[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvimCA6QgxvC2vxAJF9zqfgHZM_GLCwc8mkVxJbaPk68":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":126,"fingerprints":249},"wp-quick-provision","WP Quick Provision","3.0.1","HasinHayder","https:\u002F\u002Fprofiles.wordpress.org\u002Fhasinhayder\u002F","\u003Cp>This plugin can save you from doing the same tasks again and again you do after installing a fresh copy of WordPress. You can provision your new setup by automatically installing themes and plugins using \u003Cstrong>WP Quick Provision\u003C\u002Fstrong> plugin, all by supplying a list of those themes and plugins from gist.github.com. Here is a valid data format that is required by this plugin to properly provision your WordPress installation.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{\n    \"themes\": [\n        \"hello-elementor\",\n        \"wp-bootstrap-starter\"\n    ],\n    \"plugins\": [\n        \"elementor\",\n        \"happy-elementor-addons\",\n        \"contact-form-7\",\n        \"woocommerce\",\n        \"query-monitor\",\n        \"regenerate-thumbnails\",\n        \"classic-editor\",\n        \"jsm-show-post-meta\"\n    ]\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Example Provision Data URL: \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Fhasinhayder\u002F7b93c50e5f0ff11e26b9b8d81f81d306\" rel=\"nofollow ugc\">https:\u002F\u002Fgist.github.com\u002Fhasinhayder\u002F7b93c50e5f0ff11e26b9b8d81f81d306\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Fhasinhayder\u002F5cf59b883005e043454f5fe0d2d9546b\" rel=\"nofollow ugc\">https:\u002F\u002Fgist.github.com\u002Fhasinhayder\u002F5cf59b883005e043454f5fe0d2d9546b\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>As soon as you save this data on gist.github.com and add tis gist url in your plugin, it will start installing all these themes and plugins mentioned in your data. It will not download a plugin if it is already available in your WordPress setup.\u003C\u002Fp>\n\u003Cp>From version 1.1 you can host your provision data anywhere and supply that URL to this plugin for provisioning.\u003C\u002Fp>\n\u003Cp>After installing everything, \u003Cstrong>WP Quick Provision\u003C\u002Fstrong> will activate all these plugins.\u003C\u002Fp>\n","This is a powerful provisioning plugin to install multiple themes and plugins automatically by providing them as a list from https:\u002F\u002Fgist.github.com.",20,3479,100,19,"2021-03-04T08:10:00.000Z","5.6.17","",[19,20,21,22,23],"development","management","provision","settings","setup","https:\u002F\u002Fprovisionwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-quick-provision.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"hasinhayder",4,440,93,30,89,"2026-04-04T14:53:30.778Z",[40,57,74,91,110],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":27,"num_ratings":27,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":55,"download_link":56,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"themekit","ThemeKit For WordPress","0.5.2","Josh Lyford","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshl\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fthemekitwp.com\u002F\" rel=\"nofollow ugc\">ThemeKit\u003C\u002Fa> is a WordPress plugin that helps you supercharge your self-hosted WordPress themes and plugins by providing a uniform way to create options.\u003C\u002Fp>\n\u003Cp>For more information, check out \u003Ca href=\"http:\u002F\u002Fthemekitwp.com\u002F\" rel=\"nofollow ugc\">themekitwp.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Integration with Google Fonts.\u003C\u002Fli>\n\u003Cli>All data is save in a single option and images are using a custom post type. \u003C\u002Fli>\n\u003Cli>Easily create options for almost anything.\u003C\u002Fli>\n\u003Cli>Prebuilt controls for fonts, borders, text, checkboxes, radio buttons and more.\u003C\u002Fli>\n\u003Cli>Customized version of the WordPress Media Uploader for image management.\u003C\u002Fli>\n\u003Cli>and \u003Cem>many\u003C\u002Fem> more options to come!\u003C\u002Fli>\n\u003C\u002Ful>\n","Supercharge your WordPress themes and plugins with powerful features that are easy to create.",700,6778,"2011-04-05T02:51:00.000Z","3.1.4","3.0",[20,54,22],"options","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fthemekit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemekit.0.5.2.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":52,"requires_php":17,"tags":70,"homepage":72,"download_link":73,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"simple-session-support","Simple Session Support","1.1","Peter Wooster","https:\u002F\u002Fprofiles.wordpress.org\u002Fpkwooster\u002F","\u003Cp>This plugin adds PHP session support. Data can be passed from one request to the next.\u003C\u002Fp>\n\u003Cp>Functions are provided to get and set items in the PHP session.\u003C\u002Fp>\n\u003Cp>\u003Cem>Features for Developers\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can save data from one HTTP request to another.\u003C\u002Fli>\n\u003Cli>the simpleSessionSet($key, $value) function sets a session value\u003C\u002Fli>\n\u003Cli>the simpleSessionGet($key, $default) function gets a session value with a default value if the key is not found\u003C\u002Fli>\n\u003Cli>the session is started in the init action and destroyed in the login and logout actions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Additional Features\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>There are no additional features supported by Simple Session Suppoprt.  The code is simple, small and well documented,\u003Cbr \u002F>\nso you can use it as a starting point for your own plugins or themes.\u003C\u002Fp>\n","Provides support for the PHP session allowing data to be retained from one request to another.",300,10045,13,"2013-12-14T18:49:00.000Z","3.7.41",[19,71],"session-management","http:\u002F\u002Fdevondev.com\u002Fsimple-session-support\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-session-support.1.1.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":13,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":17,"download_link":90,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"configpress","ConfigPress","0.3","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>ConfigPress is a development tool with the main intent to avoid any hard-coding and give an easy and flexible interface to manage all your website custom settings (options).\u003C\u002Fp>\n\u003Cp>With ConfigPress you can define your own custom option or group of options and retrieve them in your code by simply calling ConfigPress::get(‘option_name’) method. This way you do not have to hard-code any sensitive or environment specific options in your custom code.\u003C\u002Fp>\n\u003Cp>For more information check \u003Ca href=\"http:\u002F\u002Fvasyltech.com\u002Fconfig-press\" rel=\"nofollow ugc\">ConfigPress Reference\u003C\u002Fa>\u003C\u002Fp>\n","An easy way to manage all your website custom settings.",4666,74,6,"2015-10-07T14:42:00.000Z","4.3.34","3.2",[89,54,22],"development-tool","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconfigpress.0.3.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":27,"num_ratings":27,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":108,"download_link":109,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"devbrothers-admin-panel","DevBrothers Admin Panel","1.0.0","DevBrothers","https:\u002F\u002Fprofiles.wordpress.org\u002Flzolotarev\u002F","\u003Cp>DevBrothers Admin Panel is a base plugin for managing the DevBrothers plugin ecosystem. It provides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Single access point to all DevBrothers plugins\u003C\u002Fli>\n\u003Cli>Beautiful and intuitive interface\u003C\u002Fli>\n\u003Cli>Centralized settings management\u003C\u002Fli>\n\u003Cli>Information dashboard with statistics\u003C\u002Fli>\n\u003Cli>Automatic integration with other DevBrothers plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with Google Translate service when the “DevBrothers Simple Translator” plugin is installed and active. This integration enables language switching functionality in the admin panel header.\u003C\u002Fp>\n\u003Cp>The plugin loads the Google Translate JavaScript library from translate.google.com when the Simple Translator plugin is active. This is used to provide real-time translation of the WordPress admin interface.\u003C\u002Fp>\n\u003Cp>The following data is sent to Google Translate:\u003Cbr \u002F>\n* The page content when a user selects a different language in the admin panel header\u003Cbr \u002F>\n* The selected language preference\u003C\u002Fp>\n\u003Cp>This service is provided by Google LLC: Terms of Service (https:\u002F\u002Fpolicies.google.com\u002Fterms), Privacy Policy (https:\u002F\u002Fpolicies.google.com\u002Fprivacy).\u003C\u002Fp>\n\u003Cp>Note: This external service is only used when the “DevBrothers Simple Translator” plugin is installed and active. If the plugin is not installed, no data is sent to Google Translate.\u003C\u002Fp>\n","Centralized admin panel for all DevBrothers plugins.",128,"2025-12-17T12:47:00.000Z","6.9.4","5.8","7.4",[105,106,20,107,22],"admin","dashboard","plugins","https:\u002F\u002Fdevbrothers.ru\u002Fadmin-panel\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevbrothers-admin-panel.1.0.0.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":27,"num_ratings":27,"last_updated":120,"tested_up_to":51,"requires_at_least":121,"requires_php":17,"tags":122,"homepage":124,"download_link":125,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"style-my-tweets","Style My Tweets","1.0.1","Jared Harbour","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaredharbour\u002F","\u003Cp>Style My Tweets adds and easy to use options page for styling the Twitter widget that comes with Jetpack by WordPress.com.  There is a good chance this plugin will work with other twitter widgets as well.\u003C\u002Fp>\n\u003Cp>For more information on Themekit, check out \u003Ca href=\"http:\u002F\u002Fthemekitwp.com\u002F\" rel=\"nofollow ugc\">themekitwp.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Options to style the widget container\u003C\u002Fli>\n\u003Cli>Options to style the widget header \u003C\u002Fli>\n\u003Cli>Options to style the individual tweets\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily style the Twitter widget that comes with Jetpack by WordPress.com.  This plugin requires the ThemeKit plugin.",10,2395,"2011-04-04T23:59:00.000Z","3.1",[20,54,22,123],"twitter","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fstyle-my-tweets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstyle-my-tweets.1.0.1.zip",{"attackSurface":127,"codeSignals":150,"taintFlows":183,"riskAssessment":240,"analyzedAt":248},{"hooks":128,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":27,"unprotectedCount":27},[129,134,137,139,142],{"type":130,"name":131,"callback":132,"file":133,"line":11},"action","plugins_loaded","closure","wp-quick-provision.php",{"type":130,"name":135,"callback":132,"file":133,"line":136},"admin_enqueue_scripts",24,{"type":130,"name":138,"callback":132,"file":133,"line":36},"admin_menu",{"type":130,"name":140,"callback":132,"file":133,"line":141},"activated_plugin",391,{"type":143,"name":144,"callback":132,"priority":118,"file":133,"line":145},"filter","plugin_row_meta",398,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":27,"externalRequests":33,"nonceChecks":181,"capabilityChecks":27,"bundledLibraries":182},[],{"prepared":27,"raw":27,"locations":153},[],{"escaped":155,"rawEcho":156,"locations":157},27,11,[158,161,163,165,167,169,171,173,175,177,179],{"file":133,"line":159,"context":160},127,"raw output",{"file":133,"line":162,"context":160},138,{"file":133,"line":164,"context":160},154,{"file":133,"line":166,"context":160},159,{"file":133,"line":168,"context":160},161,{"file":133,"line":170,"context":160},176,{"file":133,"line":172,"context":160},203,{"file":133,"line":174,"context":160},263,{"file":133,"line":176,"context":160},315,{"file":133,"line":178,"context":160},353,{"file":133,"line":180,"context":160},368,2,[],[184],{"entryPoint":185,"graph":186,"unsanitizedCount":33,"severity":239},"\u003Cwp-quick-provision> (wp-quick-provision.php:0)",{"nodes":187,"edges":229},[188,193,198,202,206,212,215,217,219,223,226],{"id":189,"type":190,"label":191,"file":133,"line":192},"n0","source","$_POST['gist'] (x3)",94,{"id":194,"type":195,"label":196,"file":133,"line":192,"wp_function":197},"n1","sink","echo() [XSS]","echo",{"id":199,"type":190,"label":200,"file":133,"line":201},"n2","$_POST['gist']",38,{"id":203,"type":204,"label":205,"file":133,"line":201},"n3","transform","→ wpqp_validate_provision_source()",{"id":207,"type":195,"label":208,"file":209,"line":210,"wp_function":211},"n4","wp_remote_get() [SSRF]","wpqp-functions.php",53,"wp_remote_get",{"id":213,"type":190,"label":214,"file":133,"line":13},"n5","$_POST",{"id":216,"type":204,"label":205,"file":133,"line":13},"n6",{"id":218,"type":195,"label":208,"file":209,"line":210,"wp_function":211},"n7",{"id":220,"type":190,"label":221,"file":133,"line":222},"n8","$_POST (x2)",114,{"id":224,"type":204,"label":225,"file":133,"line":222},"n9","→ wpqp_remote_get()",{"id":227,"type":195,"label":208,"file":209,"line":228,"wp_function":211},"n10",152,[230,232,234,235,236,237,238],{"from":189,"to":194,"sanitized":231},true,{"from":199,"to":203,"sanitized":233},false,{"from":203,"to":207,"sanitized":233},{"from":213,"to":216,"sanitized":233},{"from":216,"to":218,"sanitized":233},{"from":220,"to":224,"sanitized":233},{"from":224,"to":227,"sanitized":233},"medium",{"summary":241,"deductions":242},"The \"wp-quick-provision\" v3.0.1 plugin exhibits a generally good security posture, with no recorded vulnerabilities or CVEs. The static analysis reveals a small attack surface with zero identified entry points that lack authentication. Furthermore, the code demonstrates robust practices by utilizing prepared statements for all SQL queries and showing a high percentage of properly escaped output, indicating an effort to prevent common web vulnerabilities. The absence of dangerous functions and file operations further contributes to its positive security profile. However, a single taint flow with an unsanitized path warrants attention, as this could potentially lead to unforeseen security issues if not handled correctly, despite not being classified as critical or high severity in this analysis. The presence of external HTTP requests, while not inherently a vulnerability, is an area to monitor for potential supply chain risks or unintended data exposure.",[243,246],{"reason":244,"points":245},"Taint flow with unsanitized path detected",5,{"reason":247,"points":181},"External HTTP requests present","2026-03-16T22:58:42.105Z",{"wat":250,"direct":257},{"assetPaths":251,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[252],"\u002Fwp-content\u002Fplugins\u002Fwp-quick-provision\u002Fassets\u002Fcss\u002Fwpqp.css",[],[],[256],"wp-quick-provision\u002Fassets\u002Fcss\u002Fwpqp.css?ver=",{"cssClasses":258,"htmlComments":269,"htmlAttributes":285,"restEndpoints":286,"jsGlobals":287,"shortcodeOutput":288},[259,260,261,262,263,264,265,266,267,268],"wpqp","wpqp_box","wpqp_box_header","wpqp_box_content","wpqp_form","wpqp_hide","wpqp_text","wpqp_info","wpqp_error","wpqp_large_button",[270,271,272,273,274,275,276,277,278,279,280,281,282,283,284],"This block checks if the submitted provision configuration url is valid or not.","If it is empty or if the URL doesn't have valid body content, a JOSN object with themes and plugins in it","we're going to redirect the visitor to input it again","This if block hides the form elements, especially gist textbox","after the first form submission, because at this point we already have the url","and we just want to show the list of themes and plugins to our user","This is first submission of the form, so we're going to fetch the list of themes and plugins","from the configuration URL and show them in WP_List_Table. There will be checkboxes beside","each of these items and user can uncheck and submit which will be handled in second submission","The configuration URL is not valid, so let's block the progress here.","This is where we're creating those beautiful tables. Check the code of WPQP_Table class","Following is a list of themes we found from your provision data url. It contains items from WordPress.org theme repository as well as externally hosted items. If you are not sure to install any of these items, simply uncheck them and they will not be installed. Just for your reference, the provision data url was ","Following is a list of plugins we found from your provision data url. It contains items from WordPress.org plugin repository as well as externally hosted items. If you are not sure to install any of these items, simply uncheck them and they will not be installed. Just for your reference, the provision data url was ","First time view","Form has been submitted",[265,263,264,268],[],[],[]]