[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKB9bW22Yct_H5irb1eovkqECFr8jzBnTFv6c-CiBo5k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":151,"fingerprints":325},"wp-system-info","WP System Information","1.5","Nurul Amin","https:\u002F\u002Fprofiles.wordpress.org\u002Fnaminbd\u002F","\u003Cp>This simple, but useful and important plugin for show site and system Information, php information, Folder and file Persmission.\u003Cbr \u002F>\nWith this plugin, you can see your site information, server information, Theme Information and plugin information in one place.\u003Cbr \u002F>\n** You also export data to CSV file and download your PC.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>WordPress Information\u003C\u002Fstrong>\u003Cbr \u002F>\n * WP Version\u003Cbr \u002F>\n * WP URL\u003Cbr \u002F>\n * WP Memory Limit\u003Cbr \u002F>\n * Language\u003Cbr \u002F>\n * WP Debug Mode\u003Cbr \u002F>\n * WP Debug Log and Log File Location\u003Cbr \u002F>\n * Upload Directory Location\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Server Information\u003C\u002Fstrong>\u003Cbr \u002F>\n * Server Info\u003Cbr \u002F>\n * PHP, MySQL and cURL Version\u003Cbr \u002F>\n * PHP Time Limit and Max Post Size & Max Upload Size\u003Cbr \u002F>\n * PHP Remote Get Status\u003Cbr \u002F>\n * PHP Error File Location\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Post Type Information\u003C\u002Fstrong>\u003Cbr \u002F>\n * Post type with count\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Time Zone Information\u003C\u002Fstrong>\u003Cbr \u002F>\n * Server Time zone\u003Cbr \u002F>\n * Mysql Time Zone\u003Cbr \u002F>\n * PHP Time Zone\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Theme Information\u003C\u002Fstrong>\u003Cbr \u002F>\n * Current Theme Name\u003Cbr \u002F>\n * Theme Version\u003Cbr \u002F>\n * Child theme Check\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Information\u003C\u002Fstrong>\u003Cbr \u002F>\n * Active plugin list\u003Cbr \u002F>\n * Plugin version\u003Cbr \u002F>\n * Plugin Author URL\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PHP info()\u003C\u002Fstrong>\u003Cbr \u002F>\n * RAW PHP info\u003C\u002Fp>\n\u003Cp>\u003Cstrong>File Persmission\u003C\u002Fstrong>\u003Cbr \u002F>\n * Show all Filder Persmission\u003Cbr \u002F>\n * Show all File Persmission\u003C\u002Fp>\n","Show WordPress Site, Current Theme, active plugin and server related information, php info, file & folder persmission at a glance.",800,14814,80,4,"2022-10-03T17:54:00.000Z","6.1.10","5.0","7.2",[20,21,22,23,24],"file-persmission","folder-persmission","site-info","site-information","system-information","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-system-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-system-info.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-57916","wp-system-information-authenticated-subscriber-sensitive-information-exposure","WP System Information \u003C= 1.5 - Authenticated (Subscriber+) Sensitive Information Exposure","The WP System Information plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.",null,"\u003C=1.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2025-09-26 17:48:19",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F862f331d-4bb9-4249-a224-3eee4802ee6f?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"naminbd",3,830,78,30,79,"2026-04-04T13:56:40.575Z",[55,76,96,117,137],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":63,"num_ratings":63,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":65,"download_link":73,"security_score":74,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":75},"site-status-reporter","Site Status Reporter","1.0","Muhammad Rehman","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuhammad-rehman\u002F","\u003Cp>\u003Cstrong>Site Status Reporter\u003C\u002Fstrong> is a simple yet powerful plugin that allows WordPress administrators to generate and share detailed Site Status Reporter directly from the dashboard. The report includes critical information about the WordPress environment and can be selectively configured before sharing it publicly.\u003C\u002Fp>\n\u003Cp>Reports are generated on a dedicated public URL with tab-based navigation for easier viewing and sharing.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin dashboard page to manage report options\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable sections to include in the report\u003C\u002Fli>\n\u003Cli>Generate detailed Site Status Reporter with a single click\u003C\u002Fli>\n\u003Cli>Shareable public-facing report pages\u003C\u002Fli>\n\u003Cli>Tabbed interface for clean report viewing\u003C\u002Fli>\n\u003Cli>Display:\n\u003Cul>\n\u003Cli>Installed and active plugins (with version info and update notices)\u003C\u002Fli>\n\u003Cli>Installed and active themes (with version info and update notices)\u003C\u002Fli>\n\u003Cli>PHP and WordPress versions\u003C\u002Fli>\n\u003Cli>Server details and OS\u002Fbrowser info\u003C\u002Fli>\n\u003Cli>Debug log output if available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Easily generate and share detailed WordPress site reports with Site Status Reporter, including plugins, themes, PHP, server info, and more—fully custo …",0,160,"","6.8.5","6.7",[69,70,23,71,72],"diagnostics","reporting","site-status","system-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-status-reporter.1.0.zip",100,"2026-03-15T10:48:56.248Z",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":63,"downloaded":84,"rating":74,"num_ratings":28,"last_updated":85,"tested_up_to":86,"requires_at_least":65,"requires_php":87,"tags":88,"homepage":93,"download_link":94,"security_score":95,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":30},"ultimate-info","Ultimate Info","2","KHL32","https:\u002F\u002Fprofiles.wordpress.org\u002Fkhl32\u002F","\u003Cp>View all server and wordpress information in quickly. This plugin is only for site administrators.\u003C\u002Fp>\n","View all server and wordpress information in quickly. This plugin is only for site administrators.",1270,"2020-08-01T12:03:00.000Z","5.5.18","5.2.4",[89,90,91,23,92],"info","server","server-info","wp-info","https:\u002F\u002Fpersian-vc.com\u002Fultimate-info\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-info.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":74,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":115,"download_link":116,"security_score":74,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":30},"atec-system-info","atec System Info","1.2.31","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin provides detailed system information, such as operating system, server, memory, PHP and database details. It will also show PHPinfo, php.ini and PHP extensions.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>This plugin requests the server geo location (country, city) by sending the server IPinfo, a IP2GEO location service at to https:\u002F\u002Fipinfo.io\u002F.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\u003Cbr \u002F>\nTerms: https:\u002F\u002Fipinfo.io\u002Fterms-of-service\u003C\u002Fp>\n","atec System Info (Operating system, server, memory, PHP and database details)",200,11491,2,"2025-12-18T09:33:00.000Z","6.9.4","4.9","7.4",[112,113,114],"highly-detailed-system-information-system-health-status","memory-db-and-comprehensive-server-and-php-configuration-details","server-info-os","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-system-info.1.2.31.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":74,"num_ratings":28,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":87,"tags":130,"homepage":133,"download_link":134,"security_score":135,"vuln_count":28,"unpatched_count":28,"last_vuln_date":136,"fetched_at":30},"site-info-dashboard-widget","Site Info","1.1","Rami Yushuvaev","https:\u002F\u002Fprofiles.wordpress.org\u002Framiy\u002F","\u003Cp>This simple, but useful, plugin adds a widget to your WordPress dashboard, displaying a list of site information. Showing the site name, tagline, site URL, admin URL, admin language, text direction, WordPress version and PHP version.\u003C\u002Fp>\n\u003Cp>It’s very handy if you want to see your site general information in one place – your sites dashboard.\u003C\u002Fp>\n\u003Ch4>More info\u003C\u002Fh4>\n\u003Cp>To read how this plugin was developed, including code examples and screenshots, visit: https:\u002F\u002FGenerateWP.com\u002Fintroducing-dashboard-widgets-generator\u002F\u003C\u002Fp>\n\u003Cp>You can find the plugin source code in here:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002FGenerateWP.com\u002Fsnippet\u002Fnvl3vxg\u002F\u003C\u002Fli>\n\u003Cli>https:\u002F\u002FGenerateWP.com\u002Fsnippet\u002F2VvAap6\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And you can ask for more features using the original post comments area.\u003C\u002Fp>\n","WordPress dashboard widget displaying the main site info.",60,3148,"2018-02-02T23:06:00.000Z","4.9.29","3.0",[131,132,22],"dashboard","dashboard-widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsite-info-dashboard-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-info-dashboard-widget.1.1.zip",64,"2025-09-05 00:00:00",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":63,"downloaded":145,"rating":63,"num_ratings":63,"last_updated":146,"tested_up_to":16,"requires_at_least":17,"requires_php":147,"tags":148,"homepage":65,"download_link":150,"security_score":95,"vuln_count":63,"unpatched_count":63,"last_vuln_date":37,"fetched_at":30},"dashboard-system-info","Dashboard System Info","1.0.0","Jáchym Kellar","https:\u002F\u002Fprofiles.wordpress.org\u002Fjachymkellar\u002F","\u003Cp>Dashboard widget showing following system information:\u003C\u002Fp>\n\u003Ch3>Basic information\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Site title\u003C\u002Fli>\n\u003Cli>Tagline\u003C\u002Fli>\n\u003Cli>Site URL\u003C\u002Fli>\n\u003Cli>Content indexing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Theme\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Name\u003C\u002Fli>\n\u003Cli>Version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Disk space\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Total\u003C\u002Fli>\n\u003Cli>Uploads directory\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Number of active plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Users\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Total\u003C\u002Fli>\n\u003Cli>Administrators\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical parameters\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress version\u003C\u002Fli>\n\u003Cli>PHP version\u003C\u002Fli>\n\u003Cli>PHP memory_limit\u003C\u002Fli>\n\u003Cli>PHP upload_max_filesize\u003C\u002Fli>\n\u003Cli>PHP post_max_size\u003C\u002Fli>\n\u003Cli>Debug mode\u003C\u002Fli>\n\u003Cli>Environment (since WordPress version 5.5.0)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Database\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Name\u003C\u002Fli>\n\u003Cli>Host\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default, the dashboard widget is displayed only for users with the “Editor” or “Administrator” user role.\u003C\u002Fp>\n","Display system information on the administration dashboard page.",740,"2022-12-06T09:25:00.000Z","7.0",[131,149,24],"overview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-system-info.1.0.0.zip",{"attackSurface":152,"codeSignals":170,"taintFlows":264,"riskAssessment":303,"analyzedAt":324},{"hooks":153,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":63,"unprotectedCount":63},[154,160,163],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","admin_enqueue_scripts","admin_scripts","system-info.php",46,{"type":155,"name":161,"callback":161,"file":158,"line":162},"admin_menu",59,{"type":155,"name":164,"callback":165,"file":158,"line":125},"plugins_loaded","load_textdomain",[],[],[],[],{"dangerousFunctions":171,"sqlUsage":177,"outputEscaping":183,"fileOperations":63,"externalRequests":48,"nonceChecks":63,"capabilityChecks":63,"bundledLibraries":263},[172],{"fn":173,"file":174,"line":175,"context":176},"create_function","view\\php-info.php",22,"create_function(",{"prepared":28,"raw":28,"locations":178},[179],{"file":180,"line":181,"context":182},"class\\common.php",198,"$wpdb->get_results() with variable interpolation",{"escaped":184,"rawEcho":185,"locations":186},41,38,[187,191,193,195,197,199,200,203,206,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,244,246,248,249,251,253,255,257,259,261],{"file":188,"line":189,"context":190},"view\\free-plugins.php",15,"raw output",{"file":188,"line":192,"context":190},16,{"file":188,"line":194,"context":190},17,{"file":188,"line":196,"context":190},18,{"file":174,"line":198,"context":190},19,{"file":174,"line":198,"context":190},{"file":201,"line":202,"context":190},"view\\show-file-permission.php",31,{"file":204,"line":205,"context":190},"view\\status.php",62,{"file":204,"line":135,"context":190},{"file":204,"line":208,"context":190},99,{"file":204,"line":210,"context":190},122,{"file":204,"line":212,"context":190},130,{"file":204,"line":214,"context":190},153,{"file":204,"line":216,"context":190},165,{"file":204,"line":218,"context":190},170,{"file":204,"line":220,"context":190},183,{"file":204,"line":222,"context":190},196,{"file":204,"line":224,"context":190},201,{"file":204,"line":226,"context":190},206,{"file":204,"line":228,"context":190},214,{"file":204,"line":230,"context":190},244,{"file":204,"line":232,"context":190},255,{"file":204,"line":234,"context":190},263,{"file":204,"line":236,"context":190},274,{"file":204,"line":238,"context":190},282,{"file":204,"line":240,"context":190},374,{"file":204,"line":242,"context":190},390,{"file":204,"line":242,"context":190},{"file":204,"line":245,"context":190},392,{"file":204,"line":247,"context":190},403,{"file":204,"line":247,"context":190},{"file":204,"line":250,"context":190},405,{"file":204,"line":252,"context":190},436,{"file":204,"line":254,"context":190},461,{"file":204,"line":256,"context":190},468,{"file":204,"line":258,"context":190},474,{"file":204,"line":260,"context":190},530,{"file":204,"line":262,"context":190},532,[],[265],{"entryPoint":266,"graph":267,"unsanitizedCount":106,"severity":302},"\u003Cstatus> (view\\status.php:0)",{"nodes":268,"edges":295},[269,274,279,283,285,288,290,293],{"id":270,"type":271,"label":272,"file":204,"line":273},"n0","source","$_SERVER['SERVER_SOFTWARE']",141,{"id":275,"type":276,"label":277,"file":204,"line":273,"wp_function":278},"n1","sink","echo() [XSS]","echo",{"id":280,"type":271,"label":281,"file":204,"line":282},"n2","$_SERVER['SERVER_ADDR']",147,{"id":284,"type":276,"label":277,"file":204,"line":282,"wp_function":278},"n3",{"id":286,"type":271,"label":287,"file":204,"line":216},"n4","$_SERVER['SERVER_PORT']",{"id":289,"type":276,"label":277,"file":204,"line":216,"wp_function":278},"n5",{"id":291,"type":271,"label":292,"file":204,"line":218},"n6","$_SERVER['GATEWAY_INTERFACE']",{"id":294,"type":276,"label":277,"file":204,"line":218,"wp_function":278},"n7",[296,298,299,301],{"from":270,"to":275,"sanitized":297},true,{"from":280,"to":284,"sanitized":297},{"from":286,"to":289,"sanitized":300},false,{"from":291,"to":294,"sanitized":300},"low",{"summary":304,"deductions":305},"The wp-system-info plugin v1.5 presents a mixed security posture. While the static analysis shows a commendable lack of direct attack surface through common entry points like AJAX, REST API, shortcodes, and cron events, significant concerns arise from the code signals and historical vulnerability data. The presence of the `create_function` function is a red flag, as it can be exploited for arbitrary code execution if not handled with extreme care, which is compounded by the lack of any capability or nonce checks. Furthermore, the 50% of SQL queries not using prepared statements is a risk for SQL injection. The fact that one out of the two total vulnerabilities is still unpatched, and that it's a medium-severity exposure of sensitive information, is a direct indicator of ongoing risk that needs immediate attention. This historical pattern suggests potential ongoing issues with data handling and patching.\n\nDespite the seemingly clean attack surface, the identified code signals like the use of `create_function` and the potential for SQL injection, combined with the unpatched medium vulnerability, paint a picture of a plugin that, while not overtly exposed, has underlying weaknesses. The lack of capability and nonce checks means that even if an attacker finds a way to trigger functionality, there are no built-in safeguards. The vulnerability history highlights a specific pattern of sensitive information exposure, which is a serious concern for any plugin. In conclusion, while the plugin's architecture minimizes direct attack vectors, the presence of dangerous functions, potential for SQL injection, and a persistent unpatched vulnerability significantly elevate the risk profile.",[306,308,311,314,317,319,321],{"reason":307,"points":194},"Unpatched CVE",{"reason":309,"points":310},"Dangerous function (create_function)",8,{"reason":312,"points":313},"SQL queries not using prepared statements (50%)",7,{"reason":315,"points":316},"Output escaping (52% proper)",5,{"reason":318,"points":310},"Missing nonce checks",{"reason":320,"points":310},"Missing capability checks",{"reason":322,"points":323},"Flows with unsanitized paths (Taint Analysis)",6,"2026-03-16T19:17:43.655Z",{"wat":326,"direct":333},{"assetPaths":327,"generatorPatterns":330,"scriptPaths":331,"versionParams":332},[328,329],"\u002Fwp-content\u002Fplugins\u002Fwp-system-info\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-system-info\u002Fassets\u002Fjs\u002Fscript.js",[],[329],[],{"cssClasses":334,"htmlComments":335,"htmlAttributes":336,"restEndpoints":338,"jsGlobals":339,"shortcodeOutput":341},[],[],[337],"data-nonce=\"bsi_nonce\"",[],[340],"BSI_Vars",[]]