[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fK2j19injagwXFv7fMnIHUZHXCgplUOaDciCOjjYBHqw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":145,"fingerprints":257},"wp-server","WP Server","2.2.3","nabtron","https:\u002F\u002Fprofiles.wordpress.org\u002Fnabtron\u002F","\u003Cp>Show average server load and uptime of your linux server on top in admin panel. It contains three values, first one is the load average for last 15 minutes, second one is for 5 minutes, third one is for last 1 minute.\u003C\u002Fp>\n\u003Cp>Now you can easily monitor your server load in real time whenever you want without installing any script or moving out of your wordpress admin panel.\u003C\u002Fp>\n\u003Cp>Options include turn off, on or legacy mode.\u003C\u002Fp>\n\u003Cp>It shows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>3 averages for server load\u003C\u002Fli>\n\u003Cli>server uptime in days and hours\u003C\u002Fli>\n\u003Cli>Memory usage in %age\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If useful – Future versions are planned to have more options, so please leave a feedback\u003C\u002Fp>\n\u003Cp>Found a bug or have a feature request ? \u003Ca href=\"https:\u002F\u002Fnabtron.com\u002Fwp-server-plugin\u002F\" rel=\"nofollow ugc\">Report here\u003C\u002Fa>\u003C\u002Fp>\n","Show average server load and uptime of your linux server on top in admin panel",20,10402,96,4,"2024-03-09T20:50:00.000Z","6.4.8","4.4","",[20,21,22,23],"load","server","status","uptime-linux","https:\u002F\u002Fnabtron.com\u002Fwp-server-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-server.2.2.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},5,1030,91,30,88,"2026-04-04T15:05:25.252Z",[39,60,83,105,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":58,"download_link":59,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"server-status","Server Status","0.1.2","Daisuke Takahashi","https:\u002F\u002Fprofiles.wordpress.org\u002Fextendwings\u002F","\u003Cp>\u003Cem>Do you want to monitor your server without using SSH?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cem>Don’t you know how to use difficult commands? (looks like a spell!)\u003C\u002Fem>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>OK! Leave all to this plugin!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>“Server Status” adds widget like ‘uptime’ command in Dashboard and Network Admin Dashboard.\u003C\u002Fp>\n\u003Ch3>Notice\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Currently, only RHEL\u002FCentOS is tested.\u003C\u002Fstrong> And OS X is tesing now! (The number of tested OS will increase shortly.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PECL Zend OPcache users\u003C\u002Fstrong>, \u003Cem>please add server-status.php\u003C\u002Fem> to black list! Otherwise, there must be segmentation fault.\u003Cbr \u002F>\nThis troublesome process isn’t required on PHP5.5!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 5.2 users\u003C\u002Fstrong>, your version of PHP is no longer supported.(\u003Ca href=\"http:\u002F\u002Fwww.php.net\u002Feol.php\" rel=\"nofollow ugc\">Detail\u003C\u002Fa>) If you’re using such older version, this plugin nags at it!\u003C\u002Fli>\n\u003C\u002Ful>\n","Show server information widget in Dashboard and Network Admin Dashboard.(Currently, only RHEL is tested)",70,3446,100,2,"2014-08-30T20:55:00.000Z","4.0.38","3.8",[55,56,21,22,57],"linux","load-average","uptime","http:\u002F\u002Fwww.extendwings.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-status.0.1.2.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":81,"download_link":82,"security_score":49,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"media-sync","Media Sync","1.4.9","erolsk8","https:\u002F\u002Fprofiles.wordpress.org\u002Ferolsk8\u002F","\u003Cp>This plugin allows you to examine all files within the \u003Ccode>uploads\u003C\u002Fcode> directory to determine which ones are present in the Media Library and which ones are just sitting there unused. You can then choose the files you want to import into the database, thereby including them in the Media Library.\u003C\u002Fp>\n\u003Cp>Moreover, you can utilize FTP to upload files directly to the \u003Ccode>uploads\u003C\u002Fcode> directory and subsequently add these files to the Media Library avoiding any file size limitations.\u003C\u002Fp>\n\u003Ch4>Disclaimers\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>“1 file first”\u003Cbr \u002F>\nPlease try to import only one file first – to see if it works as you expected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“All at once”\u003Cbr \u002F>\nThis plugin is designed for scanning, selecting, and importing \u003Cstrong>all files at once\u003C\u002Fstrong>. However, based on your server’s configuration, memory, and timeout challenges may arise with extensive file quantities. To mitigate this, a newly revamped \u003Ca href=\"https:\u002F\u002Fmediasyncplugin.com\u002F?utm_source=readme&utm_medium=base_plugin&utm_campaign=aao\" rel=\"nofollow ugc\">pro version\u003C\u002Fa> employs incremental directory scans to effectively tackle these issues.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“Your setup is unique”\u003Cbr \u002F>\nPlease be aware that every WordPress installation is unique, and there may be instances where this plugin does not function as expected. Should this occur, we recommend enabling the debugging feature in the plugin’s settings to identify the issue. After investigating, kindly provide a detailed description of your findings in the Support section (or \u003Ca href=\"https:\u002F\u002Fusers.freemius.com\u002Fstore\u002F6428\u002Fsupport\" rel=\"nofollow ugc\">here\u003C\u002Fa> if you’re using pro version). The more comprehensive the details, the higher the likelihood of resolving the problem effectively.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Ignored files\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>various hidden files (.DS_Store, .htaccess),\u003C\u002Fli>\n\u003Cli>WP generated thumbnails (files ending with for example -100×100.jpg),\u003C\u002Fli>\n\u003Cli>WP generated scaled images (files ending with -scaled),\u003C\u002Fli>\n\u003Cli>optimized .webp versions of original images (.jpg.webp),\u003C\u002Fli>\n\u003Cli>retina thumbnails (-100×100@2x.jpg).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These can be modified and enhanced using the new advanced filters available in the \u003Ca href=\"https:\u002F\u002Fmediasyncplugin.com\u002F?utm_source=readme&utm_medium=base_plugin&utm_campaign=df\" rel=\"nofollow ugc\">pro version\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Media Sync Pro features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Revised incremental scan\u003C\u002Fstrong>: Allows scanning and importing unlimited number of files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick single directory rescan\u003C\u002Fstrong>: Easily rescan one directory to find new files or apply a different filter without reloading the whole page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced filters\u003C\u002Fstrong>: Find any file by customizing all default filters, search for a specific file type (images, videos, etc.), skip by tailor-made rules, or enter any custom pattern.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Schedule automatic imports\u003C\u002Fstrong>: Select a desired interval and let the plugin automatically import any new files it finds.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import logs\u003C\u002Fstrong>: View the history of manual or scheduled imports.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit plugin access\u003C\u002Fstrong>: Limit plugin access to a specific role.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Get \u003Ca href=\"https:\u002F\u002Fmediasyncplugin.com\u002F?utm_source=readme&utm_medium=base_plugin&utm_campaign=pfl\" rel=\"nofollow ugc\">pro version here\u003C\u002Fa>.\u003C\u002Fp>\n","Simple plugin to scan \"uploads\" directory and bring those files into Media Library.",40000,527569,94,82,"2025-11-25T08:11:00.000Z","6.9.4","5.3","7.1",[77,78,79,21,80],"ftp","import","media","uploads","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-sync\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-sync.1.4.9.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":103,"download_link":104,"security_score":49,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"server-info","Server Info","0.0.1","Usman Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fusmanaliqureshi\u002F","\u003Cp>This plugin will show you useful information about the hosting server you are using e.g. PHP version, MySQL version, Server OS, Server Protocol, Server IP and other useful information. You can use the information displayed by this plugin to update any settings which is crucial for your website performance and other aspects.\u003C\u002Fp>\n\u003Cp>You will see the information about:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP Version\u003C\u002Fli>\n\u003Cli>Operating System\u003C\u002Fli>\n\u003Cli>Server IP\u003C\u002Fli>\n\u003Cli>Server Hostname\u003C\u002Fli>\n\u003Cli>MySQL Version\u003C\u002Fli>\n\u003Cli>System Uptime\u003C\u002Fli>\n\u003Cli>Active Theme\u003C\u002Fli>\n\u003Cli>Active Plugins\u003C\u002Fli>\n\u003Cli>Database Name\u003C\u002Fli>\n\u003Cli>Database Username\u003C\u002Fli>\n\u003Cli>Database Hostname\u003C\u002Fli>\n\u003Cli>Database Charset\u003C\u002Fli>\n\u003Cli>Database Collate\u003C\u002Fli>\n\u003Cli>WordPress Debugging (Enabled\u002FDisabled)\u003C\u002Fli>\n\u003Cli>WordPress Memory Limit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please rate the Plugin if you find it useful, thanks.\u003C\u002Fp>\n","This plugin will show you very useful information about your hosting server such as PHP version, Server OS, Server IP etc.",3000,56532,72,10,"2025-05-19T05:40:00.000Z","6.8.5","5.2","7.3",[100,101,84,40,102],"admin","dashboard","widget","https:\u002F\u002Fgithub.com\u002Fusmanaliqureshi\u002Fserver-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-info.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":49,"num_ratings":50,"last_updated":115,"tested_up_to":73,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":122,"download_link":123,"security_score":49,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"atec-system-info","atec System Info","1.2.31","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin provides detailed system information, such as operating system, server, memory, PHP and database details. It will also show PHPinfo, php.ini and PHP extensions.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>This plugin requests the server geo location (country, city) by sending the server IPinfo, a IP2GEO location service at to https:\u002F\u002Fipinfo.io\u002F.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\u003Cbr \u002F>\nTerms: https:\u002F\u002Fipinfo.io\u002Fterms-of-service\u003C\u002Fp>\n","atec System Info (Operating system, server, memory, PHP and database details)",200,11491,"2025-12-18T09:33:00.000Z","4.9","7.4",[119,120,121],"highly-detailed-system-information-system-health-status","memory-db-and-comprehensive-server-and-php-configuration-details","server-info-os","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-system-info.1.2.31.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":113,"downloaded":132,"rating":49,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":18,"download_link":144,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"better-resource-hints","Better Resource Hints","1.1.3","Alex MacArthur","https:\u002F\u002Fprofiles.wordpress.org\u002Falexmacarthur\u002F","\u003Cp>Better Resource Hints will make your WordPress site or application faster and generally more performant by intelligently leveraging resource hints like prefetch, preload, preconnect, and server push.\u003C\u002Fp>\n\u003Cp>As it stands, WordPress isn’t that bad about providing a base level of these hints. In fact, a basic, dedicated API has been \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2016\u002F07\u002F06\u002Fresource-hints-in-4-6\u002F\" rel=\"nofollow ugc\">shipped since version 4.6.\u003C\u002Fa>. However, this functionality only scratches the service, providing only \u003Ccode>dns-prefetch\u003C\u002Fcode> tags out of the box, and there’s growing opportunity to take advantage of different hints as they are introduced and gain more browser support. Specifically, this plugin focuses on the following types of hints for your styles and JavaScript assets:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Preconnecting\u003C\u002Fstrong> – This hint is similar to “dns-prefetch,” but a beefier version. Instead of just resolving the DNS, the preconnect hint handles TLS negotiations and TCP handshakes, resulting in reduced page latency.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Preloading\u003C\u002Fstrong> – Preloading occurs when the browser is told it can start downloading an asset in the background early during page load, instead of waiting until the asset is explicitly called to start the process. This hint is most beneficial for assets loaded later on in the page, but are nonetheless essential to the page’s functionality. More often than not, this is a JavaScript file. Enabling this results in an overall faster load time, and quicker time to interactive.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prefetching\u003C\u002Fstrong> – Prefetching assets is similar to preloading, but the assets are downloaded in low priority for the purpose of caching them for later use. For example, if a user hits your home page and is likely to go to a page that uses a heavy JavaScript file, it’s wise to prefetch that asset on the home page, so it’s cached and ready to go on the next. Again, the result is a quicker subsequent page load, quicker time to interactive, and an improved overall user experience. This is different from DNS prefetching, which will only resolve the DNS of a resource’s host, and not actually download the resource itself.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Server Push\u003C\u002Fstrong> – If enabled, server push will tell your server to start delivering an asset before the browser even asks for it. This results in a much faster delivery of key assets, and be toggled on for both preloaded, prefetched, and preconnected assets. \u003Cstrong>Note: This feature requires a server that supports server push, and is the most experimental strategy this plugin provides.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As with any sort of performance-enhancing technique, just be aware that they should be used judiciously, and that the results you see will depend on the size the of resources your site loads, as well as how your server is configured. For additional reading, see some of the resources below:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmedium.com\u002Freloading\u002Fpreload-prefetch-and-priorities-in-chrome-776165961bbf\" rel=\"nofollow ugc\">Preload, Prefetch, & Priorities in Chrome\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fweb\u002Ftools\u002Flighthouse\u002Faudits\u002Fpreload\" rel=\"nofollow ugc\">Preloading Key Requests\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.smashingmagazine.com\u002F2016\u002F02\u002Fpreload-what-is-it-good-for\u002F\" rel=\"nofollow ugc\">Preload: What’s It Good For?\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.keycdn.com\u002Fblog\u002Fresource-hints\u002F\" rel=\"nofollow ugc\">Resource Hints – What is Preload, Prefetch, and Preconnect?\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>What Makes This Plugin Stand Apart?\u003C\u002Fh4>\n\u003Cp>There’s no shortage of plugins out there that aim to leverage resource hints for boosting performance. However, I’ve seen that several of them make the following mistakes:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Inflexible Hint Management\u003C\u002Fstrong> Many similar plugins only provide very limited flexibility in their options, and only allow setting hints globally for every page, regardless of whether the resources are actually needed on the page. This can often result in unecessarily bloaging your bandwidth, since hints on several pages are effectively useless. In some cases, this could actually lead to a less performant site. This plugin attempts to provide options to manage hints more flexibily and intelligently, meaning you won’t be unecessarily preloading assets in the background when they’re not even needed on the page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Misunderstanding What Different Hints Do\u003C\u002Fstrong> I’ve come across some plugins that fail to understand and leverage different hints like they were designed. For example, promising that assets are being preloaded, when they’re actually being prefetched. These and other hints have very different purposes, and should not be interchangably used if you want them to impact your site in the most effective way. This plugin attempts to leverage these hints in way to maximize their effectiveness. For example, BHR won’t prefetch any assets that are enqueued on the page, because that’s just not how the prefetch hint is designed to be used.\u003C\u002Fp>\n\u003Cp>Is Better Resource Hints perfect? Absolutely not. That’s why I encourage any constructive feedback or bug reports to be sent my way immediately, so that I can’t improve this plugin as quickly as possible.\u003C\u002Fp>\n\u003Ch4>A Note About Preloading CSS\u003C\u002Fh4>\n\u003Cp>Because of their high placement on a page, if the option is enabled, your CSS files will be asyncronously preloaded, and \u003Cem>then\u003C\u002Fem> turned into a stylesheet once they’ve completely loaded. The advantage to doing this is that while the files are downloading, they won’t block the rest of the page from rendering, resulting an overall faster page load.\u003C\u002Fp>\n\u003Cp>However, this also means that there may be a flash of unstyled content on the page for a brief moment as the files download. To prevent this, it’s recommended to only preload CSS files that are not critical to the initial view of the page. This will allow you to gain some performance points without sacrificing use experience as the page loads.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The following filters are exposed for your use.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F**\n* Modify the HTML link generated for preconnecting hosts.\n*\n* @param string $link (HTML tag)\n* @param string $url (URL of the host)\n* @return string\n*\u002F\nadd_filter('better_resource_hints_preconnect_tag', function ($link, $url) {\n    return $url;\n}, 10, 2);\n\n\n\n\u002F**\n* Modify the HTML link generated for prefetching hosts.\n*\n* @param string $link (HTML tag)\n* @param string $handle (WP handle of the resource\n* @param string $type (script or style)\n* @return string\n*\u002F\nadd_filter('better_resource_hints_prefetch_tag', function ($link, $handle, $type) {\n    return $url;\n}, 10, 3);\n\n\n\n\u002F**\n* Modify the HTML link generated for preloading hosts.\n*\n* @param string $link (HTML tag)\n* @param string $handle (WP handle of the resource\n* @param string $type (script or style)\n* @return string\n*\u002F\nadd_filter('better_resource_hints_preload_tag', function ($link, $handle, $type) {\n    return $url;\n}, 10, 3);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>What Happens Out of the Box?\u003C\u002Fh3>\n\u003Cp>Upon activation, Better Resource Hints will optimize your resource hints in a conservative, low-risk way by only doing two things out of the box:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Preloading JavaScript assets enqueued in the footer.\u003C\u002Fli>\n\u003Cli>Setting preconnect hints for all third party hosts that already have dns-preconnect hints.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Using the Plugin\u003C\u002Fh3>\n\u003Cp>After activation, you are able to adjust settings to tweak optimization as seen fit. As a means of testing your optimizations, use a tool like \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fweb\u002Ftools\u002Flighthouse\u002F\" rel=\"nofollow ugc\">Google Lighthouse\u003C\u002Fa> to measure the impact of these changes on your site’s performance.\u003C\u002Fp>\n\u003Cp>As mentioned, the techniques used here are largely supported by modern browsers, but your results may vary depending on the amount of assets being loaded on your site, as well as your server configuration.\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>You like it? \u003Ca href=\"mailto:alex@macarthur.me\" rel=\"nofollow ugc\">Email\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fwww.twitter.com\u002Famacarthur\" rel=\"nofollow ugc\">tweet\u003C\u002Fa> me. You hate it? \u003Ca href=\"mailto:alex@macarthur.me\" rel=\"nofollow ugc\">Email\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fwww.twitter.com\u002Famacarthur\" rel=\"nofollow ugc\">tweet\u003C\u002Fa> me.\u003C\u002Fp>\n\u003Cp>Regardless of how you feel, your review would be greatly appreciated!\u003C\u002Fp>\n","Better Resource Hints will make your WordPress site or application faster and generally more performant by intelligently leveraging resource hints lik &hellip;",10965,3,"2019-02-12T03:24:00.000Z","5.0.25","4.0","5.6",[139,140,141,142,143],"performance","prefetch","preload","resource-hints","server-push","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-resource-hints.1.1.3.zip",{"attackSurface":146,"codeSignals":173,"taintFlows":199,"riskAssessment":245,"analyzedAt":256},{"hooks":147,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":27,"unprotectedCount":27},[148,154,158,162,166],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","admin_init","page_init","wp-server.php",28,{"type":149,"name":155,"callback":156,"file":152,"line":157},"admin_menu","nabserver_add_menu",29,{"type":149,"name":159,"callback":160,"file":152,"line":161},"admin_head","wp_server_status_css",50,{"type":149,"name":163,"callback":164,"file":152,"line":165},"admin_footer","wp_server_status",54,{"type":149,"name":163,"callback":167,"file":152,"line":168},"wp_server_status_legacy",57,[],[],[],[],{"dangerousFunctions":174,"sqlUsage":184,"outputEscaping":186,"fileOperations":27,"externalRequests":27,"nonceChecks":197,"capabilityChecks":197,"bundledLibraries":198},[175,178,180],{"fn":176,"file":152,"line":36,"context":177},"exec","$serverresult = @exec('uptime');",{"fn":176,"file":152,"line":179,"context":177},121,{"fn":181,"file":152,"line":182,"context":183},"shell_exec",138,"$free = shell_exec('free');",{"prepared":27,"raw":27,"locations":185},[],{"escaped":27,"rawEcho":14,"locations":187},[188,191,193,195],{"file":152,"line":189,"context":190},117,"raw output",{"file":152,"line":192,"context":190},129,{"file":152,"line":194,"context":190},195,{"file":152,"line":196,"context":190},211,1,[],[200,218,232],{"entryPoint":201,"graph":202,"unsanitizedCount":197,"severity":217},"nabserver_option_page (wp-server.php:169)",{"nodes":203,"edges":214},[204,209],{"id":205,"type":206,"label":207,"file":152,"line":208},"n0","source","$_SERVER",171,{"id":210,"type":211,"label":212,"file":152,"line":194,"wp_function":213},"n1","sink","echo() [XSS]","echo",[215],{"from":205,"to":210,"sanitized":216},false,"medium",{"entryPoint":219,"graph":220,"unsanitizedCount":27,"severity":231},"page_init (wp-server.php:32)",{"nodes":221,"edges":228},[222,225],{"id":205,"type":206,"label":223,"file":152,"line":224},"$_POST['nabserver_show']",42,{"id":210,"type":211,"label":226,"file":152,"line":224,"wp_function":227},"update_option() [Settings Manipulation]","update_option",[229],{"from":205,"to":210,"sanitized":230},true,"low",{"entryPoint":233,"graph":234,"unsanitizedCount":27,"severity":231},"\u003Cwp-server> (wp-server.php:0)",{"nodes":235,"edges":242},[236,237,238,240],{"id":205,"type":206,"label":223,"file":152,"line":224},{"id":210,"type":211,"label":226,"file":152,"line":224,"wp_function":227},{"id":239,"type":206,"label":207,"file":152,"line":208},"n2",{"id":241,"type":211,"label":212,"file":152,"line":194,"wp_function":213},"n3",[243,244],{"from":205,"to":210,"sanitized":230},{"from":239,"to":241,"sanitized":230},{"summary":246,"deductions":247},"The 'wp-server' plugin v2.2.3 presents a mixed security posture.  On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries, having no recorded historical vulnerabilities, and limiting its attack surface to zero exposed entry points without authentication.  The presence of nonce and capability checks, although minimal, is also a good sign.  However, significant concerns arise from the static analysis, specifically the presence of dangerous functions like 'exec' and 'shell_exec'.  The taint analysis revealing a flow with unsanitized paths is particularly worrying, as it indicates a potential pathway for malicious input to be executed or used in unintended ways, even if currently not flagged as critical or high severity.  Furthermore, 100% of output is not properly escaped, creating a risk of cross-site scripting (XSS) vulnerabilities.\n\nThe complete absence of known vulnerabilities in its history is a positive indicator, suggesting either a history of responsible development or a lack of public discovery. However, this cannot fully offset the immediate risks identified in the code.  The combination of dangerous functions and unsanitized input flows, coupled with unescaped output, represents a significant potential risk that requires immediate attention.  While the plugin has strengths in its limited attack surface and SQL handling, the identified code-level risks are substantial and could be exploited if not addressed.",[248,251,253],{"reason":249,"points":250},"Dangerous functions (exec, shell_exec) used",15,{"reason":252,"points":94},"Flow with unsanitized paths",{"reason":254,"points":255},"Output escaping: 0% properly escaped",6,"2026-03-16T22:45:41.703Z",{"wat":258,"direct":263},{"assetPaths":259,"generatorPatterns":260,"scriptPaths":261,"versionParams":262},[],[],[],[],{"cssClasses":264,"htmlComments":266,"htmlAttributes":267,"restEndpoints":273,"jsGlobals":274,"shortcodeOutput":275},[265],"nabserver_main_options_section",[],[268,269,270,271,272],"id=\"wp_server_status\"","name=\"nabserver_noncename\"","id=\"nabserver_noncename\"","name=\"action_nabserver\"","id=\"submit_nabserver\"",[],[],[]]