[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSAHu9z1wYdMUXyh7HWIBCg-66tS5Vt3QvjeTdtsQtWg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":136,"fingerprints":328},"wp-shabbat","WP-Shabbat","2.3","DrMosko","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrmosko\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.dossihost.net\u002F%D7%AA%D7%95%D7%A1%D7%A3-%D7%95%D7%95%D7%A8%D7%93%D7%A4%D7%A1-%D7%A1%D7%95%D7%92%D7%A8-%D7%90%D7%AA%D7%A8-%D7%91%D7%A9%D7%91%D7%AA%D7%95%D7%AA-%D7%95%D7%97%D7%92%D7%99%D7%9D\u002F\" rel=\"nofollow ugc\">WP-Shabbat\u003C\u002Fa> is a WordPress plugin that will help you and your visitors observe the shabbat.\u003C\u002Fp>\n\u003Cp>For more information in hebrew, check out \u003Ca href=\"http:\u002F\u002Fwww.dossihost.net\u002F%D7%AA%D7%95%D7%A1%D7%A3-%D7%95%D7%95%D7%A8%D7%93%D7%A4%D7%A1-%D7%A1%D7%95%D7%92%D7%A8-%D7%90%D7%AA%D7%A8-%D7%91%D7%A9%D7%91%D7%AA%D7%95%D7%AA-%D7%95%D7%97%D7%92%D7%99%D7%9D\u002F\" rel=\"nofollow ugc\">WP-Shabbat\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>close the site by setting the Shabbat and holiday enter time in minutes when the minimum is 20 minutes.\u003C\u002Fli>\n\u003Cli>close the site by setting the Shabbat and holiday exit time in temporary minutes from 18 minutes to 72 minutes.\u003C\u002Fli>\n\u003Cli>Ip databse is updated automatically every week. (est. size : 17Mb)\u003C\u002Fli>\n\u003Cli>search engine bots get http header 503.(SEO-Friendly) :\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fproductforums.google.com\u002Fforum\u002F#!topic\u002Fwebmasters\u002FbjpQtTwzadI\u002Fdiscussion\" rel=\"nofollow ugc\">Answer from Google about WP-Shabbat\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>plugin languages : English,Hebrew,Russian.\u003C\u002Fli>\n\u003Cli>plugin will generate on fly page with your template for visitor to come back later.\u003C\u002Fli>\n\u003Cli>Display popup message when its shabbat or holiday.\u003C\u002Fli>\n\u003Cli>Display one hour countdown before site closes to soft the user termination.\u003C\u002Fli>\n\u003Cli>Add custom messages and images etc, below the plugin default message.\u003C\u002Fli>\n\u003Cli>select which css class\u002Fid to hide when site closed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Notes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shabbat and holiday exit time is temporary minutes that calculated from sunrise to sunset and divided into 12 hours.\u003C\u002Fli>\n\u003Cli>The sunrise and sunset times is calculated for each user by his location. \u003C\u002Fli>\n\u003Cli>Identification place of the user is by its IP address close to 40 km.\u003C\u002Fli>\n\u003Cli>This script uses GeoLite Country from MaxMind (http:\u002F\u002Fwww.maxmind.com) which is available under terms of GPL\u002FLGPL \u003C\u002Fli>\n\u003Cli>DB file GeoLiteCity.dat downloaded every week from maxmind servers to plugin directory.\u003C\u002Fli>\n\u003C\u002Ful>\n","Close site or display popup message on Shabbat and Holidays by identifying the address of the user IP and close to 40 km",10,9382,100,8,"2017-09-17T09:56:00.000Z","4.8.28","3.7.0","",[20,21,22,23,24],"503","close-site","jewish-holiday","popup-window","shabbat","http:\u002F\u002Fwww.dossihost.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-shabbat.2.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"drmosko",4,50,30,84,"2026-04-04T19:07:15.793Z",[40,61,83,104,118],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":13,"num_ratings":49,"last_updated":18,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":60},"holy-day-off","Holy Day Off","1.2.4","topwp","https:\u002F\u002Fprofiles.wordpress.org\u002Ftopwp\u002F","\u003Cp>\u003Cstrong>Holy Day Off\u003C\u002Fstrong> is the most trusted way for Jewish-owned WooCommerce stores to observe Shabbat and Jewish holidays — fully automated, zero manual work.\u003C\u002Fp>\n\u003Cp>Pick your city, and the plugin does the rest. It knows exactly when Shabbat starts and ends based on halachic times for your location, and automatically manages your entire store: disabling purchases, hiding payment options, and showing visitors a beautiful, customizable alert bar.\u003C\u002Fp>\n\u003Cp>Whether you run a small online shop or a high-traffic eCommerce site, Holy Day Off keeps your store compliant with your values — while you rest.\u003C\u002Fp>\n\u003Ch4>Why Store Owners Choose Holy Day Off\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Set it and forget it.\u003C\u002Fstrong> No need to manually close and reopen your store every week. Holy Day Off runs on autopilot — checking Shabbat times every 5 minutes so your store transitions seamlessly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Works with modern WooCommerce.\u003C\u002Fstrong> Full support for WooCommerce Blocks (cart & checkout), classic templates, and HPOS (High-Performance Order Storage). No matter how your store is set up, Holy Day Off has you covered.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Beautiful admin experience.\u003C\u002Fstrong> A clean, card-based dashboard gives you instant visibility into your store’s status, next Shabbat times, and all settings — with a live alert bar preview so you see exactly what your visitors will see.\u003C\u002Fp>\n\u003Ch4>Full Feature List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Shabbat scheduling\u003C\u002Fstrong> — Candle-lighting and Havdalah times calculated for your city\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce integration\u003C\u002Fstrong> — Hide “Add to Cart” buttons, disable payment gateways, and block checkout during Shabbat\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Blocks support\u003C\u002Fstrong> — Works seamlessly with block-based cart and checkout pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HPOS compatible\u003C\u002Fstrong> — Fully compatible with WooCommerce High-Performance Order Storage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable alert bar\u003C\u002Fstrong> — Styled notification bar with custom message, colors, and optional close button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full-page redirect\u003C\u002Fstrong> — Redirect your entire site to a dedicated Shabbat landing page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force close\u003C\u002Fstrong> — Manually close your shop at any time with a single toggle\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live admin preview\u003C\u002Fstrong> — See your alert bar styling in real-time as you configure it\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache-friendly\u003C\u002Fstrong> — Automatically clears WP Rocket cache when Shabbat status changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Timezone-accurate\u003C\u002Fstrong> — Displays times in your city’s local timezone, not the server’s\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & fast\u003C\u002Fstrong> — Transient caching for API calls, scripts load only on plugin pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation-ready\u003C\u002Fstrong> — Fully internationalized with i18n support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean uninstall\u003C\u002Fstrong> — Removes all plugin data and scheduled events when you uninstall\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install & activate the plugin\u003C\u002Fli>\n\u003Cli>Enter your license key\u003C\u002Fli>\n\u003Cli>Select your city from the dropdown\u003C\u002Fli>\n\u003Cli>Configure your preferences — alert bar style, WooCommerce behavior, or page redirect\u003C\u002Fli>\n\u003Cli>Done! The plugin automatically manages your store every Shabbat\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Who Is This For?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Jewish eCommerce store owners\u003C\u002Fstrong> who want to observe Shabbat without the weekly hassle\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & developers\u003C\u002Fstrong> building stores for religious clients\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any WordPress site owner\u003C\u002Fstrong> who wants to display a scheduled alert bar or redirect visitors on specific days\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cp>Unlock the full power of Holy Day Off with a Pro license — automatic scheduling, custom alert bars, WooCommerce integration, and page redirects.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftopwp.net\u002Fproduct\u002Fholy-day-off-wp-plugin\u002F\" rel=\"nofollow ugc\">Get Pro Version\u003C\u002Fa>\u003C\u002Fp>\n","The #1 Shabbat & Jewish holiday plugin for WordPress. Automatically close your WooCommerce store on schedule. Set your city once, rest every week.",1272,1,"6.7.5","6.0","7.4",[54,55,56,24,57],"close-shop","holiday","jewish-holidays","woocommerce","https:\u002F\u002Ftopwp.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fholy-day-off.1.2.4.zip","2026-03-15T10:48:56.248Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":18,"tags":76,"homepage":81,"download_link":82,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"alligator-popup","Alligator Popup","2.0.0","cubecolour","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumeeja\u002F","\u003Cp>This plugin allows you to enter a shortcode to add links to pages\u002Fposts which will be opened in a popup window. The only options in Alligator popup are entered in the shortcode, so there is no admin page for this plugin.\u003C\u002Fp>\n\u003Ch4>Shortcode:\u003C\u002Fh4>\n\u003Cp>Add a popup shortcode where you would like a link to appear within your post or page text. The shortcode has parameters for url, height and width and should be in the format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[popup url=\"https:\u002F\u002Fcubecolour.co.uk\u002Fwp\" height=\"300\" width=\"300\" scrollbars=\"yes\" alt=\"popup\"]Link Text[\u002Fpopup]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Include your own Link Text and values for the url the width & height of the popup, and the alt text fot the link.\u003C\u002Fp>\n\u003Cp>If no values are entered for the alt text and the height and width, defaults of 400px are used for the width & height of the popup window.\u003C\u002Fp>\n\u003Cp>Scrollbars are enabled by default and will show if the scrollbars parameter is not added to the shortcode. If you do not want scrollbars on your popup window, add the scrollbars parameter with the value “no” to the shortcode: \u003Ccode>scrollbars=\"no\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>If no value is entered for the alt text, an empty alt tag will be used in the link.\u003C\u002Fp>\n\u003Ch4>HTML Link:\u003C\u002Fh4>\n\u003Cp>Instead of using the shortcode you can include your link in the format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"https:\u002F\u002Fcubecolour.co.uk\u002Fwp\" class=\"popup\" data-height=\"300\" data-width=\"300\" data-scrollbars=\"0\" alt=\"my link text\">Link Text\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This might be useful in a text widget, or you can build the link in a template file of your theme.\u003C\u002Fp>\n\u003Ch4>Note:\u003C\u002Fh4>\n\u003Cp>If you are using any other plugin (or a theme) that uses a shortcode with the name ‘popup’, you will not be able to use this plugin. This is not because of any shortcoming in this plugin, but because shortcodes such as those to create popup links should always be implemented in a plugin not a theme.\u003C\u002Fp>\n\u003Cp>On mobile devices such as iPads which don’t use browser windows, the link will open in a new tab.\u003C\u002Fp>\n\u003Cp>This plugin was written in response to a post by a WordPress.org forum user who promised to wrestle an alligator if his problem with creating popups was solved.\u003C\u002Fp>\n","Add popups to your site. Add links to pages\u002Fposts via a shortcode which will be opened in a popup browser window.",2000,71883,98,45,"2025-06-23T09:51:00.000Z","6.8.5","4.9",[77,78,23,79,80],"jquery","popup","popups","shortcode","http:\u002F\u002Fcubecolour.co.uk\u002Falligator-popup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falligator-popup.2.0.0.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":28,"num_ratings":28,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":18,"download_link":103,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"beckin-maintenance-mode","Beckin Maintenance Mode","1.2.0","Beckin","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeckin\u002F","\u003Cp>\u003Cstrong>Beckin Maintenance Mode\u003C\u002Fstrong> is a lightweight, secure plugin that lets administrators safely put their WordPress site into maintenance mode without hurting SEO. It sends the proper 503 Service Unavailable header with an optional Retry-After value, shows a maintenance page to visitors while still allowing admin logins, and prevents caching to ensure your site reopens cleanly.\u003C\u002Fp>\n\u003Cp>While maintenance mode is active, logged-in admins (and any other allowed roles) can continue working in the dashboard and browse the frontend normally. To \u003Cstrong>preview the maintenance \u002F coming soon page\u003C\u002Fstrong> as a visitor, you can do any of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Open your site in a different browser\u003C\u002Fli>\n\u003Cli>Open an incognito or private window\u003C\u002Fli>\n\u003Cli>Use a device where you are not logged in\u003C\u002Fli>\n\u003Cli>Log out of the admin dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The first 3 options easily let you preview the maintenance page without interrupting your own work. Everyone who is not logged in, or does not have permission to bypass maintenance mode, will see the maintenance page instead of your normal site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES\u003C\u002Fstrong>\u003Cbr \u002F>\n1. \u003Cstrong>Smart 503 Response\u003C\u002Fstrong> – Sends a proper HTTP 503 Service Unavailable header with optional Retry-After, which keeps your SEO safe.\u003Cbr \u002F>\n2. \u003Cstrong>Admin Bypass\u003C\u002Fstrong> – Admins can log in and keep working without being blocked, even while maintenance mode is active.\u003Cbr \u002F>\n3. \u003Cstrong>Editor Bypass Mode\u003C\u002Fstrong> – Optionally allow users who can edit posts (for example Editors and Authors) to keep working while visitors and subscribers see the maintenance page.\u003Cbr \u002F>\n4. \u003Cstrong>Feed & API Safe\u003C\u002Fstrong> – RSS feeds and REST API requests aren’t broken, so external tools and readers still function.\u003Cbr \u002F>\n5. \u003Cstrong>Cache-Control Protection\u003C\u002Fstrong> – Adds no-cache headers so the maintenance page isn’t cached by browsers or CDNs.\u003Cbr \u002F>\n6. \u003Cstrong>Simple Settings Page\u003C\u002Fstrong> – Clean and intuitive admin UI using core WordPress settings API, with sanitized input and escaped output everywhere.\u003Cbr \u002F>\n7. \u003Cstrong>Admin Bar Badge\u003C\u002Fstrong> – Shows a subtle “Maint. ON” badge when active for quick visibility.\u003Cbr \u002F>\n8. \u003Cstrong>CLI Integration\u003C\u002Fstrong> – Offers WP-CLI commands (wp beckin-mm enable|disable|status) for devs managing maintenance mode programmatically.\u003Cbr \u002F>\n9. \u003Cstrong>Restricted Control\u003C\u002Fstrong> – Only administrators (with the manage_options capability) can enable, disable, or change settings for maintenance mode.\u003Cbr \u002F>\n10. \u003Cstrong>Lightweight & Secure\u003C\u002Fstrong> – No bloat and zero dependencies\u003Cbr \u002F>\n11. \u003Cstrong>Advanced Styling Controls\u003C\u002Fstrong> – Customize the maintenance \u002F coming soon page background colors, header and body text colors, and fully control the message box color and opacity, with a one-click Reset Style Settings button to restore defaults.\u003C\u002Fp>\n\u003Cp>🌟 Like our plugin? Find it useful? Please consider sharing your experience by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbeckin-maintenance-mode\u002Freviews\u002F\" rel=\"ugc\">leaving a review on WordPress.org\u003C\u002Fa>. Your feedback is instrumental to shaping our future growth!\u003C\u002Fp>\n\u003Ch3>CLI commands\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>wp beckin-mm enable\nwp beckin-mm disable\nwp beckin-mm status\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A simple & lightweight, SEO-safe maintenance mode: 503 header + Retry-After, custom message, and admin bypass.",1000,3633,"2025-12-22T05:50:00.000Z","6.9.4","6.8","8.0",[98,99,100,101,102],"503-status","coming-soon","maintenance","maintenance-mode","site-updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeckin-maintenance-mode.1.2.0.zip",{"slug":105,"name":106,"version":64,"author":65,"author_profile":66,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":74,"requires_at_least":75,"requires_php":18,"tags":114,"homepage":116,"download_link":117,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"alligator-menu-popup","Alligator Menu Popup","\u003Cp>This is a fork of my similarly named Alligator Popup Plugin. Unlike the original plugin, this one enables you to open the target of a menu item of your WordPress custom menu in a popup window.\u003C\u002Fp>\n\u003Cp>Add the ‘mpopup’ class to a menu item in a custom menu to open the target in a popup Window.\u003C\u002Fp>\n\u003Cp>Enables you to specify that a menu item on your WordPress custom menu will open in a new popup window. An admin page allows you can control the size of the popup window and whether it has scrollbars.\u003C\u002Fp>\n\u003Ch4>Usage:\u003C\u002Fh4>\n\u003Cp>You will find the Menu Popup Settings Page at Settings => Menu Popup\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set the dimensions of the popup window and whether you want the popup window to be scrollable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Then edit your custom menu at Appearance => Menus\u003Cbr \u002F>\n* Enable the CSS Classes option in the Screen Options pull-down panel on the menu editor page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add the mpopup class to any menu item where you want the target page to open in a popup window.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When the menu item is clicked, the link should now open in a popup window.\u003C\u002Fp>\n","Add the 'mpopup' class to a menu item in a custom menu to open the target in a popup Window.",600,21022,96,17,"2025-06-23T09:50:00.000Z",[78,23,79,80,115],"simple","http:\u002F\u002Fcubecolour.co.uk\u002Falligator-menu-popup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falligator-menu-popup.2.0.0.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":34,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":134,"download_link":135,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"shamor","Shamor","1.8.3","Shamor Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fshamor\u002F","\u003Cp>Redirect user out of your site on Shabbat and Holiday.\u003C\u002Fp>\n\u003Cp>Read more on the \u003Ca href=\"https:\u002F\u002Fwpshamor.com\u002F\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003C\u002Fp>\n","Redirect user out of your site on Shabbat and Holiday.",400,4293,"2025-10-23T07:59:00.000Z","6.4.8","2.0","5.3",[133,24],"jewish","https:\u002F\u002Fwpshamor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshamor.1.8.3.zip",{"attackSurface":137,"codeSignals":191,"taintFlows":276,"riskAssessment":315,"analyzedAt":327},{"hooks":138,"ajaxHandlers":187,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":28,"unprotectedCount":28},[139,145,151,156,159,164,168,172,176,180,184],{"type":140,"name":141,"callback":142,"file":143,"line":144},"filter","send_headers","wp_shabbat_status_header","wp-shabbat-closed-page.php",68,{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","wp_footer","wp_shabbat_countdown","wp-shabbat-countdown.php",108,{"type":146,"name":152,"callback":153,"file":154,"line":155},"wp_enqueue_scripts","wp_shabbat_popup_scripts","wp-shabbat-popup.php",2,{"type":146,"name":147,"callback":157,"file":154,"line":158},"wp_shabbat_popup_filter",14,{"type":140,"name":160,"callback":161,"file":162,"line":163},"wp_mail_content_type","set_html_content_type","wp-shabbat-update.php",61,{"type":146,"name":165,"callback":166,"file":167,"line":112},"admin_init","wp_shabbat_admin_init","wp-shabbat.php",{"type":146,"name":169,"callback":170,"file":167,"line":171},"admin_menu","wp_shabbat_admin",208,{"type":146,"name":173,"callback":174,"file":167,"line":175},"get_header","wp_shabbat",354,{"type":146,"name":177,"callback":178,"file":167,"line":179},"wp_loaded","wp_shabbat_update",420,{"type":146,"name":181,"callback":182,"file":167,"line":183},"init","wp_shabbat_lang",432,{"type":146,"name":147,"callback":185,"file":167,"line":186},"wp_shabbat_add_footer_link",449,[],[],[],[],{"dangerousFunctions":192,"sqlUsage":193,"outputEscaping":195,"fileOperations":274,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":275},[],{"prepared":28,"raw":28,"locations":194},[],{"escaped":11,"rawEcho":196,"locations":197},39,[198,201,203,205,207,209,211,213,215,217,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,259,261,263,264,266,268,270,272],{"file":143,"line":199,"context":200},21,"raw output",{"file":143,"line":202,"context":200},29,{"file":143,"line":204,"context":200},34,{"file":149,"line":206,"context":200},22,{"file":154,"line":208,"context":200},28,{"file":154,"line":210,"context":200},33,{"file":154,"line":212,"context":200},41,{"file":167,"line":214,"context":200},43,{"file":167,"line":216,"context":200},44,{"file":167,"line":72,"context":200},{"file":167,"line":219,"context":200},46,{"file":167,"line":221,"context":200},47,{"file":167,"line":223,"context":200},51,{"file":167,"line":225,"context":200},55,{"file":167,"line":227,"context":200},62,{"file":167,"line":229,"context":200},66,{"file":167,"line":231,"context":200},67,{"file":167,"line":233,"context":200},71,{"file":167,"line":235,"context":200},72,{"file":167,"line":237,"context":200},76,{"file":167,"line":239,"context":200},77,{"file":167,"line":241,"context":200},81,{"file":167,"line":243,"context":200},83,{"file":167,"line":245,"context":200},90,{"file":167,"line":247,"context":200},97,{"file":167,"line":249,"context":200},103,{"file":167,"line":251,"context":200},227,{"file":167,"line":253,"context":200},238,{"file":167,"line":255,"context":200},248,{"file":167,"line":257,"context":200},249,{"file":167,"line":257,"context":200},{"file":167,"line":260,"context":200},250,{"file":167,"line":262,"context":200},251,{"file":167,"line":262,"context":200},{"file":167,"line":265,"context":200},267,{"file":167,"line":267,"context":200},268,{"file":167,"line":269,"context":200},269,{"file":167,"line":271,"context":200},289,{"file":167,"line":273,"context":200},441,5,[],[277,304],{"entryPoint":278,"graph":279,"unsanitizedCount":302,"severity":303},"wp_shabbat_status_header (wp-shabbat-closed-page.php:3)",{"nodes":280,"edges":298},[281,286,291,294],{"id":282,"type":283,"label":284,"file":143,"line":285},"n0","source","$_GET['opentime']",12,{"id":287,"type":288,"label":289,"file":143,"line":285,"wp_function":290},"n1","sink","header() [Header Injection]","header",{"id":292,"type":283,"label":293,"file":143,"line":36},"n2","$_GET['redirectReason'] (x2)",{"id":295,"type":288,"label":296,"file":143,"line":202,"wp_function":297},"n3","echo() [XSS]","echo",[299,301],{"from":282,"to":287,"sanitized":300},false,{"from":292,"to":295,"sanitized":300},3,"medium",{"entryPoint":305,"graph":306,"unsanitizedCount":302,"severity":303},"\u003Cwp-shabbat-closed-page> (wp-shabbat-closed-page.php:0)",{"nodes":307,"edges":312},[308,309,310,311],{"id":282,"type":283,"label":284,"file":143,"line":285},{"id":287,"type":288,"label":289,"file":143,"line":285,"wp_function":290},{"id":292,"type":283,"label":293,"file":143,"line":36},{"id":295,"type":288,"label":296,"file":143,"line":202,"wp_function":297},[313,314],{"from":282,"to":287,"sanitized":300},{"from":292,"to":295,"sanitized":300},{"summary":316,"deductions":317},"The wp-shabbat v2.3 plugin exhibits a generally good security posture with no recorded vulnerabilities or known CVEs, suggesting a history of stable and secure development. The static analysis further reinforces this, showing no dangerous functions, no external HTTP requests, and all SQL queries utilizing prepared statements. However, there are significant areas of concern regarding output escaping and a lack of authorization checks.  While the attack surface is reported as zero, the low percentage of properly escaped output (20%) combined with zero capability checks indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, though limited in scope, reveals flows with unsanitized paths, which, when coupled with insufficient output escaping and authorization, could potentially be exploited.  The absence of nonce checks and capability checks on any entry points, despite the reported zero attack surface, is a critical oversight that contradicts the initial assessment and suggests a potential underreporting or a misunderstanding of what constitutes an attack surface in the provided data. The plugin's strengths lie in its SQL handling and lack of known CVEs, but these are overshadowed by the potential for XSS and unauthorized execution due to inadequate output sanitization and authorization mechanisms.",[318,320,322,325],{"reason":319,"points":14},"Low percentage of properly escaped output",{"reason":321,"points":11},"Lack of capability checks on entry points",{"reason":323,"points":324},"Taint flows with unsanitized paths",7,{"reason":326,"points":274},"Lack of nonce checks on entry points","2026-03-16T23:47:16.519Z",{"wat":329,"direct":338},{"assetPaths":330,"generatorPatterns":333,"scriptPaths":334,"versionParams":335},[331,332],"\u002Fwp-content\u002Fplugins\u002Fwp-shabbat\u002Fcss\u002Fwp-shabbat.css","\u002Fwp-content\u002Fplugins\u002Fwp-shabbat\u002Fjs\u002Fwp-shabbat.js",[],[],[336,337],"wp-shabbat\u002Fcss\u002Fwp-shabbat.css?ver=","wp-shabbat\u002Fjs\u002Fwp-shabbat.js?ver=",{"cssClasses":339,"htmlComments":341,"htmlAttributes":342,"restEndpoints":344,"jsGlobals":345,"shortcodeOutput":347},[340],"wp-shabbat-message",[],[343],"data-wp-shabbat-geo-message",[],[346],"wpShabbat",[]]