[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0fjQxLh6MQeNcxALlUdUSzy8KDAOXd9vxPAFxaLQi3o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":14,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":147,"fingerprints":348},"wp-flock","WP-Flock","0.1.1","Alis","https:\u002F\u002Fprofiles.wordpress.org\u002Falisdee\u002F","\u003Cp>\u003Cstrong>WP-Flock\u003C\u002Fstrong> is a plugin that provides LiveJournal-like custom security groups for posts and pages. It’s more flexible than Post Levels, and less complicated than Role Scoper. Plus it hooks into \u003Ca href=\"http:\u002F\u002Fbeta.void-star.net\u002Fprojects\u002Fjournalpress\u002F\" rel=\"nofollow ugc\">JournalPress\u003C\u002Fa>; what more could you want?\u003C\u002Fp>\n\u003Cp>It is currently in its “stable beta” stage, and as such some features may not be available or a little wonky.\u003C\u002Fp>\n\u003Cp>The latest updates about the plug-ins development can be found \u003Ca href=\"http:\u002F\u002Fbeta.void-star.net\u002Fcategory\u002Fgeeking\u002Fwordpress\u002Fwp-flock\u002F\" title=\"WP-Flock @ beta.void-star.net\" rel=\"nofollow ugc\">in the project blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Version 0.1\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It’s alive! It’s alive!\u003C\u002Fli>\n\u003Cli>Basic friends-locking group functionality completed.\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that provides LiveJournal-like custom security groups for posts and pages.",10,2685,0,"","2.7.1",[17,18,19,20,21],"admin","post","posts","privacy","users","http:\u002F\u002Fbeta.void-star.net\u002Fprojects\u002Fwp-flock\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-flock.0.1.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"alisdee",3,120,97,30,92,"2026-04-04T20:00:22.921Z",[37,60,81,105,129],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":34,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":14,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":13,"last_vuln_date":58,"fetched_at":59},"wp-admin-ui-customize","WP Admin UI Customize","1.5.14","gqevu6bsiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fgqevu6bsiz\u002F","\u003Cul>\n\u003Cli>Dashboard\u003C\u002Fli>\n\u003Cli>Display options tab\u003C\u002Fli>\n\u003Cli>Output-meta site\u003C\u002Fli>\n\u003Cli>Admin bar (Toolbar)\u003C\u002Fli>\n\u003Cli>Admin menu (Side menu)\u003C\u002Fli>\n\u003Cli>Management of meta boxes\u003C\u002Fli>\n\u003Cli>Login screen\u003C\u002Fli>\n\u003Cli>Other features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These to Customization is possible.\u003C\u002Fp>\n\u003Ch3>日本語でのご説明\u003C\u002Fh3>\n\u003Cp>このプラグインは、管理画面UIのカスタマイズをするプラグインです。\u003Cbr \u002F>\n「ダッシュボード」「オプションタブ」「サイトのメタタグ管理」「管理バー」「管理メニュー」「メタボックス」「ログイン画面」\u003Cbr \u002F>\nこれらのカスタマイズを、このプラグインひとつで出来ます。\u003C\u002Fp>\n","Customize the management screen UI.",30000,390623,59,"2024-11-20T02:52:00.000Z","4.9.29","4.2",[17,52,53,18,19],"option","page","http:\u002F\u002Fwpadminuicustomize.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-admin-ui-customize.1.5.14.zip",91,2,"2024-11-26 00:00:00","2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":14,"tags":75,"homepage":79,"download_link":80,"security_score":34,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":59},"lh-archived-post-status","LH Archived Post Status","3.11","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin allows you to archive your WordPress content similar to the way you archive your e-mail. Unlike other archiving solutions though this actually does it all and does it properly\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Makes a new post status available in the drop down called Archived\u003C\u002Fli>\n\u003Cli>Hides or removes your content without having to trash the content\u003C\u002Fli>\n\u003Cli>Content can either be hidden entirely from public view  or simply from the main loop and feed and pages, with other solutions you can only hide it from public view.\u003C\u002Fli>\n\u003Cli>Allows you to add a label to the title of those posts\u002Fpages etc that are archived\u003C\u002Fli>\n\u003Cli>Allows you to add a message to the top of the post\u002Fpage etc that the content is no longer up too date\u003C\u002Fli>\n\u003Cli>Allows you to set an archiving date after which content is automatically changed to having an archived status\u003C\u002Fli>\n\u003Cli>Compatible with posts, pages and custom post types\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is ideal for sites where certain kinds of content is not meant to be evergreen\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-archived-post-status\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-archived-post-status\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Allows posts and pages to be archived so you can remove content from the main loop and feed without having to trash it.",4000,50462,82,18,"2024-10-16T05:00:00.000Z","6.6.5","5.0",[17,76,19,77,78],"pages","status","workflow","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-archived-post-status\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-archived-post-status.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":68,"downloaded":89,"rating":24,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":13,"last_vuln_date":104,"fetched_at":59},"statify-widget","Statify Widget","1.4.9","Finn Dohrn","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitnulleins\u002F","\u003Cp>The \u003Cem>Statify Widget\u003C\u002Fem> shows the most popular content from the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstatify\u002F\" rel=\"ugc\">Statify\u003C\u002Fa> plugin, which collects statistics in compliance with data protection regulations. Fast and clear!\u003C\u002Fp>\n\u003Ch4>What is Statify?\u003C\u002Fh4>\n\u003Cp>Statify is a plugin for visitor statistics with emphasis on privacy, transparency and clarity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: This widget only works with the main plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstatify\u002F\" rel=\"ugc\">Statify\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Popular Posts\u003C\u002Fstrong>: Sum up all view from Statify and put it together in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes\u003C\u002Fstrong>: The counter for each post\u002Fpage can be put everywhere\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Types\u003C\u002Fstrong>: Statify Widget supports custom post types, that can be displayed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent summary\u003C\u002Fstrong>: Once there are different paths to a content, the widget adds them together \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Period Selectable\u003C\u002Fstrong>: It is possible to choose an individual daily period for the post popular content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Widget Template\u003C\u002Fstrong>: You can add individual post\u002Fpage paramater to widget template (see FAQ)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New: Customize cache time\u003C\u002Fstrong>: Change default 4 minutes cache time to another value! (see FAQ)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>The shortcode \u003Ccode>[statify-count]\u003C\u002Fcode> can be used to display calls to the current post or page. With the options “prefix” and “suffix” displayed texts can be checked before (prefix) and after (suffix) the calls:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[statify-count prefix=\"Total \" suffix=\" calls.\" days=\"8\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Parameter:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>prefix\u003C\u002Fcode> Sentence before views\u003C\u002Fli>\n\u003Cli>\u003Ccode>suffix\u003C\u002Fcode> Sentence after views\u003C\u002Fli>\n\u003Cli>\u003Ccode>days\u003C\u002Fcode> Inteval for view statistics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Result: A total of 243 views.\u003C\u002Fp>\n\u003Ch4>Widget Settings\u003C\u002Fh4>\n\u003Cp>The following settings can be made in the widget:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Content Type (Default: post )\u003C\u002Fli>\n\u003Cli>Category (when content type post is select)\u003C\u002Fli>\n\u003Cli>Amount of entries (default: 5)\u003C\u002Fli>\n\u003Cli>Show views (default: No)\u003C\u002Fli>\n\u003Cli>Custom text (Replace variable for views: %VIEWS%)\u003C\u002Fli>\n\u003Cli>Number of past days (0 days = all statistics)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Friendly questions about the widget I like to answer under \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstatify-widget\u002F\" rel=\"ugc\">Support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you like my work and want to support \u003Cem>me\u003C\u002Fem>, feel free to \u003Ca href=\"https:\u002F\u002Fde.wordpress.org\u002Fplugins\u002Fstatify-widget\u002F#reviews\" rel=\"nofollow ugc\">rate\u003C\u002Fa> this plugin!\u003C\u002Fp>\n\u003Ch4>Author\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Finn Dohrn\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.bit01.de\" rel=\"nofollow ugc\">Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Data privacy conform widget for list popular content (pages, posts, custom post types) – based on Statify plugin.",77143,5,"2026-01-25T09:39:00.000Z","6.9.4","4.6","5.2.4",[96,97,20,98,99],"analytics","popular-posts","statistics","widget","http:\u002F\u002Fwww.bit01.de\u002Fblog\u002Fstatify-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatify-widget.zip",99,1,"2025-08-22 00:00:00",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":57,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":126,"download_link":127,"security_score":102,"vuln_count":103,"unpatched_count":13,"last_vuln_date":128,"fetched_at":59},"duplica","Duplica – Duplicate Posts, Pages, Custom Posts or Users","0.16","Codexpert, Inc","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodexpert\u002F","\u003Cp>Duplica allows you to duplicate posts, pages or custom posts to the same or different post types.\u003C\u002Fp>\n\u003Cp>Post meta data and associated taxonomy terms will be copied as well.\u003C\u002Fp>\n\u003Ch3>Supported post types\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Post\u003C\u002Fli>\n\u003Cli>Page\u003C\u002Fli>\n\u003Cli>WooCommerce Product\u003C\u002Fli>\n\u003Cli>EDD Download\u003C\u002Fli>\n\u003Cli>more in the queue\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>User clone\u003C\u002Fh3>\n\u003Cp>From version 0.2, you can now duplicate users too, with userdata, metadata and user role(s).\u003C\u002Fp>\n\u003Cp>For more, \u003Ca href=\"https:\u002F\u002Fpluggable.io\u002Fplugin\u002Fduplica\" rel=\"nofollow ugc\">https:\u002F\u002Fpluggable.io\u002Fplugin\u002Fduplica\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fcodexpert\u002F#content-plugins\" rel=\"nofollow ugc\">Explore More Plugins\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Discover our wide range of plugins and extensions that might be just what you’re looking for. Check out our other plugins here:\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Feasycommerce.dev\" rel=\"nofollow ugc\">🔥 EasyCommerce\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>EasyCommerce is a WordPress plugin that transforms your website into a full-featured e-commerce platform. It offers intuitive product and order management, a drag-and-drop builder for easy store customization, and supports various payment gateways like PayPal and Stripe. Features include abandoned cart recovery, flexible shipping options, and coupon management. Compatible with popular themes, EasyCommerce provides a seamless, secure, and scalable solution for online retailers.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoolementor\u002F\" rel=\"ugc\">🔥 CoDesigner\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Crafting stunning WooCommerce sites with Elementor has never been easy!  CoDesigner (formerly WooLementor) makes it easy to design beautiful WooCommerce sites with Elementor, even without coding. Its intuitive drag-and-drop interface allows you to customize shop pages, filters, checkout, and more, quickly achieving a professional look. With 94+ widgets, 14+ modules, and 150+ templates, CoDesigner lets you tailor your site to increase engagement, conversions, and customer retention. Its features include AJAX-based filters, customizable email templates, variation swatches, flash sale timers, and a streamlined checkout. Compatible with top WordPress themes, CoDesigner offers comprehensive support and tools to elevate your WooCommerce store.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-sizes\u002F\" rel=\"ugc\">🔥 ThumbPress\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Meet ThumbPress, the ultimate WordPress image management solution! Effortlessly manage all your images and thumbnails with ThumbPress, the powerful WordPress plugin for image optimization and control. With features like disabling unwanted thumbnail sizes, regenerating thumbnails, limiting image upload size and resolution, and converting images to WebP, ThumbPress keeps your site running fast and saves server space. The Pro version also offers advanced tools to detect large and unused images, compress images, replace images, and even edit them directly on the dashboard. ThumbPress is your all-in-one solution for streamlined, secure, and efficient WordPress image management.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-affiliate\u002F\" rel=\"ugc\">🔥 WC Affiliate\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Looking to launch an affiliate program for your WooCommerce store? WC Affiliate is the perfect solution to get started without a developer! This plugin is designed to seamlessly integrate with WooCommerce, offering features like referral tracking, real-time reporting, unlimited affiliates, and automated payouts through PayPal and Stripe. Customize commissions, build banners, create short links, and enable cross-domain cookie sharing for maximum reach. Translation-ready and user-friendly, WC Affiliate provides a fully customizable dashboard and exportable data. Experience its full potential with a live demo and join a community of users to boost your sales growth!\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcf7-submissions\u002F\" rel=\"ugc\">🔥 CF7 Submissions\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Meet CF7 Submissions, the essential plugin for securely storing and managing Contact Form 7 submissions right in your WordPress dashboard. Say goodbye to lost or misplaced emails! Each user submission and file attachment is safely saved in your database for easy access anytime. With features like seamless Contact Form 7 integration, advanced search, read\u002Funread status, and bulk actions, CF7 Submissions helps you stay organized. Respond directly to users from your dashboard and keep your submissions tidy. Get CF7 Submissions today for reliable, convenient, and secure contact form management!\u003C\u002Fp>\n","Duplicate posts, pages or custom posts with a single click.",2000,29422,90,"2025-06-03T15:43:00.000Z","6.8.5","6.0","7.4",[121,122,123,124,125],"clone","duplicate","duplicate-post-types","duplicate-posts","duplicate-users","https:\u002F\u002Fpluggable.io\u002Fplugin\u002Fduplica","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplica.0.16.zip","2024-07-18 08:55:46",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":113,"downloaded":137,"rating":138,"num_ratings":90,"last_updated":139,"tested_up_to":140,"requires_at_least":141,"requires_php":14,"tags":142,"homepage":144,"download_link":145,"security_score":146,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":59},"hifi","HiFi (Head Injection, Foot Injection)","1.0.1","farinspace","https:\u002F\u002Fprofiles.wordpress.org\u002Ffarinspace\u002F","\u003Cp>HiFi is a head injection and foot injection plugin (or head include, foot include, head insert, foot insert, what ever you want to call it). It basically allows you to inject \u003Ccode>\u003Cscript>\u003C\u002Fcode>, \u003Ccode>\u003Cstyle>\u003C\u002Fcode>, \u003Ccode>\u003Cmeta>\u003C\u002Fcode> and any other code you want into the head and foot areas of your posts and pages. The code injected is page-specific, this means that only the pages you want code inserted into will be affected.\u003C\u002Fp>\n\u003Cp>This plugin is most useful when you have specific functionality that needs to be added on a per-post\u002Fpage basis.\u003C\u002Fp>\n","HiFi is a head and foot injection plugin. It allows you to inject code into the head and foot areas of your posts and pages on a per-page basis.",29744,96,"2010-12-01T20:47:00.000Z","3.0.5","2.9.2",[17,143,53,18,19],"head","http:\u002F\u002Ffarinspace.com\u002F2010\u002F03\u002Fwordpress-hifi-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhifi.1.0.1.zip",85,{"attackSurface":148,"codeSignals":194,"taintFlows":238,"riskAssessment":339,"analyzedAt":347},{"hooks":149,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":193,"entryPointCount":13,"unprotectedCount":13},[150,156,159,162,166,171,175,179,183,186],{"type":151,"name":152,"callback":153,"file":154,"line":155},"action","admin_menu","fl_add_pages","wp-flock.php",55,{"type":151,"name":157,"callback":158,"file":154,"line":47},"show_user_profile","fl_user_groups",{"type":151,"name":160,"callback":158,"file":154,"line":161},"edit_user_profile",60,{"type":151,"name":163,"callback":164,"file":154,"line":165},"profile_update","fl_update_groups",61,{"type":167,"name":168,"callback":169,"file":154,"line":170},"filter","status_save_pre","fl_status_save",67,{"type":167,"name":172,"callback":173,"priority":11,"file":154,"line":174},"user_has_cap","fl_has_cap",68,{"type":167,"name":176,"callback":177,"file":154,"line":178},"query","fl_query",69,{"type":167,"name":180,"callback":181,"file":154,"line":182},"the_content_rss","fl_content_rss",71,{"type":167,"name":184,"callback":181,"file":154,"line":185},"the_excerpt_rss",72,{"type":151,"name":187,"callback":188,"priority":103,"file":154,"line":189},"save_post","fl_save",76,[],[],[],[],{"dangerousFunctions":195,"sqlUsage":196,"outputEscaping":214,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":30,"bundledLibraries":237},[],{"prepared":197,"raw":90,"locations":198},20,[199,203,206,208,212],{"file":200,"line":201,"context":202},"flconfig.php",114,"$wpdb->get_results() with variable interpolation",{"file":200,"line":204,"context":205},162,"$wpdb->get_row() with variable interpolation",{"file":200,"line":207,"context":202},197,{"file":209,"line":210,"context":211},"flinstall.php",13,"$wpdb->get_var() with variable interpolation",{"file":209,"line":213,"context":211},25,{"escaped":13,"rawEcho":215,"locations":216},12,[217,219,221,223,225,227,229,231,232,233,235,236],{"file":200,"line":56,"context":218},"raw output",{"file":200,"line":220,"context":218},126,{"file":200,"line":222,"context":218},138,{"file":200,"line":224,"context":218},165,{"file":200,"line":226,"context":218},171,{"file":200,"line":228,"context":218},176,{"file":200,"line":230,"context":218},211,{"file":200,"line":230,"context":218},{"file":200,"line":230,"context":218},{"file":200,"line":234,"context":218},238,{"file":200,"line":234,"context":218},{"file":200,"line":234,"context":218},[],[239,267,310,331],{"entryPoint":240,"graph":241,"unsanitizedCount":13,"severity":266},"fl_user_groups (flconfig.php:219)",{"nodes":242,"edges":262},[243,248,254,258],{"id":244,"type":245,"label":246,"file":200,"line":247},"n0","source","$_GET['user_id']",232,{"id":249,"type":250,"label":251,"file":200,"line":252,"wp_function":253},"n1","sink","get_results() [SQLi]",229,"get_results",{"id":255,"type":245,"label":256,"file":200,"line":257},"n2","$_GET",237,{"id":259,"type":250,"label":260,"file":200,"line":234,"wp_function":261},"n3","echo() [XSS]","echo",[263,265],{"from":244,"to":249,"sanitized":264},true,{"from":255,"to":259,"sanitized":264},"low",{"entryPoint":268,"graph":269,"unsanitizedCount":13,"severity":266},"\u003Cflconfig> (flconfig.php:0)",{"nodes":270,"edges":303},[271,274,277,279,280,283,287,290,292,296,299,301],{"id":244,"type":245,"label":272,"file":200,"line":273},"$_POST['fl_gname'] (x2)",48,{"id":249,"type":250,"label":275,"file":200,"line":276,"wp_function":176},"query() [SQLi]",46,{"id":255,"type":245,"label":278,"file":200,"line":56},"$_SERVER['REQUEST_URI'] (x3)",{"id":259,"type":250,"label":260,"file":200,"line":56,"wp_function":261},{"id":281,"type":245,"label":282,"file":200,"line":204},"n4","$_GET['gID']",{"id":284,"type":250,"label":285,"file":200,"line":204,"wp_function":286},"n5","get_row() [SQLi]","get_row",{"id":288,"type":245,"label":289,"file":200,"line":204},"n6","$_GET (x7)",{"id":291,"type":250,"label":260,"file":200,"line":226,"wp_function":261},"n7",{"id":293,"type":245,"label":294,"file":200,"line":295},"n8","$_GET['post']",205,{"id":297,"type":250,"label":251,"file":200,"line":298,"wp_function":253},"n9",202,{"id":300,"type":245,"label":246,"file":200,"line":247},"n10",{"id":302,"type":250,"label":251,"file":200,"line":252,"wp_function":253},"n11",[304,305,306,307,308,309],{"from":244,"to":249,"sanitized":264},{"from":255,"to":259,"sanitized":264},{"from":281,"to":284,"sanitized":264},{"from":288,"to":291,"sanitized":264},{"from":293,"to":297,"sanitized":264},{"from":300,"to":302,"sanitized":264},{"entryPoint":311,"graph":312,"unsanitizedCount":329,"severity":330},"fl_display_options (flconfig.php:18)",{"nodes":313,"edges":323},[314,315,316,317,318,319,320,322],{"id":244,"type":245,"label":272,"file":200,"line":273},{"id":249,"type":250,"label":275,"file":200,"line":276,"wp_function":176},{"id":255,"type":245,"label":278,"file":200,"line":56},{"id":259,"type":250,"label":260,"file":200,"line":56,"wp_function":261},{"id":281,"type":245,"label":282,"file":200,"line":204},{"id":284,"type":250,"label":285,"file":200,"line":204,"wp_function":286},{"id":288,"type":245,"label":321,"file":200,"line":204},"$_GET (x2)",{"id":291,"type":250,"label":260,"file":200,"line":226,"wp_function":261},[324,326,327,328],{"from":244,"to":249,"sanitized":325},false,{"from":255,"to":259,"sanitized":325},{"from":281,"to":284,"sanitized":325},{"from":288,"to":291,"sanitized":325},8,"high",{"entryPoint":332,"graph":333,"unsanitizedCount":103,"severity":330},"fl_post_advanced (flconfig.php:194)",{"nodes":334,"edges":337},[335,336],{"id":244,"type":245,"label":294,"file":200,"line":295},{"id":249,"type":250,"label":251,"file":200,"line":298,"wp_function":253},[338],{"from":244,"to":249,"sanitized":325},{"summary":340,"deductions":341},"The wp-flock v0.1.1 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by having no known vulnerabilities (CVEs) and a seemingly small attack surface with zero exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication.  The presence of capability checks on 3 occasions is also a positive sign. However, significant concerns arise from the static analysis. The complete lack of output escaping (0% properly escaped) is a critical vulnerability, opening the door to Cross-Site Scripting (XSS) attacks. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for insecure file operations or data manipulation if these paths are exposed. The presence of SQL queries, while mostly prepared, still warrants attention due to the potential for improper handling in the un-prepared portion.",[342,344,346],{"reason":343,"points":329},"Unescaped output",{"reason":345,"points":215},"High severity taint flow with unsanitized path",{"reason":345,"points":215},"2026-03-16T23:22:04.561Z",{"wat":349,"direct":355},{"assetPaths":350,"generatorPatterns":352,"scriptPaths":353,"versionParams":354},[351],"\u002Fwp-content\u002Fplugins\u002Fwp-flock\u002Fflconfig.php",[],[],[],{"cssClasses":356,"htmlComments":358,"htmlAttributes":359,"restEndpoints":364,"jsGlobals":365,"shortcodeOutput":366},[357],"wrap",[],[360,361,362,363],"name=\"fl_gname\"","id=\"fl_gname\"","name=\"fl_ljmask\"","id=\"fl_ljmask\"",[],[],[]]