[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLCRNC75hyWpSJjfLwNSjqgG1KjkUyi69Aoy53ds2NQ4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":60,"fingerprints":235},"wp-shelly","WP Shelly","2.0.0","sosidee","https:\u002F\u002Fprofiles.wordpress.org\u002Fsosidee\u002F","\u003Cp>This plugin allows connections to a \u003Cstrong>Shelly\u003C\u002Fstrong> relay in order to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>check the status of devices;\u003C\u002Fli>\n\u003Cli>turn the devices \u003Cstrong>ON\u003C\u002Fstrong>\u002F\u003Cstrong>OFF\u003C\u002Fstrong>;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>USEFUL SCENARIO\u003C\u002Fh3>\n\u003Cp>You may want to use this plugin to give someone the access of your Shelly devices \u003Cstrong>in the simplest way\u003C\u002Fstrong>.\u003Cbr \u002F>\nThe device access is protected by the website login.\u003Cbr \u002F>\nEnabled users do not need anything but to be registered in your website.\u003C\u002Fp>\n\u003Cp>This plugin is compatible with \u003Cstrong>Elementor\u003C\u002Fstrong> from the version 2.0.\u003Cbr \u002F>\nThe Elementor widget is located in the \u003Cem>general\u003C\u002Fem> category.\u003C\u002Fp>\n\u003Cp>\u003Cem>For security reason you must restrict the access to the web-controls to a specific user or users’ role.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This plugin requires the \u003Cstrong>WordPress Rest API\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>1)\u003C\u002Fstrong> From the administration console page of the plugin, enter:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>your Shelly authorization key\u003C\u002Fli>\n\u003Cli>your Shelly server URL\u003C\u002Fli>\n\u003Cli>the device ID\u003C\u002Fli>\n\u003Cli>the device channel\u003C\u002Fli>\n\u003Cli>the user or the users’ role that can access to the device control\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>It’s strongly advised to authorize only trusted user(s) to control your device(s).\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2)\u003C\u002Fstrong> Save the data and look for the \u003Cem>shortcode\u003C\u002Fem> displayed at the bottom of the page.\u003Cbr \u002F>\n\u003Cem>Example of the shortcode:\u003C\u002Fem>\u003Cbr \u002F>\n[shelly id=\u003Cem>123\u003C\u002Fem>]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3)\u003C\u002Fstrong> Insert the shortcode in a post\u002Fpage of your WP website.\u003C\u002Fp>\n\u003Cp>For details about the configuration parameters, please refer to the \u003Ca href=\"https:\u002F\u002Fshelly.cloud\u002Fdocuments\u002Fdevelopers\u002Fshelly_cloud_api_access.pdf\" title=\"click to open the PDF\" rel=\"nofollow ugc\">Shelly Cloud API Manual\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Copyright Notice\u003C\u002Fh4>\n\u003Cp>\u003Cem>SHELLY\u003C\u002Fem> is a trademark copyrighted by\u003Cbr \u002F>\nAllterco Robotics LTD\u003Cbr \u002F>\n103 CHERNI VRAH BLVD\u003Cbr \u002F>\n1407 SOFIA\u003Cbr \u002F>\nBULGARIA\u003C\u002Fp>\n","Connects your WP site to Shelly cloud to turn your IoT devices on\u002Foff via Shelly HTTP API. Compatible with Elementor.",10,2145,100,1,"2022-12-05T14:03:00.000Z","6.1.10","5.3.0","7.4",[20,21,22,23,24],"iot-device","shelly","shelly-cloud","shelly-cloud-api","shelly-relay","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-shelly.2.0.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},5,6230,94,30,90,"2026-04-05T09:14:45.338Z",[40],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":13,"num_ratings":14,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-shelly-control","Control Shelly Devices","1.2.3","MCI Desarrollo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcidesarrollo\u002F","\u003Cp>\u003Cstrong>Control your Shelly devices\u003C\u002Fstrong> from your WordPress site.\u003C\u002Fp>\n\u003Cp>Automatically \u003Cstrong>import your devices\u003C\u002Fstrong> and you can \u003Cstrong>turn on, turn off\u003C\u002Fstrong> and see their \u003Cstrong>consumption.\u003C\u002Fstrong>\u003Cbr \u002F>\nYou can make it so that you or other users can access Shelly devices from a WordPress installation protected by CMS authentication and \u003Cstrong>limiting the role of the users\u003C\u002Fstrong>.\u003Cbr \u002F>\nIt is possible to assign permissions according to the user role to manage the devices in the admin menu.\u003C\u002Fp>\n\u003Cp>It is also possible to manage \u003Cstrong>Shelly devices from the front\u003C\u002Fstrong> and control which user roles can do it.\u003C\u002Fp>\n\u003Cp>Use \u003Cstrong>shortcode\u003C\u002Fstrong> \u003Ccode>[mcisc_devices]\u003C\u002Fcode> \u003Cstrong>to display devices\u003C\u002Fstrong> on any WordPress page.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FXR_qVWvOhL0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FXR_qVWvOhL0\" rel=\"nofollow ugc\">Open the mini-tutorial video of the plugin\u003C\u002Fa>\u003C\u002Fp>\n","Control your Shelly devices from your WordPress site. Automatically import your devices and you can turn on, turn off and see their consumption.",2701,"2024-11-15T11:04:00.000Z","6.7.5","4.6","7.0",[54,55,56,21,22],"automation","devices","iot","https:\u002F\u002Fmci-desarrollo.es\u002Fcontrol-shelly-devices\u002F?lang=en","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-shelly-control.1.2.3.zip",92,{"attackSurface":61,"codeSignals":158,"taintFlows":222,"riskAssessment":223,"analyzedAt":234},{"hooks":62,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":28,"unprotectedCount":28},[63,69,74,77,79,84,87,90,93,98,101,105,107,110,114,118,122,126,130,133,137,140,144,148,151],{"type":64,"name":65,"callback":66,"file":67,"line":68},"action","plugins_loaded","loadUserList","form\\base.php",22,{"type":64,"name":70,"callback":71,"file":72,"line":73},"wp_enqueue_scripts","closure","sos\\wp\\asset.php",44,{"type":64,"name":75,"callback":71,"file":72,"line":76},"admin_enqueue_scripts",56,{"type":64,"name":75,"callback":71,"file":72,"line":78},77,{"type":64,"name":80,"callback":81,"file":82,"line":83},"current_screen","sanitize","sos\\wp\\data\\form.php",47,{"type":64,"name":85,"callback":81,"file":82,"line":86},"the_post",49,{"type":64,"name":65,"callback":71,"file":88,"line":89},"sos\\wp\\data\\wpdatabase.php",80,{"type":64,"name":91,"callback":71,"file":92,"line":73},"admin_notices","sos\\wp\\message.php",{"type":64,"name":94,"callback":95,"priority":11,"file":96,"line":97},"save_post","callbackSave","sos\\wp\\metabox.php",67,{"type":64,"name":91,"callback":99,"file":96,"line":100},"handleAdminNotices",76,{"type":64,"name":102,"callback":71,"file":103,"line":104},"init","sos\\wp\\plugin.php",333,{"type":64,"name":65,"callback":71,"file":103,"line":106},386,{"type":64,"name":108,"callback":71,"file":103,"line":109},"enqueue_block_editor_assets",398,{"type":64,"name":111,"callback":112,"file":103,"line":113},"elementor\u002Fwidgets\u002Fwidgets_registered","initializeElementor",453,{"type":115,"name":116,"callback":71,"file":103,"line":117},"filter","query_vars",499,{"type":64,"name":119,"callback":120,"file":103,"line":121},"rest_api_init","registerApi",512,{"type":64,"name":123,"callback":124,"file":103,"line":125},"admin_init","registerData",520,{"type":64,"name":127,"callback":128,"file":103,"line":129},"add_meta_boxes","registerMetaBox",523,{"type":64,"name":131,"callback":71,"file":103,"line":132},"edit_form_after_title",529,{"type":64,"name":134,"callback":135,"file":103,"line":136},"admin_menu","initializePage",541,{"type":64,"name":134,"callback":138,"file":103,"line":139},"initializeMenu",544,{"type":115,"name":141,"callback":142,"priority":11,"file":103,"line":143},"plugin_row_meta","registerDashLink",558,{"type":64,"name":145,"callback":146,"file":103,"line":147},"the_posts","lookForShortcodes",571,{"type":64,"name":65,"callback":149,"file":103,"line":150},"checkElementor",577,{"type":64,"name":65,"callback":71,"file":152,"line":153},"sos\\wp\\translation.php",69,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":167,"fileOperations":33,"externalRequests":219,"nonceChecks":220,"capabilityChecks":14,"bundledLibraries":221},[],{"prepared":161,"raw":14,"locations":162},15,[163],{"file":164,"line":165,"context":166},"sos\\wp\\data\\group.php",112,"$wpdb->get_var() with variable interpolation",{"escaped":76,"rawEcho":168,"locations":169},21,[170,174,177,179,182,185,187,189,191,193,195,197,199,201,203,206,208,210,212,214,216],{"file":171,"line":172,"context":173},"admin\\edit.php",93,"raw output",{"file":175,"line":176,"context":173},"sos\\wp\\be\\navtab.php",32,{"file":175,"line":178,"context":173},36,{"file":180,"line":181,"context":173},"sos\\wp\\data\\cluster.php",148,{"file":183,"line":184,"context":173},"sos\\wp\\data\\field.php",359,{"file":82,"line":186,"context":173},121,{"file":82,"line":188,"context":173},129,{"file":82,"line":190,"context":173},139,{"file":82,"line":192,"context":173},149,{"file":82,"line":194,"context":173},158,{"file":82,"line":196,"context":173},256,{"file":82,"line":198,"context":173},277,{"file":200,"line":176,"context":173},"sos\\wp\\data\\formbutton.php",{"file":200,"line":202,"context":173},42,{"file":204,"line":205,"context":173},"sos\\wp\\data\\formfield.php",287,{"file":207,"line":153,"context":173},"sos\\wp\\htmltag.php",{"file":207,"line":209,"context":173},71,{"file":96,"line":211,"context":173},310,{"file":103,"line":213,"context":173},777,{"file":152,"line":215,"context":173},52,{"file":217,"line":218,"context":173},"src\\widget.php",59,2,3,[],[],{"summary":224,"deductions":225},"The \"wp-shelly\" v2.0.0 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history.  The absence of any identified CVEs, critical taint flows, or unprotected entry points is highly commendable and suggests diligent development practices. The high percentage of SQL queries using prepared statements and the majority of output being properly escaped are excellent indicators of defense-in-depth.  However, there are minor areas for improvement.  The presence of file operations and external HTTP requests, while not inherently dangerous, warrants careful review to ensure they are handled securely and do not introduce vulnerabilities, especially if any user-supplied data could influence their behavior.  Similarly, while nonce and capability checks are present, their distribution and application across all functions interacting with sensitive data should be thoroughly vetted.",[226,228,230,232],{"reason":227,"points":220},"File operations without specific context",{"reason":229,"points":220},"External HTTP requests without specific context",{"reason":231,"points":219},"Limited number of capability checks observed",{"reason":233,"points":219},"Limited number of nonce checks observed","2026-03-17T01:24:11.943Z",{"wat":236,"direct":249},{"assetPaths":237,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[238,239,240,241],"\u002Fwp-content\u002Fplugins\u002Fwp-shelly\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fwp-shelly\u002Fcss\u002Fbutton.css","\u002Fwp-content\u002Fplugins\u002Fwp-shelly\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fwp-shelly\u002Fjs\u002Fcommon.js",[],[240,241],[245,246,247,248],"wp-shelly\u002Fcss\u002Fadmin.css?ver=","wp-shelly\u002Fcss\u002Fbutton.css?ver=","wp-shelly\u002Fjs\u002Fadmin.js?ver=","wp-shelly\u002Fjs\u002Fcommon.js?ver=",{"cssClasses":250,"htmlComments":253,"htmlAttributes":256,"restEndpoints":258,"jsGlobals":261,"shortcodeOutput":263},[251,252],"shelly-device-controls","shelly-device-status",[254,255],"\u003C!-- WP Shelly : user not authorized -->","\u003C!-- WP Shelly -->",[257],"data-shelly-btn-id",[259,260],"\u002Fwp-json\u002Fsos-shelly\u002Fshelly\u002Fchk","\u002Fwp-json\u002Fsos-shelly\u002Fshelly\u002Fswt",[262],"shelly_localize",[264],"\u003Cpre>\u003Cem>we've had a problem here\u003C\u002Fem>"]