesize the functions useful needed on a website to help you optimize your website and support you manager, security defence, seo website better.\u003C\u002Fp>\n\u003Cp>SECURITY WEBSITE\u003Cbr \u002F>\n+ Change the wp-admin login path\u003Cbr \u002F>\n+ Create password protected directories wp-admin\u003Cbr \u002F>\n+ Hide current wordpress version information\u003Cbr \u002F>\n+ Change database prefixe\u003Cbr \u002F>\n+ Change key salt\u003Cbr \u002F>\n+ Disallow add new plugins and themes on wp-admin\u003Cbr \u002F>\n+ Disallow edit files in themes and plugins on wp-admin\u003Cbr \u002F>\n+ Disable XML-RPC\u003C\u002Fp>\n\u003Cp>SOME USEFUL FUNCTION\u003Cbr \u002F>\n+ Compression of image quality\u003Cbr \u002F>\n+ Optimized filename upload\u003Cbr \u002F>\n+ Auto upload photos to library\u003Cbr \u002F>\n+ Automatic thumbnail selection for posts\u003Cbr \u002F>\n+ Shorten your html, delete default  html not used\u003Cbr \u002F>\n+ Delete js,css add by plugins\u003Cbr \u002F>\n+ Alerts let you know when the article duplicates the title\u003Cbr \u002F>\n+ Support counts article views\u003Cbr \u002F>\n+ Disable comments wordpress\u003C\u002Fp>\n","Plugins synthesize the functions useful needed on a website to help you optimize your website and support you manager, security defence, seo website b …",20,2013,"3.0.1",[129,130,131,22,132],"auto-thumbnail","defence","must-have-plugins","useful","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-must-have\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-must-have.zip","2026-03-15T10:48:56.248Z",{"attackSurface":137,"codeSignals":179,"taintFlows":214,"riskAssessment":215,"analyzedAt":228},{"hooks":138,"ajaxHandlers":163,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":32,"unprotectedCount":32},[139,144,148,151,155,159],{"type":140,"name":141,"callback":141,"file":142,"line":143},"action","admin_init","wp-fingerprint.php",40,{"type":140,"name":145,"callback":146,"file":142,"line":147},"wpfingerprint_cron","cron",41,{"type":140,"name":149,"callback":146,"file":142,"line":150},"wpfingerprint_run_now",42,{"type":140,"name":152,"callback":153,"file":142,"line":154},"admin_footer","admin_bar_footer_js",52,{"type":140,"name":156,"callback":156,"priority":157,"file":142,"line":158},"admin_bar_menu",110,54,{"type":140,"name":160,"callback":161,"file":142,"line":162},"wp_loaded","load",108,[164],{"action":165,"nopriv":166,"callback":167,"hasNonce":166,"hasCapCheck":166,"file":142,"line":168},"wp-fingerprint-recheck",false,"recheck_callback",53,[],[],[172,175,178],{"hook":149,"callback":149,"file":173,"line":174},"inc\\class-wpfingerprint-model-checksums.php",125,{"hook":149,"callback":149,"file":176,"line":177},"inc\\class-wpfingerprint-settings.php",136,{"hook":145,"callback":145,"file":142,"line":83},{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":198,"fileOperations":14,"externalRequests":212,"nonceChecks":26,"capabilityChecks":14,"bundledLibraries":213},[],{"prepared":14,"raw":48,"locations":182},[183,186,187,190,193,194,196],{"file":173,"line":184,"context":185},36,"$wpdb->get_results() with variable interpolation",{"file":173,"line":147,"context":185},{"file":173,"line":188,"context":189},112,"$wpdb->get_var() with variable interpolation",{"file":191,"line":192,"context":189},"inc\\class-wpfingerprint-model-diffs.php",9,{"file":191,"line":147,"context":185},{"file":191,"line":195,"context":185},48,{"file":191,"line":197,"context":189},105,{"escaped":32,"rawEcho":199,"locations":200},5,[201,204,206,208,210],{"file":176,"line":202,"context":203},123,"raw output",{"file":205,"line":199,"context":203},"template\\display-plugins.php",{"file":205,"line":207,"context":203},8,{"file":205,"line":209,"context":203},11,{"file":205,"line":211,"context":203},15,4,[],[],{"summary":216,"deductions":217},"The wp-fingerprint plugin, in version 2.1.2, exhibits a mixed security posture. While it has no known vulnerabilities in its history and doesn't utilize dangerous functions or bundled libraries, several concerning code signals point to potential weaknesses. The plugin presents a small but unprotected attack surface with one AJAX handler lacking authentication checks. This, combined with a low percentage of properly escaped output and a significant portion of SQL queries not using prepared statements, raises red flags regarding its resilience against common web attacks.\n\nThe static analysis reveals that a single AJAX endpoint is accessible without any authentication or capability checks, making it a prime target for unauthorized actions. Furthermore, the low percentage of properly escaped output suggests that data displayed to users might be vulnerable to cross-site scripting (XSS) attacks if it originates from untrusted sources. The SQL query analysis also indicates that some database operations are not using prepared statements, which could lead to SQL injection vulnerabilities if user input is not rigorously sanitized.\n\nGiven the absence of any recorded vulnerabilities, it's possible that these potential issues have not been exploited or that other security layers are in place. However, relying on these potential mitigating factors is risky. The plugin's strengths lie in its clean vulnerability history and lack of dangerous functions. The weaknesses, however, are significant enough to warrant caution, particularly the unprotected AJAX handler and potential for XSS and SQL injection due to insufficient escaping and unprepared SQL queries.",[218,221,224,226],{"reason":219,"points":220},"Unprotected AJAX handler",10,{"reason":222,"points":223},"Low percentage of properly escaped output",6,{"reason":225,"points":48},"Significant percentage of SQL queries not prepared",{"reason":227,"points":199},"Missing nonce checks on AJAX handler","2026-03-16T17:52:11.297Z",{"wat":230,"direct":241},{"assetPaths":231,"generatorPatterns":234,"scriptPaths":235,"versionParams":238},[232,233],"\u002Fwp-content\u002Fplugins\u002Fwp-fingerprint\u002Fjs\u002F","\u002Fwp-content\u002Fplugins\u002Fwp-fingerprint\u002Fcss\u002F",[],[236,237],"\u002Fwp-content\u002Fplugins\u002Fwp-fingerprint\u002Fjs\u002Fwp-fingerprint-admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-fingerprint\u002Fjs\u002Fwp-fingerprint-frontend.js",[239,240],"wp-fingerprint\u002Fjs\u002Fwp-fingerprint-admin.js?ver=","wp-fingerprint\u002Fjs\u002Fwp-fingerprint-frontend.js?ver=",{"cssClasses":242,"htmlComments":245,"htmlAttributes":248,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":254},[243,244],"wpfingerprint-update-count","wpfingerprint-warning",[246,247],"\u003C!-- WP Fingerprint Settings -->","\u003C!-- WP Fingerprint -->",[249,250],"data-slug","data-version",[],[253],"wp_fingerprint_admin_ajax_object",[]]