[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZbmEaE4NjOW3s6bQuQYGnejfGZtM3VwHCSPB-KoZXrM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":144,"fingerprints":323},"wp-mega","WP Mega","1.0","Mohammad Nur Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fnur1952\u002F","\u003Cp>WP Mega is a light but powerful plugin that can replace many plugins and make your site securer, faster, and smoother. Core features: Post Views Counter, Insert Header & Footer, Dashboard Access Control, Show or Hide Admin Bar, and so on.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Post \u002F Category Views Counter\u003Cbr \u002F>\n* Login\u002FLogout Redirection\u003Cbr \u002F>\n* Facebook Commenting System\u003Cbr \u002F>\n* Insert Header & Footer\u003Cbr \u002F>\n* Dashboard Access Control\u003Cbr \u002F>\n* Show \u002F Hide Admin Bar\u003Cbr \u002F>\n* Remove Version from Static Resources (CSS\u002FJS)\u003Cbr \u002F>\n* & More Coming Soon\u003C\u002Fp>\n","WP Mega is a light but powerful plugin that can replace many plugins and make your site securer, faster, and smoother. Core features: Post Views Count &hellip;",10,1103,0,"2018-08-14T12:33:00.000Z","4.9.29","3.0","5.0",[19,20,21,22,23],"admin-bar","dashboard","facebook-comment","post-views-counter","views-counter","https:\u002F\u002Fwww.thecodist.co\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mega.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"nur1952",1,30,84,"2026-04-04T21:44:11.805Z",[37,57,81,103,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":33,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":51,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"hide-admin-bar-from-non-admins","Hide Admin Bar from Non-Admins","1.0.2","Andrew Lima","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewza\u002F","\u003Ch3>Install, activate, and you’re done.\u003C\u002Fh3>\n\u003Cp>This plugin hides the WordPress Toolbar (admin bar) for all visitors and users without the ‘administrator’ role. It’s a very simple plugin with no settings to configure.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use this plugin for sites with only one admin who needs access to the dashboard and the admin bar.\u003C\u002Fli>\n\u003Cli>This plugin is super lightweight, with just a few lines of code.\u003C\u002Fli>\n\u003Cli>If you need to show the toolbar for other user roles, use the filter \u003Ccode>habfna_show_admin_bar_roles\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is a tweak of the code by Yoast to hide the admin bar for non-admins only.\u003C\u002Fp>\n","Hides the WordPress toolbar (admin bar) for all non-admin users. Simple plugin with no settings to configure.",10000,237108,86,"2024-11-18T14:39:00.000Z","6.7.5","5.2","",[19,53,20,54],"adminbar","toolbar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-admin-bar-from-non-admins.1.0.2.zip",92,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":32,"unpatched_count":13,"last_vuln_date":80,"fetched_at":28},"admin-bar-dashboard-control","Admin Bar & Dashboard Access Control","1.2.9","Collins Agbonghama","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollizo4sky\u002F","\u003Cp>Simple plugin for disabling admin bar and preventing access to WordPress dashboard based on a user’s roles.\u003C\u002Fp>\n\u003Cp>It is that simple 😀\u003C\u002Fp>\n\u003Ch3>Plugins you will like:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Ffusewp.com\u002F\" rel=\"nofollow ugc\">FuseWP\u003C\u002Fa>\u003C\u002Fstrong>: Connect wordPress to marketing platforms and sync users to your email list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa>\u003C\u002Fstrong>: A simple yet powerful eCommerce and paid membership plugin for accepting one-time and recurring payments and selling subscriptions via Stripe & PayPal, restrict content and control user access. \u003Ca href=\"https:\u002F\u002Fprofilepress.com\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmailoptin.io\u002F\" rel=\"nofollow ugc\">MailOptin\u003C\u002Fa>\u003C\u002Fstrong> – The best WordPress email optin forms, email automation & newsletters plugin in the market.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable admin bar and control users access to WordPress dashboard.",3000,70187,94,18,"2025-12-04T13:26:00.000Z","6.9.4","6.0","5.4",[19,74,75,76,54],"admin-dashboard","disable-admin-bar","disable-toolbar","https:\u002F\u002Fprofilepress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-bar-dashboard-control.1.2.9.zip",100,"2023-10-31 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":70,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":51,"download_link":102,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"role-based-redirect","Role Based Redirect","1.6","Yasar Khalifa","https:\u002F\u002Fprofiles.wordpress.org\u002Fyasirkhalifa\u002F","\u003Cp>Role Based Redirect allows you to customize the login and logout redirection URLs based on user roles. Additionally, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Redirect users after login based on their role.\u003C\u002Fli>\n\u003Cli>Redirect users after logout based on their role.\u003C\u002Fli>\n\u003Cli>Hide the WordPress admin bar for selected user roles.\u003C\u002Fli>\n\u003Cli>Restrict dashboard access by user role.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is useful for membership sites, multi-role websites, or any WordPress setup where you want to provide a tailored user experience.\u003C\u002Fp>\n","Redirect users after login\u002Flogout by role. Optionally hide admin bar and block dashboard access for selected roles.",2000,24663,96,17,"2025-07-18T04:36:00.000Z","4.0","5.6",[97,98,99,100,101],"hide-admin-bar","redirection","restrict-dashboard","role","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frole-based-redirect.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":89,"downloaded":111,"rating":79,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":51,"tags":116,"homepage":120,"download_link":121,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-hide-dashboard","WP Hide Dashboard","2.2.1","Drew Jaynes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrewapicture\u002F","\u003Cp>A simple plugin that removes the Dashboard menu, the Personal Options section and the Help link on the Profile page, hides the Dashboard links in the toolbar menu (if activated), and prevents Dashboard access to users assigned to the \u003Cem>Subscriber\u003C\u002Fem> role. Useful if you allow your subscribers to edit their own profiles, but don’t want them wandering around your WordPress admin section.\u003C\u002Fp>\n\u003Cp>Users belonging to any of the other WordPress roles will continue to see and have access to the other sections of the WordPress admin that correspond to their role’s capabilities.\u003C\u002Fp>\n\u003Cp>WP Hide Dashboard has been tested with WordPress in Single mode and Multisite mode, and works with both of them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: Version 2.2 requires a minimum of WordPress 3.4. If you are running a version less than that, please upgrade your WordPress install before installing or upgrading.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Works With:\u003C\u002Fh4>\n\u003Cp>The following is a list of plugins that work well (no conflicts) with the WP Hide Dashboard plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmembers\u002F\" title=\"Members\" rel=\"ugc\">Members\u003C\u002Fa> by Justin Tadlock\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadmin-bar-minimiser\u002F\" title=\"Admin Bar Minimiser\" rel=\"ugc\">Admin Bar Minimiser\u003C\u002Fa> by David Gwyer\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flogged-out-admin-bar\u002F\" title=\"Logged Out Admin Bar\" rel=\"ugc\">Logged Out Admin Bar\u003C\u002Fa> by Peter Westwood\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Known Conflicts:\u003C\u002Fh4>\n\u003Cp>The following is a list of plugins that are known to have conflicts with the WP Hide Dashboard plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.im-web-gefunden.de\u002Fwordpress-plugins\u002Frole-manager\u002F\" title=\"Role Manager\" rel=\"nofollow ugc\">Role Manager\u003C\u002Fa> (Use the \u003Ca href=\"http:\u002F\u002Fwww.im-web-gefunden.de\u002Fwordpress-plugins\u002Fiwg-hide-dashboard\u002F\" title=\"IWG Hide Dashboard\" rel=\"nofollow ugc\">IWG Hide Dashboard\u003C\u002Fa> plugin to hide the dashboard link.)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frole-scoper\u002F\" title=\"Role Scoper\" rel=\"ugc\">Role Scoper\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ffresh-page\u002F\" title=\"Flutter\" rel=\"ugc\">Flutter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: Please let me know if there are other plugins that conflict with WP Hide Dashboard, and I’ll add them to the list.\u003C\u002Fp>\n\u003Ch4>Support:\u003C\u002Fh4>\n\u003Cp>Support is provided at: http:\u002F\u002Fwphidedash.org\u002F\u003C\u002Fp>\n","Hide the Dashboard menu, Personal Options section and Help link on the Profile page from your subscribers when they are logged in.",175265,20,"2017-11-28T14:44:00.000Z","4.1.0","3.4.0",[117,19,118,20,119],"admin","administration","hide","http:\u002F\u002Fwphidedash.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hide-dashboard.2.2.1.zip",{"slug":123,"name":124,"version":6,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":51,"tags":136,"homepage":142,"download_link":143,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-post-views-counter","Wp Post Views Counter","Ramandeep Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Framandeep000\u002F","\u003Cp>WP Post Views Counter : wordpress Post Views Counter Used to track Post Visit Count ,It Counts both Unique and Returning Visits Using Cookies ,also Comes with a widget which will be rendered in single post.\u003C\u002Fp>\n\u003Cp>Installation Guide:\u003C\u002Fp>\n\u003Cp>1.Upload the  plugin to your blog and just activate it.\u003C\u002Fp>\n\u003Cp>2.Goto your Settings->wp post views counter and then Edit its data as per requirement.\u003C\u002Fp>\n\u003Ch4>Template Tags\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>You can Use Template Tags also to render this Plugin Output.\n\u003C?php wp_get_post_views_counter(); ?> To Print The Count With Text\n\u003C?php wp_get_only_post_views_count(); ?> To Print Only Count\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>More Details & Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Homepage      :   \u003Ca href=\"http:\u002F\u002Fwww.designaeon.com\" rel=\"nofollow ugc\">Latest Web design Tutorials\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support Thread:   \u003Ca href=\"http:\u002F\u002Fdesignaeon.com\u002F2014\u002F07\u002Fwp-post-views-counter\" rel=\"nofollow ugc\">WordPress Post Views Counter\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Fb Page       :   http:\u002F\u002Fwww.facebook.com\u002Fdesignaeon\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Twitter       :   http:\u002F\u002Fwww.twitter.com\u002Fdesignaeon\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Subscribe     :   \u003Ca href=\"http:\u002F\u002Ffeedburner.google.com\u002Ffb\u002Fa\u002Fmailverify?uri=designaeon\" rel=\"nofollow ugc\">Subscribe FREE\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>G+ Page       :   \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F107775935805285788668\" rel=\"nofollow ugc\">Design Aeon On Google Plus\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More Details & Support\u003C\u002Fh3>\n\u003Cp>1.Homepage          http:\u002F\u002Fwww.designaeon.com\u003C\u002Fp>\n\u003Cp>2.Plugin page           http:\u002F\u002Fdesignaeon.com\u002F2014\u002F07\u002Fwp-post-views-counter\u003C\u002Fp>\n\u003Cp>3.Fb Page           http:\u002F\u002Fwww.facebook.com\u002Fdesignaeon\u003C\u002Fp>\n\u003Cp>4.Twitter           http:\u002F\u002Fwww.twitter.com\u002Fdesignaeon\u003C\u002Fp>\n\u003Cp>5.Feeds             http:\u002F\u002Ffeeds.feedburner.com\u002Fdesignaeon\u003C\u002Fp>\n\u003Cp>6.G+ Page           https:\u002F\u002Fplus.google.com\u002F107775935805285788668\u003C\u002Fp>\n","Used to post views for a single post type in wordpress it collects both unique and all returning visits for a single post as a post meta .",40,8452,74,3,"2014-10-21T22:44:00.000Z","4.0.38","3.5",[137,138,139,140,141],"count-single-post-visits","post-visitor-count","unique-post-count-widget","wordpress-counts-visits","wordpress-post-views-counter","http:\u002F\u002Fdesignaeon.com\u002F2014\u002F07\u002Fwp-post-views-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-views-counter.zip",{"attackSurface":145,"codeSignals":241,"taintFlows":278,"riskAssessment":312,"analyzedAt":322},{"hooks":146,"ajaxHandlers":216,"restRoutes":225,"shortcodes":226,"cronEvents":239,"entryPointCount":240,"unprotectedCount":13},[147,153,157,161,164,168,173,176,181,185,187,191,194,196,199,204,206,209,212,214],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","admin_init","register_scripts","inc\\class\\admin\\class-codist-admin-panel.php",11,{"type":148,"name":154,"callback":155,"file":156,"line":152},"admin_menu","add_menu_pages","inc\\class\\admin\\class-wp-mega-admin.php",{"type":148,"name":158,"callback":159,"file":156,"line":160},"admin_footer","footer_content",12,{"type":148,"name":158,"callback":162,"file":156,"line":163},"wp_mega_footer_content",13,{"type":148,"name":165,"callback":166,"file":167,"line":160},"init","control_admin_bar","inc\\class\\class-wp-mega-admin-bar.php",{"type":169,"name":170,"callback":171,"file":167,"line":172},"filter","show_admin_bar","__return_false",24,{"type":148,"name":149,"callback":174,"file":175,"line":152},"control_access","inc\\class\\class-wp-mega-dashboard-access.php",{"type":169,"name":177,"callback":178,"file":179,"line":180},"the_content","show_fb_comment","inc\\class\\class-wp-mega-fb-comment.php",16,{"type":148,"name":182,"callback":183,"file":184,"line":160},"wp_head","header_content","inc\\class\\class-wp-mega-header-footer.php",{"type":148,"name":186,"callback":159,"file":184,"line":163},"wp_footer",{"type":148,"name":188,"callback":189,"file":190,"line":160},"wp_login","login_redirect","inc\\class\\class-wp-mega-log-redirect.php",{"type":148,"name":192,"callback":193,"file":190,"line":163},"wp_logout","logout_redirect",{"type":148,"name":186,"callback":159,"file":190,"line":195},14,{"type":148,"name":165,"callback":197,"file":198,"line":11},"remove_filters","inc\\class\\class-wp-mega-remove-filter.php",{"type":169,"name":200,"callback":201,"priority":202,"file":203,"line":202},"script_loader_src","remove",15,"inc\\class\\class-wp-mega-remove-version.php",{"type":169,"name":205,"callback":201,"priority":202,"file":203,"line":180},"style_loader_src",{"type":148,"name":149,"callback":207,"file":208,"line":11},"reveal_ID","inc\\class\\class-wp-mega-reveal-id.php",{"type":148,"name":186,"callback":210,"file":211,"line":152},"update_counter","inc\\class\\class-wp-mega-views-counter.php",{"type":148,"name":177,"callback":213,"file":211,"line":160},"show_after_post",{"type":148,"name":149,"callback":215,"file":211,"line":195},"add_views_column",[217,224],{"action":218,"nopriv":219,"callback":220,"hasNonce":221,"hasCapCheck":219,"file":222,"line":223},"wp_mega_admin_ajax",false,"ajax",true,"inc\\class\\admin\\class-wp-mega-admin-ajax.php",9,{"action":218,"nopriv":221,"callback":220,"hasNonce":221,"hasCapCheck":219,"file":222,"line":11},[],[227,231,233,235,237],{"tag":228,"callback":229,"file":230,"line":11},"show_post_content","shortcode","inc\\class\\class-wp-mega-spca.php",{"tag":232,"callback":229,"file":230,"line":152},"SPC",{"tag":234,"callback":229,"file":230,"line":160},"spc",{"tag":236,"callback":229,"file":230,"line":163},"spca",{"tag":238,"callback":229,"file":211,"line":163},"simple_views_counter",[],7,{"dangerousFunctions":242,"sqlUsage":243,"outputEscaping":249,"fileOperations":13,"externalRequests":13,"nonceChecks":32,"capabilityChecks":32,"bundledLibraries":277},[],{"prepared":32,"raw":32,"locations":244},[245],{"file":246,"line":247,"context":248},"wp-mega.php",58,"$wpdb->get_results() with variable interpolation",{"escaped":32,"rawEcho":163,"locations":250},[251,254,256,258,260,262,264,266,268,269,271,273,275],{"file":151,"line":252,"context":253},29,"raw output",{"file":151,"line":255,"context":253},98,{"file":151,"line":257,"context":253},99,{"file":151,"line":259,"context":253},130,{"file":151,"line":261,"context":253},204,{"file":156,"line":263,"context":253},34,{"file":156,"line":265,"context":253},111,{"file":184,"line":267,"context":253},19,{"file":184,"line":172,"context":253},{"file":190,"line":270,"context":253},26,{"file":190,"line":272,"context":253},32,{"file":208,"line":274,"context":253},68,{"file":211,"line":276,"context":253},48,[],[279,295],{"entryPoint":280,"graph":281,"unsanitizedCount":32,"severity":294},"footer_content (inc\\class\\class-wp-mega-log-redirect.php:17)",{"nodes":282,"edges":292},[283,287],{"id":284,"type":285,"label":286,"file":190,"line":267},"n0","source","$_GET",{"id":288,"type":289,"label":290,"file":190,"line":270,"wp_function":291},"n1","sink","echo() [XSS]","echo",[293],{"from":284,"to":288,"sanitized":219},"medium",{"entryPoint":296,"graph":297,"unsanitizedCount":132,"severity":294},"\u003Cclass-wp-mega-log-redirect> (inc\\class\\class-wp-mega-log-redirect.php:0)",{"nodes":298,"edges":309},[299,300,301,304],{"id":284,"type":285,"label":286,"file":190,"line":267},{"id":288,"type":289,"label":290,"file":190,"line":270,"wp_function":291},{"id":302,"type":285,"label":303,"file":190,"line":267},"n2","$_GET (x2)",{"id":305,"type":289,"label":306,"file":190,"line":307,"wp_function":308},"n3","wp_redirect() [Open Redirect]",43,"wp_redirect",[310,311],{"from":284,"to":288,"sanitized":219},{"from":302,"to":305,"sanitized":219},{"summary":313,"deductions":314},"The 'wp-mega' v1.0 plugin exhibits a mixed security posture.  On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and the static analysis shows a notable absence of dangerous functions, file operations, and external HTTP requests.  Furthermore, the plugin incorporates nonce and capability checks, which are good practices for securing entry points.  However, the analysis does reveal significant concerns within the code itself.  A concerning 50% of SQL queries are not using prepared statements, posing a risk of SQL injection if user input is not meticulously handled elsewhere.  The output escaping is also very poor, with only 7% of outputs properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.  The taint analysis, while showing no critical or high severity issues, did identify two flows with unsanitized paths, which is a precursor to potential security problems if these paths are exposed to user input without proper sanitization. The lack of historical vulnerabilities could indicate good coding practices or simply a lack of in-depth security auditing over time. Overall, while the plugin avoids some common pitfalls and has a clean vulnerability history, the internal code quality, particularly regarding SQL and output sanitization, presents substantial risks that need immediate attention.",[315,317,319],{"reason":316,"points":11},"SQL queries not using prepared statements",{"reason":318,"points":240},"Low percentage of properly escaped output",{"reason":320,"points":321},"Flows with unsanitized paths",5,"2026-03-17T00:12:11.057Z",{"wat":324,"direct":329},{"assetPaths":325,"generatorPatterns":326,"scriptPaths":327,"versionParams":328},[],[],[],[],{"cssClasses":330,"htmlComments":346,"htmlAttributes":347,"restEndpoints":350,"jsGlobals":351,"shortcodeOutput":354},[331,332,333,334,335,336,337,338,339,340,341,342,343,344,345],"codist-admin-panel-wrap","codist-col-","codist-admin-loading","codist-admin-updated","header-wrap","sidebar-wrap","content-wrap","codist-admin-menu-wrap","active-menu-item","codist_admin_form","label-wrap","value-wrap","widget-wrap","box-center","codist-spinner",[],[348,349],"data-wp-nonce","data-admin-ajax-url",[],[352,353],"_wpnonce","ADMIN_AJAX_URL",[]]