[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_qtUmcIouaXVTVm7Bn-fYk4BHNXduQH1p9-EAiyrDC0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":140,"fingerprints":286},"wp-settings","WP Settings:WordPress Settings and Database Backup","2.5.8","codecompiled","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodecompiled\u002F","\u003Cp>WP Settings plugin helps you manage WordPress site by displaying useful site inforamtion such wordpress settings ,database details,installed plugins,and theme. You can generate Database Backup Script which could be used for restoring database and site migration.There are many settings which should be configured properly and WP Settings plugin will help you see all the useful settings from a single location.You can view server settings(such as PHP version),DB details and plugins information such as active & inactive plugins.It helps you identify which tables are heavily used in your WordPress site so you can optimize tables.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>View WordPress settings such as version and url.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>MySQL details such as version and database.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Generate clean, SQL-compatible database backup scripts for safekeeping or migration.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View Server details such as Apache version.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View PHP settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View installed Plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Easily manage and export your WordPress settings.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Display useful information about WordPress,plugins,database and generate database backup script.Configure WordPress by analyzing common settings...",10,1636,0,"2024-12-25T21:05:00.000Z","6.7.5","","5.2.4",[19,20,21,22,23],"db-backup","plugin-details","server-details","theme-settings","wordpress-settings","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-settings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-settings.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,88,"2026-04-04T11:19:36.479Z",[36,61,81,101,124],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":31,"unpatched_count":13,"last_vuln_date":60,"fetched_at":28},"astra-import-export","Import \u002F Export Customizer Settings","1.1.0","Brainstorm Force","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainstormforce\u002F","\u003Cp>Astra theme customizer offers several settings for header\u002Ffooter layout, sidebar and blog designs, colors, backgrounds, typography and much more. You need to tweak the number of settings to make your site look flawless. These settings can be moved to other Astra sites easily with Import \u002F Export Customizer Settings plugin. It will save repetitive work to arrange all customizer settings for each new Astra site or while moving the site from local to live.\u003C\u002Fp>\n\u003Cp>It is an easy-to-use plugin for the Astra theme that lets you import-export customizer settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This Import\u002FExport plugin is created only for the \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002F?utm_source=wp-repo&utm_campaign=home-page-banner-for-astra-theme&utm_medium=description\" rel=\"nofollow ugc\">Astra theme\u003C\u002Fa>. You should have the Astra theme installed and activated on your website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbsf.io\u002Fastra-import-export-demo\" rel=\"nofollow ugc\">Try it out on a free dummy site\u003C\u002Fa>\u003C\u002Fp>\n","Astra theme customizer offers several settings for header\u002Ffooter layout, sidebar and blog designs, colors, backgrounds, typography and much more.",50000,1008491,94,6,"2025-12-01T09:46:00.000Z","6.9.4","4.4","5.4",[53,54,55,56,22],"astra-addons-export","customizer-settings","import","settings","https:\u002F\u002Fwpastra.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fastra-import-export.1.1.0.zip",100,"2020-09-16 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":17,"tags":76,"homepage":16,"download_link":80,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"export-plugin-details","Export Plugin Details","1.1.7","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FHnvBqXMcSxA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>This plugin allows you to export your installed plugin list in CSV format. CSV file having the following fields\u003C\u002Fp>\n\u003Col>\n\u003Cli>Plugin Name\u003C\u002Fli>\n\u003Cli>Description\u003C\u002Fli>\n\u003Cli>Author\u003C\u002Fli>\n\u003Cli>Active\u002FInactive\u003C\u002Fli>\n\u003Cli>Current Version\u003C\u002Fli>\n\u003Cli>Update Available(Yes\u002FNo)\u003C\u002Fli>\n\u003Cli>New Version\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Simple way to export your installed plugins list in CSV format.",2000,22598,98,18,"2024-07-31T07:27:00.000Z","6.6.5","4.3",[77,78,62,79,20],"csv-export","export-plugin","export-plugin-information","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-plugin-details.1.1.7.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":59,"downloaded":89,"rating":59,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":16,"download_link":100,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"extension-info-exporter","Extension Info Exporter","4.0","Dhaval Vachhani","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvpatel\u002F","\u003Cp>\u003Cstrong>Extension Info Exporter 4.0\u003C\u002Fstrong> is the ultimate WordPress plugin management and export tool! This powerful plugin revolutionizes how you handle plugin data with its comprehensive export capabilities and modern interface. Perfect for WordPress plugin inventory management, plugin audit reports, and plugin data export tasks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Choose Extension Info Exporter?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Complete Plugin Management\u003C\u002Fstrong>: Export detailed information about all installed plugins in 4 different formats (CSV, JSON, TXT, XML)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Filtering\u003C\u002Fstrong>: Choose exactly what you need – export all plugins, only active ones, inactive plugins, or just those needing updates\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Beautiful Modern UI\u003C\u002Fstrong>: Experience a sleek, responsive interface with Poppins font and intuitive design\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart Filename Templates\u003C\u002Fstrong>: Use dynamic variables like {date}, {site_name}, {export_type} to create organized, meaningful filenames\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Lightning Fast\u003C\u002Fstrong>: Optimized performance with no bloat – get your exports in seconds\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enterprise Security\u003C\u002Fstrong>: Built with WordPress security best practices including nonce verification and data sanitization\u003C\u002Fp>\n\u003Cp>Whether you’re performing WordPress plugin audits, managing multiple client sites, creating comprehensive plugin reports, or maintaining detailed plugin inventories, Extension Info Exporter 4.0 provides everything you need for professional plugin management and data export.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Core Export Capabilities\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>4 Export Formats\u003C\u002Fstrong>: CSV (default), JSON, TXT (tab-delimited), and XML\u003Cbr \u002F>\n– \u003Cstrong>Advanced Filtering\u003C\u002Fstrong>: All Plugins, Active Only, Inactive Only, Needs Update\u003Cbr \u002F>\n– \u003Cstrong>Smart Field Selection\u003C\u002Fstrong>: Choose exactly which plugin data fields to include\u003Cbr \u002F>\n– \u003Cstrong>Custom Filename Templates\u003C\u002Fstrong>: Dynamic variables {date}, {time}, {site_name}, {export_type}, {format}\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Modern User Experience\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Beautiful Interface\u003C\u002Fstrong>: Clean, responsive design with card-based layout\u003Cbr \u002F>\n– \u003Cstrong>Live Filename Preview\u003C\u002Fstrong>: See your filename before exporting\u003Cbr \u002F>\n– \u003Cstrong>Poppins Font\u003C\u002Fstrong>: Modern typography for better readability\u003Cbr \u002F>\n– \u003Cstrong>Responsive Design\u003C\u002Fstrong>: Works perfectly on all screen sizes\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Functionality\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Plugin Status Detection\u003C\u002Fstrong>: Real-time active\u002Finactive status\u003Cbr \u002F>\n– \u003Cstrong>Update Detection\u003C\u002Fstrong>: Automatic identification of outdated plugins\u003Cbr \u002F>\n– \u003Cstrong>Compatibility Data\u003C\u002Fstrong>: WordPress & PHP version requirements\u003Cbr \u002F>\n– \u003Cstrong>Must-Use Plugin Support\u003C\u002Fstrong>: Export MU plugins when needed\u003Cbr \u002F>\n– \u003Cstrong>Bulk Export\u003C\u002Fstrong>: Handle hundreds of plugins efficiently\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security & Performance\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>WordPress Security\u003C\u002Fstrong>: Nonce verification and data sanitization\u003Cbr \u002F>\n– \u003Cstrong>Lightweight\u003C\u002Fstrong>: No bloat, no tracking, optimized performance\u003Cbr \u002F>\n– \u003Cstrong>Error Handling\u003C\u002Fstrong>: Graceful error management and user feedback\u003Cbr \u002F>\n– \u003Cstrong>Memory Efficient\u003C\u002Fstrong>: Optimized for large plugin inventories\u003C\u002Fp>\n\u003Ch3>How To Use\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Install & Activate\u003C\u002Fstrong>: Install the plugin and activate it from your WordPress admin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configure Fields\u003C\u002Fstrong>: Go to “Extension Info Exporter” in your admin menu\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select Fields\u003C\u002Fstrong>: Choose which plugin data fields you want to export\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose Export Type\u003C\u002Fstrong>: Select from All Plugins, Active Only, Inactive Only, or Needs Update\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pick Format\u003C\u002Fstrong>: Choose your preferred export format (CSV, JSON, TXT, XML)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize Filename\u003C\u002Fstrong>: Use variables like {date}, {site_name} for dynamic filenames\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u003C\u002Fstrong>: Click “Export Plugins Details” to download your file\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fo8Jo4lBPZtU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>List of Exportable Fields\u003C\u002Fh3>\n\u003Cp>You can choose to include any of the following fields in your export:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Plugin Name (always included)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Plugin Version\u003C\u002Fli>\n\u003Cli>Latest Available Version\u003C\u002Fli>\n\u003Cli>Plugin Slug\u003C\u002Fli>\n\u003Cli>Plugin Author\u003C\u002Fli>\n\u003Cli>Author URL\u003C\u002Fli>\n\u003Cli>Needs Update\u003C\u002Fli>\n\u003Cli>Active\u002FInactive Status\u003C\u002Fli>\n\u003Cli>Requires WordPress Version\u003C\u002Fli>\n\u003Cli>Compatible up to WordPress Version\u003C\u002Fli>\n\u003Cli>Requires PHP Version\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>This plugin is ideal for\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress agencies managing multiple client sites\u003C\u002Fli>\n\u003Cli>Freelancers documenting WordPress site setups\u003C\u002Fli>\n\u003Cli>WordPress developers creating plugin audits and checklists\u003C\u002Fli>\n\u003Cli>Website owners tracking plugin updates and security\u003C\u002Fli>\n\u003Cli>Plugin inventory management and reporting\u003C\u002Fli>\n\u003Cli>WordPress plugin data export and analysis\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No setup needed — install, configure your export settings, and download in your preferred format.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Third-Party Libraries & Resources:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Poppins Font\u003C\u002Fstrong>: Google Fonts – https:\u002F\u002Ffonts.google.com\u002Fspecimen\u002FPoppins\n\u003Cul>\n\u003Cli>Licensed under Open Font License\u003C\u002Fli>\n\u003Cli>Used for modern typography and improved readability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Special Thanks:\u003C\u002Fstrong>\u003Cbr \u002F>\n– WordPress community for the amazing platform\u003Cbr \u002F>\n– All contributors and testers who helped improve this plugin\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Professional WordPress plugin export tool for plugin inventory management and audit reports.",1780,4,"2025-09-12T08:57:00.000Z","6.8.5","5.0","7.0",[96,97,62,98,99],"csv-generator","data-export","plugin-data-export","plugin-inventory","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextension-info-exporter.4.0.zip",{"slug":19,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":16,"tags":115,"homepage":16,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":31,"last_vuln_date":123,"fetched_at":28},"DB Backup","6.0","syedamirhussain91","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyedamirhussain91\u002F","\u003Cp>Backup your database in easy and fast way.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View\u002FExport(zip) SQL file\u003C\u002Fli>\n\u003Cli>View\u002FExport(zip) CSV file\u003C\u002Fli>\n\u003C\u002Ful>\n","Backup your database in easy and fast way.",80,20216,86,3,"2018-03-10T21:17:00.000Z","4.9.29","3.0",[116,117,118,119,19],"backup","database","database-backup","db","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdb-backup.6.0.zip",59,2,"2025-07-16 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":59,"num_ratings":134,"last_updated":135,"tested_up_to":74,"requires_at_least":93,"requires_php":16,"tags":136,"homepage":16,"download_link":139,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"zoneit-backup","Zoneit Backup","1.4.1","Zoneit Cloud","https:\u002F\u002Fprofiles.wordpress.org\u002Fzoneit\u002F","\u003Cp>Zoneit Backup is the plugin for creating backup from your website. This plugin is creating the backup from all files of website and database (.sql). it has been developed by \u003Ca href=\"https:\u002F\u002Fzoneit.cloud\" rel=\"nofollow ugc\">Zoneit Cloud\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You Can use this plugin for migrating your website to Zoneit Cloud.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n– Create Backup – manually\u003Cbr \u002F>\n– View And Delete Backups List\u003Cbr \u002F>\n– Restore Backup\u003C\u002Fp>\n","Create backup from website files and db",20,3232,5,"2025-02-08T17:57:00.000Z",[19,137,138,125],"local-backup","wordpress-backup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzoneit-backup.1.4.1.zip",{"attackSurface":141,"codeSignals":157,"taintFlows":244,"riskAssessment":272,"analyzedAt":285},{"hooks":142,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":13,"unprotectedCount":13},[143,149],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","wpsettings_setupOptionsMenu","wp-settings.php",74,{"type":144,"name":150,"callback":151,"file":147,"line":152},"wp_print_scripts","wpsettings_load_scripts_styles",89,[],[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":169,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":243},[],{"prepared":160,"raw":111,"locations":161},7,[162,165,167],{"file":147,"line":163,"context":164},531,"$wpdb->query() with variable interpolation",{"file":147,"line":166,"context":164},541,{"file":147,"line":168,"context":164},548,{"escaped":134,"rawEcho":170,"locations":171},37,[172,175,176,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,234,235,237,239,241],{"file":173,"line":134,"context":174},"wp-settings-options.php","raw output",{"file":173,"line":47,"context":174},{"file":147,"line":132,"context":174},{"file":147,"line":178,"context":174},69,{"file":147,"line":180,"context":174},430,{"file":147,"line":182,"context":174},441,{"file":147,"line":184,"context":174},453,{"file":147,"line":186,"context":174},454,{"file":147,"line":188,"context":174},455,{"file":147,"line":190,"context":174},474,{"file":147,"line":192,"context":174},475,{"file":147,"line":194,"context":174},571,{"file":147,"line":196,"context":174},612,{"file":147,"line":198,"context":174},614,{"file":147,"line":200,"context":174},630,{"file":147,"line":202,"context":174},635,{"file":147,"line":204,"context":174},638,{"file":147,"line":206,"context":174},660,{"file":147,"line":208,"context":174},663,{"file":147,"line":210,"context":174},682,{"file":147,"line":212,"context":174},685,{"file":147,"line":214,"context":174},711,{"file":147,"line":216,"context":174},714,{"file":147,"line":218,"context":174},840,{"file":147,"line":220,"context":174},841,{"file":147,"line":222,"context":174},855,{"file":147,"line":224,"context":174},871,{"file":147,"line":226,"context":174},872,{"file":147,"line":228,"context":174},889,{"file":147,"line":230,"context":174},890,{"file":147,"line":232,"context":174},915,{"file":147,"line":232,"context":174},{"file":147,"line":232,"context":174},{"file":147,"line":236,"context":174},930,{"file":147,"line":238,"context":174},931,{"file":147,"line":240,"context":174},932,{"file":147,"line":242,"context":174},933,[],[245,263],{"entryPoint":246,"graph":247,"unsanitizedCount":31,"severity":262},"getDatabaseContent (wp-settings.php:409)",{"nodes":248,"edges":259},[249,254],{"id":250,"type":251,"label":252,"file":147,"line":253},"n0","source","$_POST",411,{"id":255,"type":256,"label":257,"file":147,"line":182,"wp_function":258},"n1","sink","echo() [XSS]","echo",[260],{"from":250,"to":255,"sanitized":261},false,"medium",{"entryPoint":264,"graph":265,"unsanitizedCount":31,"severity":271},"\u003Cwp-settings> (wp-settings.php:0)",{"nodes":266,"edges":269},[267,268],{"id":250,"type":251,"label":252,"file":147,"line":253},{"id":255,"type":256,"label":257,"file":147,"line":182,"wp_function":258},[270],{"from":250,"to":255,"sanitized":261},"low",{"summary":273,"deductions":274},"The 'wp-settings' plugin v2.5.8 presents a mixed security profile.  While the static analysis reveals a zero attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, indicating a deliberate effort to limit external interaction points, there are significant concerns within the code itself.  A concerningly low 12% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization.  Furthermore, the taint analysis shows 100% of analyzed flows with unsanitized paths, and while no critical or high severity issues were flagged, this pattern strongly suggests potential for various injection vulnerabilities if any of these paths are ever exposed to external input.\n\nThe plugin's vulnerability history is a positive indicator, showing zero known CVEs, unpatched vulnerabilities, or common vulnerability types. This suggests a history of relatively secure development. However, the lack of documented vulnerabilities does not negate the risks identified in the static analysis, particularly the unescaped output and unsanitized taint flows. The absence of nonce and capability checks on any potential entry points (though none were identified) is also a general weakness, as it leaves room for potential future vulnerabilities if entry points are added without proper security.\n\nIn conclusion, the 'wp-settings' plugin v2.5.8 has strengths in its limited attack surface and clean vulnerability history. However, the high rate of unescaped output and the presence of unsanitized taint flows are critical weaknesses that significantly increase the risk of XSS and other injection-based attacks.  Until these code-level issues are addressed, the plugin should be considered moderately risky, despite its lack of publicly known vulnerabilities.",[275,278,281,283],{"reason":276,"points":277},"Low output escaping rate",8,{"reason":279,"points":280},"Unsanitized paths in taint flows",12,{"reason":282,"points":134},"No nonce checks",{"reason":284,"points":134},"No capability checks","2026-03-17T01:23:44.779Z",{"wat":287,"direct":296},{"assetPaths":288,"generatorPatterns":291,"scriptPaths":292,"versionParams":293},[289,290],"\u002Fwp-content\u002Fplugins\u002Fwp-settings\u002Fjs\u002Fwp-settings-script.js","\u002Fwp-content\u002Fplugins\u002Fwp-settings\u002Fcss\u002Fwp-settings-style.css",[],[289],[294,295],"wp-settings\u002Fjs\u002Fwp-settings-script.js?ver=","wp-settings\u002Fcss\u002Fwp-settings-style.css?ver=",{"cssClasses":297,"htmlComments":301,"htmlAttributes":302,"restEndpoints":303,"jsGlobals":304,"shortcodeOutput":305},[298,299,300],"nav-tab-active","nav-tab-wrapper","nav-tab",[],[],[],[],[]]