[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8sy6fzTYc0MFPmJhgNzU6nGbJFs6kU-JOUXnUCkc-8E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":15,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":124,"fingerprints":369},"wp-personalizer","WP Personalizer – Personalize your content to your visitor","1.0.0","Teknikforce Ventures","https:\u002F\u002Fprofiles.wordpress.org\u002Fteknikforce\u002F","\u003Cp>WP Personalizer is a plugin that lets you insert different types of personalisations on to your page or your posts.\u003C\u002Fp>\n\u003Ch3>Some of the features are listed here\u003C\u002Fh3>\n\u003Cp>*WP Personalizer is a WordPress plugin that lets you insert different types of personalizations on to your webpage or your posts. Personalizations like browser, country, IP address etc can be added in no time. Customize the data as you desire.\u003C\u002Fp>\n\u003Ch3>Demo and Tutorial\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1-t4fKOTty0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Show personalized content to your visitors and turn them into engaged fans. You can personalize things like browser, country, IP and more.",10,1603,100,5,"","5.3.21","4.6","5.2.4",[20,21,22,23],"content","page","post","shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-personalizer.1.0.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"teknikforce",7,60,89,30,86,"2026-04-04T13:56:06.816Z",[38,58,76,94,109],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":11,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":15,"tags":52,"homepage":54,"download_link":55,"security_score":56,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":57},"hide-broken-shortcodes","Hide Broken Shortcodes","1.9.4","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>By default in WordPress, if the plugin that provides the functionality to handle any given shortcode is disabled, or if a shortcode is improperly defined in the content (such as with a typo), then the shortcode in question will appear on the site in its entirety, unprocessed by WordPress. At best this reveals unsightly code-like text to visitors and at worst can potentially expose information not intended to be seen by visitors.\u003C\u002Fp>\n\u003Cp>This plugin prevents unhandled shortcodes from appearing in the content of a post or page. If the shortcode is of the self-closing variety, then the shortcode tag and its attributes are not displayed and nothing is shown in their place. If the shortcode is of the enclosing variety (an opening and closing tag bookend some text or markup), then the text that is being enclosed will be shown, but the shortcode tag and attributes that surround the text will not be displayed.\u003C\u002Fp>\n\u003Cp>See the Filters section for more customization tips.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fhide-broken-shortcodes\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-broken-shortcodes\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fhide-broken-shortcodes\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>Developer documentation can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fhide-broken-shortcodes\u002Fblob\u002Fmaster\u002FDEVELOPER-DOCS.md\" rel=\"nofollow ugc\">DEVELOPER-DOCS.md\u003C\u002Fa>. That documentation covers the hooks provided by the plugin.\u003C\u002Fp>\n\u003Cp>As an overview, these are the hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>hide_broken_shortcode\u003C\u002Fcode>          : Customizes what, if anything, gets displayed when a broken shortcode is encountered.\u003C\u002Fli>\n\u003Cli>\u003Ccode>hide_broken_shortcodes_filters\u003C\u002Fcode> : Customizes what filters to hook to find text with potential broken shortcodes.\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevent broken shortcodes from appearing in posts and pages.",400,26052,90,"2021-10-10T06:54:00.000Z","5.8.13","2.5",[20,21,22,23,53],"shortcodes","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fhide-broken-shortcodes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-broken-shortcodes.1.9.4.zip",85,"2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":13,"downloaded":66,"rating":32,"num_ratings":14,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":15,"tags":70,"homepage":15,"download_link":72,"security_score":73,"vuln_count":74,"unpatched_count":25,"last_vuln_date":75,"fetched_at":57},"show-website-content-in-wordpress-page-or-post","Website Content in Page or Post – Embed website content in posts and pages","2025.12.03","Matteo Enna","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatteoenna\u002F","\u003Cp>Fetches the content of another webpage or URL to display inside the current post or page.\u003C\u002Fp>\n\u003Cp>Please note that this plugin previously used \u003Ccode>file_get_contents()\u003C\u002Fcode>, but it’s no longer recommended.\u003C\u002Fp>\n\u003Cp>Starting now, this plugin utilizes the \u003Ccode>wp_remote_get()\u003C\u002Fcode> and \u003Ccode>wp_remote_retrieve_body()\u003C\u002Fcode> functions to retrieve content from URLs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin contains code adapted from the original work by horshipsrectors\u003C\u002Fstrong>\u003C\u002Fp>\n","Fetches the content of another webpage or URL to display inside the current post or page.",12096,"2025-12-03T06:54:00.000Z","6.9.4","4.0.0",[71,20,21,22,23],"block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-website-content-in-wordpress-page-or-post.2025.12.03.zip",99,1,"2024-06-21 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":25,"num_ratings":25,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":15,"tags":88,"homepage":92,"download_link":93,"security_score":56,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":57},"bns-inline-asides","BNS Inline Asides","1.3.2","Edward Caissie","https:\u002F\u002Fprofiles.wordpress.org\u002Fcais\u002F","\u003Cp>Have you ever wanted to add a personal comment into the body of a post or page and have it stand out from the rest of the content?\u003Cbr \u002F>\nHave you really wanted to throw a rant in a review because the subject just really got under your skin but you don’t want to dramatically disrupt the content?\u003Cbr \u002F>\nThis plugin will allow you to style sections of the post, or page, content with a shortcode that can add more emphasis by leveraging a style element from the active theme.\u003Cbr \u002F>\nThese asides can be left open as part of the content flow; or these asides can be closed to leave your readers the option of opening them if they choose to.\u003C\u002Fp>\n\u003Ch4>Copyright 2011-2018  Edward Caissie  (email : edward.caissie@gmail.com)\u003C\u002Fh4>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\n  it under the terms of the GNU General Public License version 2,\u003Cbr \u002F>\n  as published by the Free Software Foundation.\u003C\u002Fp>\n\u003Cp>You may NOT assume that you can use any other version of the GPL.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\n  but WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\n  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\n  GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\n  along with this program; if not, write to the Free Software\u003Cbr \u002F>\n  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\u003C\u002Fp>\n\u003Cp>The license for this software can also likely be found here:\u003Cbr \u002F>\n  http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Ch4>Acknowledgements\u003C\u002Fh4>\n\u003Cp>Credits for jQuery assistance: Trevor Mills www.topquarkproductions.ca\u003C\u002Fp>\n\u003Ch4>Screenshots Source Content\u003C\u002Fh4>\n\u003Cp>Sample content taken from the “Readability” post of the Theme Unit Test data found here: https:\u002F\u002Fcodex.wordpress.org\u002FTheme_Unit_Test used with the default Twenty Ten Theme.\u003C\u002Fp>\n","This plugin will allow you to style sections of the post, or page, content with added emphasis by leveraging a style element from the active theme.",4886,"2018-07-24T18:36:00.000Z","4.9.29","3.6",[20,89,90,91,23],"pages","plugin-only","posts","http:\u002F\u002Fbuynowshop.com\u002Fplugins\u002Fbns-inline-asides\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbns-inline-asides.1.3.2.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":25,"num_ratings":25,"last_updated":103,"tested_up_to":104,"requires_at_least":15,"requires_php":15,"tags":105,"homepage":107,"download_link":108,"security_score":56,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":57},"dynamic-text","Dynamic Text","2.1.2","Stephen Mullen","https:\u002F\u002Fprofiles.wordpress.org\u002Fripjustice\u002F","\u003Cp>You can now nest shortcodes from other themes and plugins within Dynamic Text!\u003C\u002Fp>\n\u003Cp>This is effectively a localization plugin that allows you to have dynamic text, pictures and really any content on your WordPress pages and posts that changes depending on the content of your url (domain). To use this plugin, you can use this settings page to create an unlimited number of domains. Each domain is associated with the title for the domain, which is always DynamicDomain_”number associated with your domain or url content”. These titles are used as attribute values for the shortcode associated with this plugin and will be listed right next to the domain you enter on this page. The shortcode itself is [dynamic_text][\u002Fdynamic_text] and the attribute is “domain.” Your content goes in-between the shortcode. To add additional domains, click the “Add New Domain” button on this page. To save your domains or to change previously set domains, click the “Save Domain Names” button.\u003C\u002Fp>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cp>*If you save the domain “test.com” as DynamicDomain_1 and want content to show up only when “test.com” is in the url for your page, then you would enter the following: [dynamic_text domain=”DynamicDomain_1″]Your content goes right here[\u002Fdynamic_text]\u003C\u002Fp>\n\u003Cp>*If you save the domain “mydomain.com” as DynamicDomain_2 and want content to show up only when “mydomain.com” is in the url for your page, then you would enter the following: [dynamic_text domain=”DynamicDomain_2″]Your content goes right here[\u002Fdynamic_text]\u003C\u002Fp>\n\u003Cp>*If you save the word “door” as DynamicDomain_3 and want content to show up only when “door” is in the url for your page, then you would enter the following: [dynamic_text domain=”DynamicDomain_3″]Your content goes right here[\u002Fdynamic_text]\u003C\u002Fp>\n\u003Cp>*If you have a shortcode from any other plugin or theme that you want to only have work for a particular domain you can simply nest the shortcode between the dynamic text shortcode with the appropriate domain set like so: [dynamic_text domain=”DynamicDomain_2″][Your other shortcode goes here][\u002Fdynamic_text]\u003C\u002Fp>\n\u003Cp>While this is plugin can be used strictly for localization, you can also use this plugin to swap content on your site based on any phrase contained in the url. In the case of localization, rather than having to set up separate wordpress sites for different countries you can instead use this plugin to have a central site and swap the content based upon the domain being used to access the site (so someone hitting the site from the UK and using .uk could see different content on the site than someone reaching it from the US using a .us extension). Alternately, if you just want page content to swap on a page depending on terms contained in the url, you can use this plugin for that as well. Additionally, you could combine this plugin with a custom theme then use the plugin to swap out content on templates in your theme depending on the domain used to reach the site. In that case, you could setup 1 website but have it appear to be an unlimited number of separate websites depending on the domain used to reach the site, with a completely different look and completely different content displayed per domain using the combination of this plugin and your custom theme.\u003C\u002Fp>\n","Dynamic Text is a localization plugin that allows you to have dynamic text and content on your Wordpress pages and posts. To use this plugin, set an  &hellip;",2688,"2017-02-13T07:14:00.000Z","4.7.32",[20,21,22,23,106],"text","http:\u002F\u002Fmullenwebsites.com\u002Fdynamic-text-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdynamic-text.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":11,"downloaded":117,"rating":25,"num_ratings":25,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":15,"tags":121,"homepage":15,"download_link":123,"security_score":56,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":57},"timed-content-show-or-hide","Timed content show or hide","1.0","Tomek","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomek00\u002F","\u003Cp>This plugin show or hide the content after a specified time.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cp>[timed-content time=”10000″ visible=”yes”]The content[\u002Ftimed-content]\u003C\u002Fp>\n","This plugin show or hide the content after a specified time.",1520,"2015-11-20T17:26:00.000Z","4.3.34","3.0",[20,21,22,23,122],"user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftimed-content-show-or-hide.zip",{"attackSurface":125,"codeSignals":228,"taintFlows":285,"riskAssessment":355,"analyzedAt":368},{"hooks":126,"ajaxHandlers":161,"restRoutes":186,"shortcodes":187,"cronEvents":225,"entryPointCount":226,"unprotectedCount":227},[127,133,137,141,145,149,152,156],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","admin_footer","reValidate","unichatbox\\plugin.php",22,{"type":128,"name":134,"callback":135,"file":131,"line":136},"admin_menu","loadActivationPage",237,{"type":128,"name":134,"callback":138,"file":139,"line":140},"WPPersonalizer_dashbord","WPPersonalizer.php",19,{"type":128,"name":142,"callback":143,"file":139,"line":144},"admin_enqueue_scripts","wppwesonalizer_installscripts",107,{"type":128,"name":146,"callback":147,"file":139,"line":148},"add_meta_boxes","WPPersonalizer_register_meta_boxes",115,{"type":128,"name":146,"callback":150,"file":139,"line":151},"WPPersonalizer_register_meta_boxes1",182,{"type":128,"name":153,"callback":154,"priority":11,"file":139,"line":155},"save_post","WPPersonalizerSecond_save_custom_meta_box",612,{"type":157,"name":158,"callback":159,"file":139,"line":160},"filter","admin_footer_text","wppersonalizertnf_footer_admin",823,[162,168,172,174,178,180,184],{"action":163,"nopriv":164,"callback":165,"hasNonce":166,"hasCapCheck":164,"file":139,"line":167},"personalizeractionresponse_adminajxlcnc",false,"wppwesonalizer_licenseAjaxRun",true,66,{"action":169,"nopriv":164,"callback":170,"hasNonce":164,"hasCapCheck":164,"file":139,"line":171},"insertdatarequest","wppwesonalizer_do_insertdatarequest",826,{"action":169,"nopriv":166,"callback":170,"hasNonce":164,"hasCapCheck":164,"file":139,"line":173},827,{"action":175,"nopriv":164,"callback":176,"hasNonce":164,"hasCapCheck":164,"file":139,"line":177},"deletedatarequest","wppwesonalizer_do_deletedatarequest",839,{"action":175,"nopriv":166,"callback":176,"hasNonce":164,"hasCapCheck":164,"file":139,"line":179},840,{"action":181,"nopriv":164,"callback":182,"hasNonce":164,"hasCapCheck":164,"file":139,"line":183},"editdatarequest","wppwesonalizer_do_editdatarequest",851,{"action":181,"nopriv":166,"callback":182,"hasNonce":164,"hasCapCheck":164,"file":139,"line":185},852,[],[188,193,197,201,205,209,213,216,219,222],{"tag":189,"callback":190,"file":191,"line":192},"wppersonalizer_Browser","wppersonalizer_browser","function\\wppersonalisor_browser.php",2,{"tag":194,"callback":195,"file":196,"line":192},"wppersonalizer_City","wppersonalizer_city","function\\wppersonalisor_city.php",{"tag":198,"callback":199,"file":200,"line":192},"wppersonalizer_Country","wppersonalizer_country","function\\wppersonalisor_country.php",{"tag":202,"callback":203,"file":204,"line":192},"wppersonalizer_IP","wppersonalizer_ip","function\\wppersonalisor_ip.php",{"tag":206,"callback":207,"file":208,"line":192},"wppersonalizer_Region","wppersonalizer_region","function\\wppersonalisor_region.php",{"tag":210,"callback":211,"file":212,"line":192},"wppersonalizer_Windows","wppersonalizer_windows","function\\wppersonalisor_windows.php",{"tag":214,"callback":214,"file":139,"line":215},"wppersonalizer_Normal",636,{"tag":217,"callback":217,"file":139,"line":218},"wppersonalizer_Upper_Case",703,{"tag":220,"callback":220,"file":139,"line":221},"wppersonalizer_Lower_Case",731,{"tag":223,"callback":223,"file":139,"line":224},"wppersonalizer_Proper_Case",758,[],17,6,{"dangerousFunctions":229,"sqlUsage":230,"outputEscaping":245,"fileOperations":25,"externalRequests":227,"nonceChecks":14,"capabilityChecks":192,"bundledLibraries":284},[],{"prepared":231,"raw":231,"locations":232},4,[233,237,240,243],{"file":234,"line":235,"context":236},"ajax_edit.php",23,"$wpdb->query() with variable interpolation",{"file":238,"line":140,"context":239},"ajax_insert.php","$wpdb->get_col() with variable interpolation",{"file":139,"line":241,"context":242},266,"$wpdb->get_results() with variable interpolation",{"file":139,"line":244,"context":242},686,{"escaped":246,"rawEcho":247,"locations":248},114,16,[249,252,255,258,260,262,264,266,268,270,272,274,276,278,280,282],{"file":131,"line":250,"context":251},168,"raw output",{"file":253,"line":254,"context":251},"unichatbox\\user_not_verified.php",29,{"file":256,"line":257,"context":251},"unichatbox\\user_not_verified_bonus.php",33,{"file":256,"line":259,"context":251},34,{"file":139,"line":261,"context":251},288,{"file":139,"line":263,"context":251},303,{"file":139,"line":265,"context":251},341,{"file":139,"line":267,"context":251},351,{"file":139,"line":269,"context":251},384,{"file":139,"line":271,"context":251},390,{"file":139,"line":273,"context":251},417,{"file":139,"line":275,"context":251},436,{"file":139,"line":277,"context":251},671,{"file":139,"line":279,"context":251},720,{"file":139,"line":281,"context":251},747,{"file":139,"line":283,"context":251},775,[],[286,311,330,345],{"entryPoint":287,"graph":288,"unsanitizedCount":25,"severity":310},"\u003Cajax_insert> (ajax_insert.php:0)",{"nodes":289,"edges":307},[290,295,300,302],{"id":291,"type":292,"label":293,"file":238,"line":294},"n0","source","$_POST",13,{"id":296,"type":297,"label":298,"file":238,"line":140,"wp_function":299},"n1","sink","get_col() [SQLi]","get_col",{"id":301,"type":292,"label":293,"file":238,"line":294},"n2",{"id":303,"type":297,"label":304,"file":238,"line":305,"wp_function":306},"n3","query() [SQLi]",25,"query",[308,309],{"from":291,"to":296,"sanitized":166},{"from":301,"to":303,"sanitized":166},"low",{"entryPoint":312,"graph":313,"unsanitizedCount":25,"severity":310},"\u003Cplugin> (unichatbox\\plugin.php:0)",{"nodes":314,"edges":327},[315,318,322,323],{"id":291,"type":292,"label":316,"file":131,"line":317},"$_SERVER",35,{"id":296,"type":297,"label":319,"file":131,"line":320,"wp_function":321},"wp_remote_post() [SSRF]",48,"wp_remote_post",{"id":301,"type":292,"label":316,"file":131,"line":317},{"id":303,"type":297,"label":324,"file":131,"line":325,"wp_function":326},"wp_remote_get() [SSRF]",53,"wp_remote_get",[328,329],{"from":291,"to":296,"sanitized":166},{"from":301,"to":303,"sanitized":166},{"entryPoint":331,"graph":332,"unsanitizedCount":25,"severity":310},"\u003Cuser_not_verified_bonus> (unichatbox\\user_not_verified_bonus.php:0)",{"nodes":333,"edges":342},[334,336,339,341],{"id":291,"type":292,"label":335,"file":256,"line":254},"$_POST[$lisence_input_name]",{"id":296,"type":297,"label":337,"file":256,"line":254,"wp_function":338},"echo() [XSS]","echo",{"id":301,"type":292,"label":340,"file":256,"line":34},"$_POST[$lisence_input_email]",{"id":303,"type":297,"label":337,"file":256,"line":34,"wp_function":338},[343,344],{"from":291,"to":296,"sanitized":166},{"from":301,"to":303,"sanitized":166},{"entryPoint":346,"graph":347,"unsanitizedCount":25,"severity":310},"\u003CWPPersonalizer> (WPPersonalizer.php:0)",{"nodes":348,"edges":353},[349,352],{"id":291,"type":292,"label":350,"file":139,"line":351},"$_GET (x4)",265,{"id":296,"type":297,"label":337,"file":139,"line":277,"wp_function":338},[354],{"from":291,"to":296,"sanitized":166},{"summary":356,"deductions":357},"The \"wp-personalizer\" v1.0.0 plugin presents a mixed security posture.  While it boasts a clean vulnerability history with no recorded CVEs and a significant percentage of properly escaped outputs, there are concerning areas related to its attack surface.  Specifically, a notable number of AJAX handlers lack proper authentication checks, creating potential entry points for unauthorized actions.  The presence of direct SQL queries, with 50% not utilizing prepared statements, also introduces a risk of SQL injection vulnerabilities, although the taint analysis did not reveal any immediate exploitable flows in this specific scan.  The lack of file operations and external HTTP requests is a positive sign, reducing certain attack vectors.",[358,361,364,366],{"reason":359,"points":360},"Unprotected AJAX handlers",20,{"reason":362,"points":363},"SQL queries without prepared statements",15,{"reason":365,"points":11},"Limited capability checks",{"reason":367,"points":11},"Limited nonce checks","2026-03-16T23:22:44.075Z",{"wat":370,"direct":379},{"assetPaths":371,"generatorPatterns":376,"scriptPaths":377,"versionParams":378},[372,373,374,375],"\u002Fwp-content\u002Fplugins\u002Fwp-personalizer\u002Fasset\u002Fcss\u002Fwppersona.css","\u002Fwp-content\u002Fplugins\u002Fwp-personalizer\u002Fasset\u002Fcss\u002Fbootstrap\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-personalizer\u002Fasset\u002Fcss\u002Fbootstrap\u002Fjs\u002Fpopper.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-personalizer\u002Fasset\u002Fcss\u002Fbootstrap\u002Fjs\u002Fbootstrap.min.js",[],[],[],{"cssClasses":380,"htmlComments":385,"htmlAttributes":386,"restEndpoints":389,"jsGlobals":390,"shortcodeOutput":393},[381,382,383,384],"lead_finder_fb_heading","lead_finder_fblimit","lead_finder_fb","personalizer_ppuri",[],[387,388],"data-toggle","data-target",[],[165,147,391,150,392],"WPPersonalizer_my_display_callback","WPPersonalizer_my_display_callback1",[394,395,396],"[wppersonalizer_","[wppersonalizer_page]","[wppersonalizer_post]"]