[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDMyS9C8cfBxTAjaSGmHRpXiMxdtdxMcWqmHDOpxTFCo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":138,"fingerprints":772},"wp-monsters","WP Monsters","1.3.4","gwannon","https:\u002F\u002Fprofiles.wordpress.org\u002Fgwannon\u002F","\u003Cp>WP Monsters allows to the bloggers to publish in a easy way their Pathfinder RPG home-brew monsters, weapons, spells, cities, magic items and feats in their WordPress blogs. You can use shortcodes to insert the monster in any site of your web.\u003C\u002Fp>\n\u003Ch3>Copyrights\u003C\u002Fh3>\n\u003Cp>This plugins uses trademarks and\u002For copyrights owned by Paizo Inc., which are used under Paizo’s Community Use Policy. We are expressly prohibited from charging you to use or access this content. This plugins is not published, endorsed, or specifically approved by Paizo Inc. For more information about Paizo’s Community Use Policy, please visit paizo.com\u002Fcommunityuse. For more information about Paizo Inc. and Paizo products, please visit paizo.com.\u003C\u002Fp>\n\u003Cp>Icons http:\u002F\u002F7soul1.deviantart.com\u002Fart\u002F420-Pixel-Art-Icons-for-RPG-129892453 by http:\u002F\u002F7soul1.deviantart.com\u002F\u003Cbr \u002F>\nCreative Commons http:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby\u002F3.0\u002F\u003C\u002Fp>\n\u003Ch3>Translations included\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Français (French) by Thierry Pillot \u003C\u002Fli>\n\u003Cli>Deutsch (German) by http:\u002F\u002Fnerdig-by-nature.de\u002F\u003C\u002Fli>\n\u003Cli>Castellano (Spanish)\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Monsters allows to the bloggers to publish in a easy way their Pathfinder RPG home-brew monsters, weapons, spells, feats, ... in their blogs.",10,2000,100,2,"2015-05-06T06:10:00.000Z","4.2.39","4.0.0","",[20,21,22,23,24],"monsters","pathfinder","role-playing-games","rpg","spells","http:\u002F\u002Fblog.gwannon.com\u002Fwp-monsters\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-monsters.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T06:47:56.524Z",[38,59,80,100,120],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":34,"downloaded":46,"rating":47,"num_ratings":14,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":18,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"rgpd-fields-registration-form","RGPD Fields Registration Form","0.1","Rubén Alonso","https:\u002F\u002Fprofiles.wordpress.org\u002Frubenalonsoes\u002F","\u003Ch4>RGPD Fields Registration Form: making easy your GDPR adaptation\u003C\u002Fh4>\n\u003Cp>This plugin has been created by \u003Ca href=\"https:\u002F\u002Fmiposicionamientoweb.es\u002F\" title=\"Mi Posicionamiento Web\" rel=\"nofollow ugc\">Mi Posicionamiento Web\u003C\u002Fa> to \u003Cstrong>facilitate\u003C\u002Fstrong> the task of having to add a series of fields in the WordPress registration form for legal adaptation to the General Data Protection Regulations (GDPR).\u003C\u002Fp>\n\u003Cp>These fields are mainly:\u003Cbr \u002F>\n– A check to confirm acceptance of the privacy policy with a link to it.\u003Cbr \u002F>\n– An optional field to explain details related to the purpose of the registration form.\u003Cbr \u002F>\n– Several fields to give basic information about the person responsible for the data to be stored, its purpose, the rights the user has over his data, etc.\u003C\u002Fp>\n\u003Cp>One of the most important features of RGPD Fields Registration Form is that when adapting the WordPress registration form it also conforms to the registration forms of third party plugins such as \u003Cstrong>LearnDash LMS\u003C\u002Fstrong>, the plugin for creating an online course platform in WordPress.\u003C\u002Fp>\n\u003Ch4>How to Use\u003C\u002Fh4>\n\u003Cp>Once the Plugin is activated, you only have to go to the Plugin page, where you can go from the main WordPress menu, and fill in the different fields related to the legal adaptation of the registration form. That’s all!\u003C\u002Fp>\n","With this plugin you can add some extra fields on your default registration form of WordPress to adapt it to the GDPR.",1740,60,"2020-09-17T20:22:00.000Z","5.4.19","5.1","7.1",[53,54,55,56,57],"forms","learndash","privacy","registration","rpgd","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frgpd-fields-registration-form.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":18,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":77,"download_link":78,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":79},"mushraider-bridge","MushRaider Bridge","1.0.6","mushtitude","https:\u002F\u002Fprofiles.wordpress.org\u002Fmushtitude\u002F","\u003Cp>MushRaider Bridge allows you to integrate MushRaider into wordpress. MushRaider is a powerful raid planner mainly designed for MMORPG players and guilds.\u003C\u002Fp>\n\u003Ch4>Features list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Connect to MushRaider using wordpress login\u003C\u002Fli>\n\u003Cli>Configurable roles mapping\u003C\u002Fli>\n\u003Cli>Widget displaying incoming events\u003C\u002Fli>\n\u003Cli>Shortcode to display your roster (using [mushraider_roster game=”{optional game id from MushRaider}”])\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widget\u003C\u002Fh4>\n\u003Cp>In the Appearance -> Widgets you’ll find the MushRaider bridge widget. After adding it to your sidebar you can enter a title for the Widget, select a game (optional) and a period for the incoming events to display.\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Display your roster in your pages or posts with this shortcode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[mushraider_roster]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Which is the simplest option, and uses all default and optional settings. If you want to display the roster for a specific game you can add the option “game” with the game_id. Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[mushraider_roster  game=\"1\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Related Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fmushraider.com\u002F\" title=\"Learn more about MushRaider raid planner\" rel=\"nofollow ugc\">Official website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fforum.raidhead.com\u002F\" title=\"Use this for support and feature requests\" rel=\"nofollow ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fst3ph\u002Fmushraider\" title=\"Get access to the source code\" rel=\"nofollow ugc\">GitHub MushRaider\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","MushRaider Bridge is a plugin to integrate MushRaider raid planner into wordpress",3804,3,"4.6.30","3.0",[72,73,74,75,76],"bridge","mmorpg","mushraider","raid","raid-planner","http:\u002F\u002Fmushraider.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmushraider-bridge.1.0.6.zip","2026-03-15T10:48:56.248Z",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":89,"num_ratings":33,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":98,"download_link":99,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"roller","Roller","1.0","Scott Grant","https:\u002F\u002Fprofiles.wordpress.org\u002Fsgrant\u002F","\u003Cp>Want to set up custom character sheets on your WordPress installation? Need a dice rolling app with standard (or non-standard) dice? This collection of shortcodes makes it easy to add random dice rolls to your page.\u003C\u002Fp>\n\u003Cp>In addition to the dice, you can define lists in the administration panel–things like names, professions, and locations–and can choose elements at random using a single shortcode.\u003C\u002Fp>\n\u003Cp>And you want to build conditional logic based on those results? Want to set skill variables based on the random profession chosen? Store results in variables and use conditional logic to modify state as you need it.\u003C\u002Fp>\n\u003Cp>Shortcodes included:\u003C\u002Fp>\n\u003Cp>Roll some dice: [roller 3d6]\u003C\u002Fp>\n\u003Cp>Save dice rolls as variables: [roller 3d6 var=str]\u003C\u002Fp>\n\u003Cp>Display a variable’s value: [roller_var str]\u003C\u002Fp>\n\u003Cp>Equations: [roller 3d6 var=pow] [roller_exp pow*5 var=san]\u003C\u002Fp>\n\u003Cp>Random list elements: [roller_choose var=gender list=gender]\u003C\u002Fp>\n\u003Cp>Conditionals: [roller_if gender=Female][roller_choose var=first_name list=first_name_female][\u002Froller_if]\u003C\u002Fp>\n","WordPress plugin for dice rolling, random lists, and conditional variables.",1883,20,"2015-09-09T12:42:00.000Z","4.3.34","4.0",[94,95,96,97,23],"dice","dungeons-and-dragons","role-playing","rolling","http:\u002F\u002Fnpc.today\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Froller.1.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":11,"downloaded":108,"rating":13,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":118,"download_link":119,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wordquest","WordQuest","1.1","ianfhunter","https:\u002F\u002Fprofiles.wordpress.org\u002Fianfhunter\u002F","\u003Cp>What feature is WordPress severely lacking? Goblins. Dragons. This plugin is here to fix that.\u003C\u002Fp>\n\u003Cp>Earn experience as you blog. Watch your avatar slowly grow in power with every post.\u003C\u002Fp>\n\u003Cp>Complete quests to earn bonus experience by writing about selected categories.\u003C\u002Fp>\n\u003Cp>See the visual changes to your avatar as you level up.\u003C\u002Fp>\n\u003Cp>Your hero changes class according to your posting style!\u003C\u002Fp>\n\u003Cp>OpenSource – Add your own activities for your hero. https:\u002F\u002Fgithub.com\u002Fianfhunter\u002FWordQuest\u003C\u002Fp>\n\u003Ch3>Image Attributions\u003C\u002Fh3>\n\u003Cp>Hero Sprites: http:\u002F\u002Funtamed.wild-refuge.net\u002Frmxpresources.php?characters\u003C\u002Fp>\n","What feature is WordPress severely lacking? Goblins. Dragons. Earn experience as you blog. Watch your avatar slowly grow in power with every post.",1963,4,"2014-05-07T11:54:00.000Z","3.9.40","3.0.1",[114,115,116,117,23],"game","incentive","posts","role-playing-game","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordquest\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordquest.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":28,"downloaded":128,"rating":28,"num_ratings":28,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":18,"download_link":137,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"blogon-quest","BLOGON QUEST","1.0.0","PRESSMAN","https:\u002F\u002Fprofiles.wordpress.org\u002Fpressmaninc\u002F","\u003Cp>This plugin changes your boring writing days to exciting RPG life.\u003C\u002Fp>\n\u003Cp>This plugin sets a ‘status’ for all users who have permission to publish articles.\u003C\u002Fp>\n\u003Cp>Your status scores will increase according to the achievements of the articles you posted.\u003C\u002Fp>\n\u003Cp>The achievements include the total number of PVs, the number of times an article was read for the first time on your blog, and etc.\u003C\u002Fp>\n","This plugin changes your boring writing days to exciting RPG life.",7031,"2021-05-11T02:14:00.000Z","5.7.15","4.9","5.6",[134,135,114,136,23],"beginner","fun","games","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblogon-quest.1.0.1.zip",{"attackSurface":139,"codeSignals":483,"taintFlows":721,"riskAssessment":758,"analyzedAt":771},{"hooks":140,"ajaxHandlers":451,"restRoutes":452,"shortcodes":453,"cronEvents":481,"entryPointCount":482,"unprotectedCount":28},[141,147,151,154,159,162,165,169,172,176,179,182,185,188,192,196,200,204,207,209,211,212,214,216,218,221,225,229,232,235,238,240,242,243,245,247,249,252,256,260,263,266,270,273,276,279,281,284,287,290,292,294,297,300,303,306,309,312,315,318,321,325,329,332,335,340,344,347,350,353,355,358,361,364,367,371,374,377,380,383,385,387,389,391,394,397,400,403,406,410,414,417,420,423,425,427,428,430,432,434,437,441,445,448],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","init","wp_monsters_init_templates","templates.php",89,{"type":142,"name":143,"callback":148,"file":149,"line":150},"wp_cities_create_post_type","wp-cities.php",16,{"type":142,"name":143,"callback":152,"file":149,"line":153},"wp_cities_create_category",52,{"type":155,"name":156,"callback":157,"priority":33,"file":149,"line":158},"filter","post_link","wp_cities_permalink",81,{"type":155,"name":160,"callback":157,"priority":33,"file":149,"line":161},"post_type_link",82,{"type":142,"name":143,"callback":163,"priority":89,"file":149,"line":164},"wp_cities_flush_rewrite_rules_maybe",99,{"type":142,"name":166,"callback":167,"file":149,"line":168},"add_meta_boxes","wp_cities_add_city_shortcode",117,{"type":142,"name":166,"callback":170,"file":149,"line":171},"wp_cities_add_city_type",134,{"type":142,"name":173,"callback":174,"file":149,"line":175},"save_post","wp_cities_save_city_type",192,{"type":142,"name":166,"callback":177,"file":149,"line":178},"wp_cities_add_city_demographic",203,{"type":142,"name":173,"callback":180,"file":149,"line":181},"wp_cities_save_city_demographic",219,{"type":142,"name":166,"callback":183,"file":149,"line":184},"wp_cities_add_city_marketplace",231,{"type":142,"name":173,"callback":186,"file":149,"line":187},"wp_cities_save_city_marketplace",261,{"type":155,"name":189,"callback":190,"file":149,"line":191},"manage_edit-city_columns","wp_cities_set_columns",270,{"type":142,"name":193,"callback":194,"file":149,"line":195},"manage_city_posts_custom_column","wp_cities_set_columns_info",289,{"type":142,"name":197,"callback":198,"file":149,"line":199},"restrict_manage_posts","wp_cities_restrict",292,{"type":155,"name":201,"callback":202,"file":149,"line":203},"parse_query","wp_cities_term_in_query",301,{"type":142,"name":143,"callback":205,"file":206,"line":150},"wp_feats_create_post_type","wp-feats.php",{"type":142,"name":143,"callback":208,"file":206,"line":153},"wp_feats_create_category",{"type":155,"name":156,"callback":210,"priority":33,"file":206,"line":158},"wp_feats_permalink",{"type":155,"name":160,"callback":210,"priority":33,"file":206,"line":161},{"type":142,"name":143,"callback":213,"priority":89,"file":206,"line":164},"wp_feats_flush_rewrite_rules_maybe",{"type":142,"name":166,"callback":215,"file":206,"line":168},"wp_feats_add_feat_shortcode",{"type":142,"name":166,"callback":217,"file":206,"line":171},"wp_feats_add_feat_type",{"type":142,"name":173,"callback":219,"file":206,"line":220},"wp_feats_save_feat_type",149,{"type":155,"name":222,"callback":223,"file":206,"line":224},"manage_edit-feat_columns","wp_feats_set_columns",158,{"type":142,"name":226,"callback":227,"file":206,"line":228},"manage_feat_posts_custom_column","wp_feats_set_columns_info",177,{"type":142,"name":197,"callback":230,"file":206,"line":231},"wp_feats_restrict",180,{"type":155,"name":201,"callback":233,"file":206,"line":234},"wp_feats_term_in_query",189,{"type":142,"name":143,"callback":236,"file":237,"line":150},"wp_magic_items_create_post_type","wp-magic-items.php",{"type":142,"name":143,"callback":239,"file":237,"line":153},"wp_magic_items_create_category",{"type":155,"name":156,"callback":241,"priority":33,"file":237,"line":158},"wp_magic_items_permalink",{"type":155,"name":160,"callback":241,"priority":33,"file":237,"line":161},{"type":142,"name":143,"callback":244,"priority":89,"file":237,"line":164},"wp_magic_items_flush_rewrite_rules_maybe",{"type":142,"name":166,"callback":246,"file":237,"line":168},"wp_magic_items_add_magic_item_shortcode",{"type":142,"name":166,"callback":248,"file":237,"line":171},"wp_magic_items_add_magic_item_type",{"type":142,"name":173,"callback":250,"file":237,"line":251},"wp_magic_items_save_magic_item_type",170,{"type":155,"name":253,"callback":254,"file":237,"line":255},"manage_edit-magic_item_columns","wp_magic_items_set_columns",179,{"type":142,"name":257,"callback":258,"file":237,"line":259},"manage_magic_item_posts_custom_column","wp_magic_items_set_columns_info",198,{"type":142,"name":197,"callback":261,"file":237,"line":262},"wp_magic_items_restrict",201,{"type":155,"name":201,"callback":264,"file":237,"line":265},"wp_magic_items_term_in_query",210,{"type":142,"name":143,"callback":267,"priority":11,"file":268,"line":269},"wp_monsters_init","wp-monsters.php",22,{"type":142,"name":143,"callback":271,"file":268,"line":272},"wp_monsters_create_post_type",37,{"type":142,"name":143,"callback":274,"file":268,"line":275},"wp_monsters_create_category",72,{"type":155,"name":156,"callback":277,"priority":33,"file":268,"line":278},"wp_monsters_permalink",101,{"type":155,"name":160,"callback":277,"priority":33,"file":268,"line":280},102,{"type":142,"name":143,"callback":282,"priority":89,"file":268,"line":283},"wp_monsters_flush_rewrite_rules_maybe",119,{"type":142,"name":166,"callback":285,"file":268,"line":286},"wp_monsters_add_monster_shortcode",137,{"type":142,"name":166,"callback":288,"file":268,"line":289},"wp_monsters_add_monster_type",154,{"type":142,"name":173,"callback":291,"file":268,"line":259},"wp_monsters_save_monster_type",{"type":142,"name":166,"callback":293,"file":268,"line":265},"wp_monsters_add_monster_defense",{"type":142,"name":173,"callback":295,"file":268,"line":296},"wp_monsters_save_monster_defense",251,{"type":142,"name":166,"callback":298,"file":268,"line":299},"wp_monsters_add_monster_offense",263,{"type":142,"name":173,"callback":301,"file":268,"line":302},"wp_monsters_save_monster_offense",310,{"type":142,"name":166,"callback":304,"file":268,"line":305},"wp_monsters_add_monster_stats",322,{"type":142,"name":173,"callback":307,"file":268,"line":308},"wp_monsters_save_monster_stats",364,{"type":142,"name":166,"callback":310,"file":268,"line":311},"wp_monsters_add_monster_ecology",376,{"type":142,"name":173,"callback":313,"file":268,"line":314},"wp_monsters_save_monster_ecology",394,{"type":142,"name":166,"callback":316,"file":268,"line":317},"wp_monsters_add_monster_special_abilities",406,{"type":142,"name":173,"callback":319,"file":268,"line":320},"wp_monsters_save_monster_special_abilities",419,{"type":155,"name":322,"callback":323,"file":268,"line":324},"manage_edit-monster_columns","wp_monsters_set_columns",429,{"type":142,"name":326,"callback":327,"file":268,"line":328},"manage_monster_posts_custom_column","wp_monsters_set_columns_info",451,{"type":142,"name":197,"callback":330,"file":268,"line":331},"wp_monsters_restrict",454,{"type":155,"name":201,"callback":333,"file":268,"line":334},"wp_monsters_term_in_query",463,{"type":155,"name":336,"callback":337,"priority":338,"file":268,"line":339},"the_content","wp_monsters_show_content",17,515,{"type":142,"name":341,"callback":342,"file":268,"line":343},"admin_menu","wp_monsters_admin_menu_item",663,{"type":142,"name":143,"callback":345,"file":346,"line":150},"wp_spells_create_post_type","wp-spells.php",{"type":142,"name":143,"callback":348,"file":346,"line":349},"wp_spells_create_category",50,{"type":155,"name":156,"callback":351,"priority":33,"file":346,"line":352},"wp_spells_permalink",79,{"type":155,"name":160,"callback":351,"priority":33,"file":346,"line":354},80,{"type":142,"name":143,"callback":356,"priority":89,"file":346,"line":357},"wp_spells_flush_rewrite_rules_maybe",97,{"type":142,"name":166,"callback":359,"file":346,"line":360},"wp_spells_add_spell_shortcode",116,{"type":142,"name":166,"callback":362,"file":346,"line":363},"wp_spells_add_spell_type",133,{"type":142,"name":173,"callback":365,"file":346,"line":366},"wp_spells_save_spell_type",182,{"type":155,"name":368,"callback":369,"file":346,"line":370},"manage_edit-spell_columns","wp_spells_set_columns",191,{"type":142,"name":372,"callback":373,"file":346,"line":265},"manage_spell_posts_custom_column","wp_spells_set_columns_info",{"type":142,"name":197,"callback":375,"file":346,"line":376},"wp_spells_restrict",213,{"type":155,"name":201,"callback":378,"file":346,"line":379},"wp_spells_term_in_query",222,{"type":142,"name":143,"callback":381,"file":382,"line":150},"wp_traps_create_post_type","wp-traps.php",{"type":142,"name":143,"callback":384,"file":382,"line":153},"wp_traps_create_category",{"type":155,"name":156,"callback":386,"priority":33,"file":382,"line":161},"wp_traps_permalink",{"type":155,"name":160,"callback":386,"priority":33,"file":382,"line":388},83,{"type":142,"name":143,"callback":390,"priority":89,"file":382,"line":13},"wp_traps_flush_rewrite_rules_maybe",{"type":142,"name":166,"callback":392,"file":382,"line":393},"wp_traps_add_trap_shortcode",118,{"type":142,"name":166,"callback":395,"file":382,"line":396},"wp_traps_add_trap_type",135,{"type":142,"name":173,"callback":398,"file":382,"line":399},"wp_traps_save_trap",176,{"type":142,"name":166,"callback":401,"file":382,"line":402},"wp_traps_add_trap_effect",188,{"type":142,"name":173,"callback":404,"file":382,"line":405},"wp_traps_save_trap_effect",229,{"type":155,"name":407,"callback":408,"file":382,"line":409},"manage_edit-trap_columns","wp_traps_set_columns",238,{"type":142,"name":411,"callback":412,"file":382,"line":413},"manage_trap_posts_custom_column","wp_traps_set_columns_info",257,{"type":142,"name":197,"callback":415,"file":382,"line":416},"wp_traps_restrict",260,{"type":155,"name":201,"callback":418,"file":382,"line":419},"wp_traps_term_in_query",269,{"type":142,"name":143,"callback":421,"file":422,"line":150},"wp_weapons_create_post_type","wp-weapons.php",{"type":142,"name":143,"callback":424,"file":422,"line":153},"wp_weapons_create_category",{"type":155,"name":156,"callback":426,"priority":33,"file":422,"line":158},"wp_weapons_permalink",{"type":155,"name":160,"callback":426,"priority":33,"file":422,"line":161},{"type":142,"name":143,"callback":429,"priority":89,"file":422,"line":164},"wp_weapons_flush_rewrite_rules_maybe",{"type":142,"name":166,"callback":431,"file":422,"line":168},"wp_weapons_add_weapon_shortcode",{"type":142,"name":166,"callback":433,"file":422,"line":171},"wp_weapons_add_weapon_type",{"type":142,"name":173,"callback":435,"file":422,"line":436},"wp_weapons_save_weapon",216,{"type":155,"name":438,"callback":439,"file":422,"line":440},"manage_edit-weapon_columns","wp_weapons_set_columns",225,{"type":142,"name":442,"callback":443,"file":422,"line":444},"manage_weapon_posts_custom_column","wp_weapons_set_columns_info",244,{"type":142,"name":197,"callback":446,"file":422,"line":447},"wp_weapons_restrict",247,{"type":155,"name":201,"callback":449,"file":422,"line":450},"wp_weapons_term_in_query",256,[],[],[454,458,461,465,469,473,477],{"tag":455,"callback":456,"file":149,"line":457},"city","city_shortcode",410,{"tag":459,"callback":460,"file":206,"line":181},"feat","feat_shortcode",{"tag":462,"callback":463,"file":237,"line":464},"magic_item","magic_item_shortcode",275,{"tag":466,"callback":467,"file":268,"line":468},"monster","monster_shortcode",512,{"tag":470,"callback":471,"file":346,"line":472},"spell","spell_shortcode",296,{"tag":474,"callback":475,"file":382,"line":476},"trap","trap_shortcode",344,{"tag":478,"callback":479,"file":422,"line":480},"weapon","weapon_shortcode",323,[],7,{"dangerousFunctions":484,"sqlUsage":485,"outputEscaping":487,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":720},[],{"prepared":28,"raw":28,"locations":486},[],{"escaped":488,"rawEcho":489,"locations":490},98,143,[491,494,496,497,499,500,502,504,506,508,510,512,514,516,518,519,521,523,524,526,528,529,530,532,533,535,537,539,541,542,544,546,547,549,551,552,554,556,558,560,562,563,564,565,566,567,568,570,571,573,575,576,578,580,582,583,585,587,588,590,592,594,595,597,598,600,601,603,605,607,609,610,612,614,616,618,620,622,624,626,628,630,632,634,636,638,640,642,644,646,648,650,652,654,655,657,659,661,662,664,665,666,667,668,669,670,671,672,673,675,677,679,680,681,682,683,685,686,687,688,690,691,692,694,695,696,697,699,701,702,704,705,706,707,708,709,710,712,713,714,715,716,718],{"file":149,"line":492,"context":493},121,"raw output",{"file":149,"line":495,"context":493},148,{"file":149,"line":495,"context":493},{"file":149,"line":498,"context":493},157,{"file":149,"line":498,"context":493},{"file":149,"line":501,"context":493},164,{"file":149,"line":503,"context":493},165,{"file":149,"line":505,"context":493},166,{"file":149,"line":507,"context":493},167,{"file":149,"line":509,"context":493},168,{"file":149,"line":511,"context":493},169,{"file":149,"line":513,"context":493},172,{"file":149,"line":515,"context":493},173,{"file":149,"line":517,"context":493},209,{"file":149,"line":265,"context":493},{"file":149,"line":520,"context":493},236,{"file":149,"line":522,"context":493},237,{"file":149,"line":409,"context":493},{"file":149,"line":525,"context":493},245,{"file":149,"line":527,"context":493},246,{"file":149,"line":447,"context":493},{"file":149,"line":464,"context":493},{"file":149,"line":531,"context":493},286,{"file":206,"line":492,"context":493},{"file":206,"line":534,"context":493},139,{"file":206,"line":536,"context":493},140,{"file":206,"line":538,"context":493},163,{"file":206,"line":540,"context":493},174,{"file":237,"line":492,"context":493},{"file":237,"line":543,"context":493},142,{"file":237,"line":545,"context":493},147,{"file":237,"line":545,"context":493},{"file":237,"line":548,"context":493},152,{"file":237,"line":550,"context":493},153,{"file":237,"line":289,"context":493},{"file":237,"line":553,"context":493},155,{"file":237,"line":555,"context":493},156,{"file":237,"line":557,"context":493},184,{"file":237,"line":559,"context":493},195,{"file":268,"line":561,"context":493},141,{"file":268,"line":538,"context":493},{"file":268,"line":509,"context":493},{"file":268,"line":509,"context":493},{"file":268,"line":228,"context":493},{"file":268,"line":228,"context":493},{"file":268,"line":366,"context":493},{"file":268,"line":569,"context":493},183,{"file":268,"line":557,"context":493},{"file":268,"line":572,"context":493},185,{"file":268,"line":574,"context":493},215,{"file":268,"line":436,"context":493},{"file":268,"line":577,"context":493},217,{"file":268,"line":579,"context":493},218,{"file":268,"line":581,"context":493},221,{"file":268,"line":379,"context":493},{"file":268,"line":584,"context":493},223,{"file":268,"line":586,"context":493},224,{"file":268,"line":440,"context":493},{"file":268,"line":589,"context":493},226,{"file":268,"line":591,"context":493},227,{"file":268,"line":593,"context":493},228,{"file":268,"line":405,"context":493},{"file":268,"line":596,"context":493},274,{"file":268,"line":464,"context":493},{"file":268,"line":599,"context":493},280,{"file":268,"line":599,"context":493},{"file":268,"line":602,"context":493},285,{"file":268,"line":604,"context":493},287,{"file":268,"line":606,"context":493},288,{"file":268,"line":608,"context":493},290,{"file":268,"line":199,"context":493},{"file":268,"line":611,"context":493},294,{"file":268,"line":613,"context":493},327,{"file":268,"line":615,"context":493},328,{"file":268,"line":617,"context":493},329,{"file":268,"line":619,"context":493},330,{"file":268,"line":621,"context":493},331,{"file":268,"line":623,"context":493},332,{"file":268,"line":625,"context":493},335,{"file":268,"line":627,"context":493},336,{"file":268,"line":629,"context":493},337,{"file":268,"line":631,"context":493},340,{"file":268,"line":633,"context":493},341,{"file":268,"line":635,"context":493},342,{"file":268,"line":637,"context":493},343,{"file":268,"line":639,"context":493},382,{"file":268,"line":641,"context":493},383,{"file":268,"line":643,"context":493},384,{"file":268,"line":645,"context":493},412,{"file":268,"line":647,"context":493},434,{"file":268,"line":649,"context":493},437,{"file":268,"line":651,"context":493},448,{"file":268,"line":653,"context":493},570,{"file":268,"line":653,"context":493},{"file":268,"line":656,"context":493},620,{"file":268,"line":658,"context":493},625,{"file":346,"line":660,"context":493},120,{"file":346,"line":489,"context":493},{"file":346,"line":663,"context":493},144,{"file":346,"line":220,"context":493},{"file":346,"line":220,"context":493},{"file":346,"line":289,"context":493},{"file":346,"line":553,"context":493},{"file":346,"line":555,"context":493},{"file":346,"line":498,"context":493},{"file":346,"line":224,"context":493},{"file":346,"line":538,"context":493},{"file":346,"line":538,"context":493},{"file":346,"line":674,"context":493},196,{"file":346,"line":676,"context":493},207,{"file":382,"line":678,"context":493},122,{"file":382,"line":495,"context":493},{"file":382,"line":495,"context":493},{"file":382,"line":550,"context":493},{"file":382,"line":289,"context":493},{"file":382,"line":684,"context":493},159,{"file":382,"line":684,"context":493},{"file":382,"line":501,"context":493},{"file":382,"line":503,"context":493},{"file":382,"line":689,"context":493},202,{"file":382,"line":689,"context":493},{"file":382,"line":676,"context":493},{"file":382,"line":693,"context":493},212,{"file":382,"line":693,"context":493},{"file":382,"line":577,"context":493},{"file":382,"line":579,"context":493},{"file":382,"line":698,"context":493},243,{"file":382,"line":700,"context":493},254,{"file":422,"line":492,"context":493},{"file":422,"line":703,"context":493},150,{"file":422,"line":703,"context":493},{"file":422,"line":684,"context":493},{"file":422,"line":684,"context":493},{"file":422,"line":501,"context":493},{"file":422,"line":503,"context":493},{"file":422,"line":505,"context":493},{"file":422,"line":711,"context":493},171,{"file":422,"line":711,"context":493},{"file":422,"line":399,"context":493},{"file":422,"line":228,"context":493},{"file":422,"line":259,"context":493},{"file":422,"line":717,"context":493},230,{"file":422,"line":719,"context":493},241,[],[722,747],{"entryPoint":723,"graph":724,"unsanitizedCount":14,"severity":746},"wp_monsters_page_settings (wp-monsters.php:583)",{"nodes":725,"edges":742},[726,731,736,740],{"id":727,"type":728,"label":729,"file":268,"line":730},"n0","source","$_REQUEST['wp_monsters_measures']",588,{"id":732,"type":733,"label":734,"file":268,"line":730,"wp_function":735},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":737,"type":728,"label":738,"file":268,"line":739},"n2","$_REQUEST['template_monster']",590,{"id":741,"type":733,"label":734,"file":268,"line":739,"wp_function":735},"n3",[743,745],{"from":727,"to":732,"sanitized":744},false,{"from":737,"to":741,"sanitized":744},"low",{"entryPoint":748,"graph":749,"unsanitizedCount":14,"severity":746},"\u003Cwp-monsters> (wp-monsters.php:0)",{"nodes":750,"edges":755},[751,752,753,754],{"id":727,"type":728,"label":729,"file":268,"line":730},{"id":732,"type":733,"label":734,"file":268,"line":730,"wp_function":735},{"id":737,"type":728,"label":738,"file":268,"line":739},{"id":741,"type":733,"label":734,"file":268,"line":739,"wp_function":735},[756,757],{"from":727,"to":732,"sanitized":744},{"from":737,"to":741,"sanitized":744},{"summary":759,"deductions":760},"The wp-monsters plugin v1.3.4 exhibits a mixed security posture. On the positive side, it demonstrates strong practices by avoiding dangerous functions, file operations, external HTTP requests, and SQL injection vulnerabilities through the consistent use of prepared statements. The plugin also has no known CVEs, indicating a history of security maturity or limited exposure. However, significant concerns arise from the static analysis. A substantial portion of output (59%) is not properly escaped, presenting a risk of Cross-Site Scripting (XSS) vulnerabilities. While the attack surface is currently small and appears to have no unprotected entry points based on this snapshot, the presence of 7 shortcodes means any future additions or modifications could introduce risks if not handled carefully.\n\nThe taint analysis, while limited in scope, revealed two flows with unsanitized paths. Although these are not classified as critical or high severity, they still represent a potential avenue for malicious input to be processed without proper sanitization, which could lead to unexpected behavior or security issues depending on the context of their use. The complete absence of nonce checks and capability checks across all entry points is a major weakness. This means that authenticated users, and potentially even unauthenticated ones depending on the shortcode implementation, could trigger actions intended for authorized personnel, leading to unauthorized modifications or data breaches.\n\nIn conclusion, while the plugin has strengths in areas like SQL security and a clean CVE history, the high percentage of unescaped output and the complete lack of nonce and capability checks are significant security concerns. These weaknesses introduce a substantial risk of XSS and privilege escalation vulnerabilities. The taint analysis, though minor in severity here, warrants further investigation into the specific unsanitized path flows.",[761,763,765,767,770],{"reason":762,"points":150},"Unescaped output found",{"reason":764,"points":11},"Missing nonce checks",{"reason":766,"points":11},"Missing capability checks",{"reason":768,"points":769},"Taint flow with unsanitized path",5,{"reason":768,"points":769},"2026-03-17T00:25:29.679Z",{"wat":773,"direct":779},{"assetPaths":774,"generatorPatterns":776,"scriptPaths":777,"versionParams":778},[775],"\u002Fwp-content\u002Fplugins\u002Fwp-monsters\u002Fimg\u002Fmonster.png",[],[],[],{"cssClasses":780,"htmlComments":781,"htmlAttributes":782,"restEndpoints":787,"jsGlobals":788,"shortcodeOutput":789},[],[],[783,784,785,786],"name=\"type\"","name=\"alignment\"","name=\"size\"","name=\"cr\"",[],[],[790],"[monster id=\""]