[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHZ8_-A5wMutctPkKBSQi5rPaWwbP24FUp1jPpKu5KGk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":139,"fingerprints":179},"wp-plugin-security-check","WP Plugin Security Check","0.4","ldebrouwer","https:\u002F\u002Fprofiles.wordpress.org\u002Fldebrouwer\u002F","\u003Cp>An up-to-date WordPress installation is as safe as it can be, plugins however can often pose a security risk because they’re not maintained by hundreds of contributors. A plugin is as secure as the security knowledge of the developer allows it to be. In some cases this creates loopholes for exploits. WP Plugin Security Check checks plugins for bad practices and possible security holes limiting the risk of a compromised WordPress installation to a ‘hate to say I told you so’.\u003C\u002Fp>\n","WP Plugin Security Check checks if your WordPress plugins are 'safe'.",100,10199,0,"2011-05-01T07:31:00.000Z","3.1.4","3.1","",[19,20],"check","security","http:\u002F\u002Fwww.lucdebrouwer.nl\u002Fwordpress-plugin-wp-plugin-security-check\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-plugin-security-check.0.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},5,150,88,30,86,"2026-04-04T14:11:03.853Z",[35,55,77,100,121],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":17,"download_link":54,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wp-fingerprint","WP Fingerprint","2.1.2","DanFoster","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanfoster\u002F","\u003Cp>WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit. WP Fingerprint works by collecting checksums of your plugins and comparing it with the checksums collected by WP Fingerprint. If the plugin detects any abnormalities it will let you know so you can take immediate action.\u003Cbr \u002F>\nThis plugin transmits and stores checksums on WP Fingerprint servers(all hosted in EU and run by 34SP.com) & WordPress.org to work for details see https:\u002F\u002Fwpfingerprint.com\u002Fhow-it-works\u002F for the data we collect and store.\u003C\u002Fp>\n","WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit.",9000,33795,60,2,"2025-09-03T12:16:00.000Z","6.8.5","4.9","5.6",[52,53,20],"checksums","plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fingerprint.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":17,"download_link":76,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"plugin-compatibility-checker","Plugin Compatibility Checker","7.0.4","compatshield","https:\u002F\u002Fprofiles.wordpress.org\u002Fcompatshield\u002F","\u003Cp>The \u003Cstrong>Plugin Compatibility Checker\u003C\u002Fstrong> helps you keep your WordPress site stable and secure by scanning installed plugins for PHP and WordPress version compatibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>$1\u002Fmonth License Required (Entry Plan)\u003C\u002Fstrong>\u003Cbr \u002F>\nYou must subscribe to the CompatShield Portal ($1\u002Fmonth recurring) to obtain a \u003Cstrong>license key\u003C\u002Fstrong>. Once activated, you will be able to see plugin compatibility results (up to PHP 8.5) directly inside your WordPress admin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📺 Video Tutorial\u003C\u002Fstrong>\u003Cbr \u002F>\nWatch step-by-step how to activate your license & run your first scan:\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPCxhJmO-Tb4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Quick Setup Steps\u003C\u002Fstrong>\u003Cbr \u002F>\n1) Subscribe \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Get your license key from the Portal\u003Cbr \u002F>\n2) Add your domain inside the License tab\u003Cbr \u002F>\n3) Copy your License Key\u003Cbr \u002F>\n4) Paste License Key inside Plugin Settings in WP Admin\u003Cbr \u002F>\n5) Click \u003Cstrong>Validate License\u003C\u002Fstrong>\u003Cbr \u002F>\n6) Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003Cbr \u002F>\n7) Go to Plugin Main Page \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Click \u003Cstrong>Rescan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro Version (Upgrade)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrading to Pro unlocks the full CompatShield Portal Dashboard with advanced features — vulnerability summary, detailed scan results, notifications, historic analysis, plugin issues overview, premium ZIP upload scanning, and multi-layer compatibility intelligence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Subscribe \u002F Upgrade to Pro:\u003C\u002Fstrong> https:\u002F\u002Fwww.compatshield.com\u002F\u003C\u002Fp>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>PHP Compatibility Check\u003C\u002Fstrong> – Scan plugins for PHP compatibility.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$1\u002Fmonth license: Shows PHP compatibility results directly inside WP Plugin backend (up to PHP 8.5)\u003C\u002Fli>\n\u003Cli>Pro license: Deeper breakdowns, insights, and analysis inside Portal Dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Rescan\u003C\u002Fstrong> – Quickly rescan whenever you install or update plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications (Pro)\u003C\u002Fstrong> – Get notified when scans complete or risks are detected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Portal Integration (Pro)\u003C\u002Fstrong> – View full detailed results in the CompatShield Portal Dashboard.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Vulnerability Summary (Pro)\u003C\u002Fstrong> – Basic vulnerability insights available in the Portal.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>“No Data” Plugins Handling\u003C\u002Fstrong> – Easily identify custom\u002Fpremium plugins or removed versions not available on WordPress.org.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔑 Entry Plan vs Pro Plan\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>PHP Compatibility Check\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: WP Admin Results up to PHP 8.5\u003Cbr \u002F>\nPro Plan: Detailed compatibility insights in Portal Dashboard\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Vulnerability Summary\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Available in Portal\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Available\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Portal Dashboard\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Full access (compatibility + vulnerabilities + detailed summaries + site overview)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom\u002FPremium Plugins ZIP Scanning\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Supported via Portal ZIP uploader\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Scan and check your plugins for PHP and WordPress compatibility. Requires a $1\u002Fmonth Portal subscription to obtain a license key.",8000,85564,76,8,"2025-12-22T15:20:00.000Z","6.9.4","5.0","7.2",[72,73,20,74,75],"php-version","plugin-checker","tags-compatibility","vulnerabilities","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-compatibility-checker.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":11,"num_ratings":28,"last_updated":87,"tested_up_to":68,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":95,"download_link":96,"security_score":97,"vuln_count":98,"unpatched_count":13,"last_vuln_date":99,"fetched_at":25},"rsfirewall","RSFirewall!","1.1.46","RSJoomla!","https:\u002F\u002Fprofiles.wordpress.org\u002Frsjoomla\u002F","\u003Cp>The RSFirewall! WordPress plugin is the optimal solution for securing your website, helping you stay one step ahead of malicious users that wish to harm your website. The plugin is backed by a team of professionals with a long history in website security that are up to date with the latest known vulnerabilities and security updates.\u003C\u002Fp>\n\u003Cp>RSFIREWALL FREE VERSION FEATURES:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Free WordPress Firewall for your website\u003C\u002Fli>\n\u003Cli>Active protections against local file and remote file inclusion attacks\u003C\u002Fli>\n\u003Cli>SQL injection protections\u003C\u002Fli>\n\u003Cli>ReCAPTCHA for registration, login and commenting forms\u003C\u002Fli>\n\u003Cli>Filter uploaded files for possible malware and improper extensions\u003C\u002Fli>\n\u003Cli>Active monitoring WordPress core files integrity\u003C\u002Fli>\n\u003Cli>Active monitoring for your own files\u003C\u002Fli>\n\u003Cli>XML-RPC blocking\u003C\u002Fli>\n\u003Cli>REST API blocking with proper exceptions that you can define\u003C\u002Fli>\n\u003Cli>Protect the wp-admin\u002F slug with an extra password\u003C\u002Fli>\n\u003Cli>Change the wp-admin\u002F slug into a custom one\u003C\u002Fli>\n\u003Cli>Disallow direct access to PHP files in (wp-content, wp-content\u002Fuploads, wp-includes) with proper exceptions that you can define\u003C\u002Fli>\n\u003Cli>Receive email notifications on detected threats\u003C\u002Fli>\n\u003Cli>Automatically block repeated offenders IP addresses\u003C\u002Fli>\n\u003Cli>Perform a System check (WordPress and server configuration checks)\u003C\u002Fli>\n\u003Cli>Disable the creation of new Administrator accounts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>RSFIREWALL PAID VERSION FEATURES:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Two Factor Authentication\u003C\u002Fli>\n\u003Cli>Country blocking\u003C\u002Fli>\n\u003Cli>Convert email addresses to images\u003C\u002Fli>\n\u003Cli>Protect forms from abusive IPs\u003C\u002Fli>\n\u003Cli>File integrity check\u003C\u002Fli>\n\u003Cli>Convert email addresses from plain text to images\u003C\u002Fli>\n\u003Cli>More control over the system check\u003C\u002Fli>\n\u003Cli>Whitelist blocked PHP files\u003C\u002Fli>\n\u003Cli>Protect admin users from changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>3rd Party services\u003C\u002Fh3>\n\u003Cp>RSFirewall! will compare the MD5 hash of files with the original ones from the WordPress installation package. If differences are found (ie files have been modified) RSFirewall! upon request can download the original files from the GitHub synchronised repository of WordPress:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>All connections are made with \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_remote_get\" rel=\"nofollow ugc\">wp_remote_get\u003C\u002Fa> and the following information will be sent along with the request:\u003Cbr \u002F>\n– WordPress version\u003Cbr \u002F>\n– WordPress user agent along with your WordPress website address\u003Cbr \u002F>\n– Your server’s IP address\u003C\u002Fp>\n","Based on the success of the most popular firewall for Joomla!, RSFirewall! is now available to protect your WordPress website as well.",4000,29620,"2026-03-12T09:29:00.000Z","4.5.15","5.4",[91,92,20,93,94],"firewall","malware-scanner","system-check","web-application-firewall","https:\u002F\u002Fwww.rsjoomla.com\u002Fwordpress-plugins\u002Fwordpress-security-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frsfirewall.zip",95,3,"2026-03-23 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":17,"tags":115,"homepage":119,"download_link":120,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"integrity-checker","Integrity Checker","0.10.0","Erik Torsner","https:\u002F\u002Fprofiles.wordpress.org\u002Feriktorsner\u002F","\u003Cp>Integrity-checker uses a mix of traditional and new techniques to scan your website for potential issues. First and foremost, it verifies that all installed code is identical to it’s original version. By comparing WordPress core, plugins and themes in your installation with the original versions available at wordpress.org, Integrity-checker can quickly determine if there are any changes you need to be aware of. Integrity-checker also lets you compare your local version to the original to help you determine if you’ve been hacked.\u003C\u002Fp>\n\u003Cp>Additionally, Integrity-checker scans all installed files for permission issues. Ensuring correct permissions is vital for WordPress security, as with any PHP based web application.\u003C\u002Fp>\n\u003Cp>Lastly, Integrity-checker will look through some of the basic WordPress configuration to look for common security problems like user enumeration, directory index weak credentials etc.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Helps you track down hacked WordPress files in core, plugins and themes  \u003C\u002Fli>\n\u003Cli>Makes it easy to find issues with file permissions\u003C\u002Fli>\n\u003Cli>Detects common configuration problems\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3rd party software\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtdowling\u002Fcron-expression\" rel=\"nofollow ugc\">cron-expression\u003C\u002Fa> copyright Michael Dowling, see \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fmtdowling\u002Fcron-expression\u002Fv1.1.0\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Cron-expression is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchrisboulton\u002Fphp-diff\" rel=\"nofollow ugc\">php-diff\u003C\u002Fa> copyright Chris Boulton under the \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FBSD-3-Clause\" rel=\"nofollow ugc\">BSD license\u003C\u002Fa>. php-diff is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002F\" rel=\"nofollow ugc\">silexphp\u002FPimple\u003C\u002Fa> copyright Fabien Potencier, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002Fblob\u002Fv3.0.2\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Pimple is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdatatables.net\" rel=\"nofollow ugc\">DataTables\u003C\u002Fa> 1.10.13 copyright 2008-2016 SpryMedia Ltd. Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fdatatables.net\u002Flicense\" rel=\"nofollow ugc\">datatables.net\u002Flicense\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\" rel=\"nofollow ugc\">jqCron.js\u003C\u002Fa> Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\u002Fblob\u002Fmaster\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>\u003C\u002Fp>\n","The WordPress Integrity Checker checks your WordPress installation by detecting modified files, permissions issues and other common problems.",200,12158,96,6,"2025-10-13T08:49:00.000Z","4.7.32","4.4",[116,117,20,118],"checksum","secure","security-plugin","https:\u002F\u002Fwww.wpessentials.io\u002Fplugins\u002Fintegrity-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrity-checker.0.10.0.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":11,"downloaded":129,"rating":11,"num_ratings":46,"last_updated":130,"tested_up_to":68,"requires_at_least":131,"requires_php":17,"tags":132,"homepage":137,"download_link":138,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"dessky-security","Dessky Security","1.3","dessky","https:\u002F\u002Fprofiles.wordpress.org\u002Fdessky\u002F","\u003Cp>Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website. Once you enable all major security measures your input is no longer required. Features include upload directory restriction, disabling of plugin\u002Ftheme editor, admin username check and more.\u003C\u002Fp>\n\u003Cp>This plugin was developed by \u003Ca href=\"https:\u002F\u002Fdessky.com\u002F\" rel=\"nofollow ugc\">Dessky Team\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Dessky Team does not provide support for the Dessky Security on the WordPress.org forums. In order to get support or make a suggestion from a Dessky Team you will have to Join Our Open Community and \u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">Start a Discussion\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">DISCUSS WITH THE DESSKY TEAM\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdiscuss.dessky.org\u002Ft\u002Fdessky-security\" rel=\"nofollow ugc\">JOIN OUR OPEN COMMUNITY\u003C\u002Fa>: The purpose of this open community is to have a collective place where the community can help each other, and we can get some feedback to improve Dessky Security as well. Joining the community is also a great way to connect with like-minded people and share your experience.\u003C\u002Fp>\n\u003Cp>You can also \u003Ca href=\"https:\u002F\u002Fdessky.me\u002F\" rel=\"nofollow ugc\">GET THE PREMIUM SUPPORT\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdessky.org\u002F\" rel=\"nofollow ugc\">User Documentation\u003C\u002Fa>: Although Dessky Security is already easy to set up, we’ve put together tutorials, guides, and some knowledge bases to help you set up and get started with it.\u003C\u002Fp>\n\u003Cp>I have further questions, how do I contact you?\u003C\u002Fp>\n\u003Cp>Please fill up the \u003Ca href=\"https:\u002F\u002Fdessky.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">contact form\u003C\u002Fa> and we would be more than happy to assist.\u003C\u002Fp>\n\u003Cp>Credits: Dessky Security is based on the ‘Sucuri WordPress Security’ plugin developed by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fddsucurinet\u002F\" rel=\"nofollow ugc\">Daniel Cid\u003C\u002Fa>.\u003C\u002Fp>\n","Dessky Security is the ultralight plugin for basic Security Hardening. It is specially designed not to drain any resources from your website.",5999,"2025-12-03T15:19:00.000Z","3.2",[133,20,134,135,136],"hardening","site-hardening","wordpress-hardening","wordpress-security-check","https:\u002F\u002Fdessky.com\u002Fplugin\u002Fdessky-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdessky-security.1.3.zip",{"attackSurface":140,"codeSignals":152,"taintFlows":166,"riskAssessment":167,"analyzedAt":178},{"hooks":141,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":13,"unprotectedCount":13},[142],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","LDB_wp_plugin_security_check_menu","wp-plugin-security-check.php",12,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":164,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":165},[],{"prepared":13,"raw":13,"locations":155},[],{"escaped":46,"rawEcho":98,"locations":157},[158,161,162],{"file":146,"line":159,"context":160},194,"raw output",{"file":146,"line":159,"context":160},{"file":146,"line":163,"context":160},204,1,[],[],{"summary":168,"deductions":169},"The \"wp-plugin-security-check\" plugin v0.4 exhibits a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface.  Furthermore, the code signals indicate a positive adherence to secure coding practices, with no dangerous functions, all SQL queries utilizing prepared statements, and no external HTTP requests.  The vulnerability history shows a clean record with zero known CVEs, which suggests a generally well-maintained and secure codebase.\n\nHowever, there are areas that warrant attention. The low percentage of properly escaped output (40%) is a notable concern, as unsanitized output can lead to Cross-Site Scripting (XSS) vulnerabilities. The presence of file operations, while not inherently insecure, requires careful implementation to prevent arbitrary file access or modification. The complete lack of nonce checks and capability checks, while not directly exploitable given the current attack surface, represents a missed opportunity to implement standard WordPress security mechanisms that would further harden the plugin against potential future threats should its functionality expand. \n\nIn conclusion, the plugin is currently in a good security state due to its limited attack surface and clean vulnerability history. The primary weakness lies in the insufficient output escaping. While the absence of auth checks on entry points is understandable with zero entry points, the lack of nonces and capability checks is a minor area for improvement in overall defensive depth.  The plugin developer should prioritize addressing the output escaping issue to mitigate XSS risks.",[170,172,174,176],{"reason":171,"points":111},"Insufficient output escaping",{"reason":173,"points":46},"File operations present",{"reason":175,"points":28},"No nonce checks",{"reason":177,"points":28},"No capability checks","2026-03-16T21:12:42.931Z",{"wat":180,"direct":186},{"assetPaths":181,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[182],"\u002Fwp-content\u002Fplugins\u002Fwp-plugin-security-check\u002Fwp-plugin-security-check.php",[],[],[],{"cssClasses":187,"htmlComments":196,"htmlAttributes":197,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":200},[188,189,190,191,192,193,194,195],"wp_plugin_security_check_plugin","wp_plugin_security_check_plugin.unsafe","wp_plugin_security_check_plugin.notice","wp_plugin_security_check","wp_plugin_security_check .donate","wp_plugin_security_check .about","wp_plugin_security_check .donate .hndle","wp_plugin_security_check .check",[],[],[],[],[]]