[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX1II_poqocRrI-2JdK4KBEwkq5nVdWe_56UBjphTkCk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":145,"fingerprints":234},"wp-theme-changelogs","WP Theme Changelogs","1.0","ThemeZee","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemezee\u002F","\u003Cp>The \u003Cem>WP Theme Changelogs\u003C\u002Fem> plugin allows you to view the changelog before updating a theme, very similiar to the available changelogs for plugins.\u003C\u002Fp>\n\u003Ch4>How does this work?\u003C\u002Fh4>\n\u003Cp>The plugin parses the readme.txt of the theme to get the changelog details. In order to work, your theme must have a valid readme.txt including a changelog section.\u003C\u002Fp>\n","Adding changelogs for themes hosted on wordpress.org by parsing their readme.txt",1000,33939,100,3,"2020-04-01T09:01:00.000Z","5.4.19","4.4","",[20,21,22,23,24],"changelog","theme","theme-changelog","theme-version","update","https:\u002F\u002Fgithub.com\u002FThemeZee\u002Fwp-theme-changelogs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-theme-changelogs.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"themezee",18,60800,96,30,91,"2026-04-04T08:29:21.019Z",[41,60,82,105,125],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":17,"requires_php":18,"tags":55,"homepage":58,"download_link":59,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"easy-theme-and-plugin-upgrades","Easy Theme and Plugin Upgrades","2.0.2","Chris Jean","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrisjean\u002F","\u003Cp>WordPress has a built-in feature to install themes and plugins by supplying a zip file. Unfortunately, you cannot upgrade a theme or plugin using the same process. Instead, WordPress will say “destination already exists” when trying to upgrade using a zip file and will fail to upgrade the theme or plugin.\u003C\u002Fp>\n\u003Cp>Easy Theme and Plugin Upgrades fixes this limitation in WordPress by automatically upgrading the theme or plugin if it already exists.\u003C\u002Fp>\n\u003Cp>While upgrading, a backup copy of the old theme or plugin is first created. This allows you to install the old version in case of problems with the new version.\u003C\u002Fp>\n\u003Cp>Attention: Version 2.0.0 changed the functionality of the plugin. You are no longer required to select “Yes” from a drop down before the theme or plugin can be upgraded. The need for an upgrade is now detected automatically. So, if you are used to the old functionality of the plugin, do not be concerned about the absence of upgrade details on the theme and plugin upload pages. Simply upload the theme or plugin as if you were installing it, and the plugin will automatically handle upgrading as needed.\u003C\u002Fp>\n","Easily upgrade your themes and plugins using zip files without removing the theme or plugin first.",70000,1436562,94,117,"2022-04-20T03:40:00.000Z","5.7.15",[21,24,56,57],"upgrade","upload","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Feasy-theme-and-plugin-upgrades\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-theme-and-plugin-upgrades.2.0.2.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":51,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":80,"download_link":81,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255107,61,"2021-06-04T00:46:00.000Z","5.0.25","3.7",[75,76,77,78,79],"core","plugins","stable","themes","updates","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":68,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":102,"download_link":103,"security_score":104,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-auto-update-email-notifications","Disable auto-update Email Notifications","1.5.0","Elvis Nyakangi","https:\u002F\u002Fprofiles.wordpress.org\u002Felvis89\u002F","\u003Cp>Since WordPress 5.5, if you have enabled plugin or theme auto-update you will receive an email notification when a plugin or them auto-update is successful or when it has failed.\u003C\u002Fp>\n\u003Cp>If you manage a dozen of websites, then the constant stream of auto-update emails may be annoying.\u003C\u002Fp>\n\u003Cp>This plugin seeks to cure the problem by automatically disabling plugin and themes email auto-update notifications.\u003C\u002Fp>\n\u003Cp>All other notification will be ON. This plugin only stops plugin and theme auto-update notifications. Not core WordPress updates.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>More about the Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This is a lightweight plugin that is less than 2 kb and has zero effect on your website load speed  \u003C\u002Fli>\n\u003Cli>No settings are required. Just install the plugin, activate, and you are done. . \u003C\u002Fli>\n\u003Cli>It is compatible with the latest version of WordPress. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We create simple and lightweight email tools that work without much settings. Check our \u003Ca href=\"https:\u002F\u002Fgutoz.com\" rel=\"nofollow ugc\">simple email tools\u003C\u002Fa> that you can use for email marketing.\u003C\u002Fp>\n","This plugin performs a simple task of disabling email notifications that are sent by WordPress when a plugin or theme auto-updates.",187452,90,15,"2025-01-21T15:43:00.000Z","6.7.5","5.5","5.6",[98,99,100,101,21],"auto-update","disable","email","notification","https:\u002F\u002Fgutoz.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-auto-update-email-notifications.1.5.0.zip",92,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":36,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":123,"download_link":124,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-wordpress-updates","Disable All WordPress Updates","1.9.1","wpseek","https:\u002F\u002Fprofiles.wordpress.org\u002Falphawolf\u002F","\u003Cp>This plugin completely disables the theme, plugin and core update checking system in WordPress. The plugin prevents WordPress from\u003Cbr \u002F>\nchecking for updates including cronjobs, and prevents any notifications from being displayed.\u003C\u002Fp>\n\u003Cp>It’s \u003Cem>very\u003C\u002Fem> important that you keep your WordPress theme, core and plugins up to date! If you don’t, your blog or website could\u003Cbr \u002F>\nbe \u003Cstrong>susceptible to security vulnerabilities\u003C\u002Fstrong> or performance issues.\u003C\u002Fp>\n\u003Cp>If you use this plugin, make sure you keep yourself up to date with new releases of your active WordPress version, plugins\u003Cbr \u002F>\nand themes and update them as new versions are released (simply by deactivating this plugin for a short time).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fx.com\u002Fwpseek\" title=\"Developer on X\" rel=\"nofollow ugc\">Developer on X\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fbsky.app\u002Fprofile\u002Fcyberblitzbirne.bsky.social\" title=\"Developer on Bluesky\" rel=\"nofollow ugc\">Developer on Bluesky\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for more WordPress plugins? Visit \u003Ca href=\"https:\u002F\u002Fwww.schloebe.de\u002Fportfolio\u002F\" rel=\"nofollow ugc\">www.schloebe.de\u002Fportfolio\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Disables the theme, plugin and core update checking, the related cronjobs, plugin\u002Ftheme update health checks and notification system.",20000,843364,68,"2026-02-15T13:23:00.000Z","6.9.99","3.8","7.4",[121,21,24,122],"disable-updates","update-control","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-wordpress-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wordpress-updates.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":13,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":95,"requires_php":138,"tags":139,"homepage":143,"download_link":144,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-theme-and-plugin-auto-update-emails","Disable Theme and Plugin Auto-Update Emails","2.0.5","KZeni","https:\u002F\u002Fprofiles.wordpress.org\u002Fkzeni\u002F","\u003Cp>Disables the default notification emails sent by a site after an automatic theme and\u002For plugin update. Simply activate the plugin to disable these email notifications (allows failure notices through unless setting is enabled to disable these as well).\u003C\u002Fp>\n\u003Cp>This is a simple & lightweight plugin that simply uses the official filters made available as of WordPress 5.5 to disable these email notifications upon activation. It does let update failure notifications through by default, but the Settings => General page has a setting to disable these as well.\u003C\u002Fp>\n\u003Cp>Check things out on GitHub at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKZeni\u002FDisable-WordPress-Theme-and-Plugin-Auto-Update-Emails\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FKZeni\u002FDisable-WordPress-Theme-and-Plugin-Auto-Update-Emails\u003C\u002Fa>\u003C\u002Fp>\n","Disables the default notification emails sent by a site after an automatic theme and\u002For plugin update. Simply activate the plugin to disable these ema …",10000,112263,10,"2023-10-24T21:49:00.000Z","6.4.8","5.4",[100,140,141,142,79],"notifications","plugin-update","theme-update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-theme-and-plugin-auto-update-emails\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-theme-and-plugin-auto-update-emails.2.0.5.zip",{"attackSurface":146,"codeSignals":167,"taintFlows":190,"riskAssessment":219,"analyzedAt":233},{"hooks":147,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":28,"unprotectedCount":28},[148,154,159],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","admin_init","show_changelog","includes\\class-tztcl-changelog-box.php",26,{"type":149,"name":155,"callback":156,"file":157,"line":158},"plugins_loaded","translation","wp-theme-changelogs.php",48,{"type":149,"name":160,"callback":161,"file":157,"line":162},"admin_enqueue_scripts","show_changelog_link_js",113,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":174,"outputEscaping":176,"fileOperations":28,"externalRequests":188,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":189},[169],{"fn":170,"file":171,"line":172,"context":173},"create_function","includes\\markdown\\Michelf\\Markdown.php",1859,"$this->utf8_strlen = create_function('$text', 'return preg_match_all(",{"prepared":28,"raw":28,"locations":175},[],{"escaped":177,"rawEcho":178,"locations":179},32,4,[180,182,184,186],{"file":152,"line":13,"context":181},"raw output",{"file":152,"line":183,"context":181},127,{"file":152,"line":185,"context":181},131,{"file":152,"line":187,"context":181},151,1,[],[191,210],{"entryPoint":192,"graph":193,"unsanitizedCount":208,"severity":209},"show_changelog (includes\\class-tztcl-changelog-box.php:35)",{"nodes":194,"edges":205},[195,200],{"id":196,"type":197,"label":198,"file":152,"line":199},"n0","source","$_GET (x2)",55,{"id":201,"type":202,"label":203,"file":152,"line":13,"wp_function":204},"n1","sink","echo() [XSS]","echo",[206],{"from":196,"to":201,"sanitized":207},false,2,"medium",{"entryPoint":211,"graph":212,"unsanitizedCount":208,"severity":218},"\u003Cclass-tztcl-changelog-box> (includes\\class-tztcl-changelog-box.php:0)",{"nodes":213,"edges":216},[214,215],{"id":196,"type":197,"label":198,"file":152,"line":199},{"id":201,"type":202,"label":203,"file":152,"line":13,"wp_function":204},[217],{"from":196,"to":201,"sanitized":207},"low",{"summary":220,"deductions":221},"The wp-theme-changelogs plugin version 1.0 exhibits a generally strong security posture, particularly concerning its limited attack surface and the absence of known vulnerabilities. The static analysis reveals no AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication or proper permission checks. Furthermore, the plugin demonstrates good practices regarding SQL queries, with 100% utilizing prepared statements, and a high percentage of output escaping (89%). This suggests a conscious effort to prevent common web vulnerabilities like SQL injection and cross-site scripting (XSS).\n\nHowever, there are specific areas that warrant attention. The presence of the `create_function` dangerous function is a significant concern. While the taint analysis did not reveal critical or high severity flows, the use of `create_function` is inherently risky as it can lead to arbitrary code execution if the input passed to it is not meticulously sanitized. Additionally, the fact that 100% of the analyzed taint flows involve unsanitized paths, even if of lower severity, indicates potential for subtle security weaknesses. The complete lack of nonce checks and capability checks on the identified entry points (although there are none detected) is a general best practice that is missing, which could become a concern if the attack surface were to expand in future versions.\n\nGiven the plugin's history of zero recorded vulnerabilities, it suggests that these potential weaknesses have not yet been exploited or are mitigated by other factors not immediately apparent in the static analysis. The plugin's strengths lie in its minimal attack surface and good SQL handling. The primary weaknesses are the use of `create_function` and the presence of unsanitized taint flows. A balanced conclusion is that while the plugin appears relatively secure due to its limited scope and clean vulnerability history, the identified code signals and taint analysis findings represent latent risks that should be addressed.",[222,224,226,229,231],{"reason":223,"points":92},"Dangerous function: create_function",{"reason":225,"points":135},"Unsanitized paths in taint flows",{"reason":227,"points":228},"Missing nonce checks",5,{"reason":230,"points":228},"Missing capability checks",{"reason":232,"points":14},"Low output escaping percentage (11% unescaped)","2026-03-16T19:09:08.147Z",{"wat":235,"direct":242},{"assetPaths":236,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[237],"\u002Fwp-content\u002Fplugins\u002Fwp-theme-changelogs\u002Fassets\u002Fjs\u002Fchangelog-links.js",[],[237],[241],"wp-theme-changelogs\u002Fassets\u002Fjs\u002Fchangelog-links.js?ver=",{"cssClasses":243,"htmlComments":245,"htmlAttributes":246,"restEndpoints":249,"jsGlobals":250,"shortcodeOutput":252},[244],"open-plugin-details-modal",[],[247,248],"data-theme","data-version",[],[251],"tztcl_changelog_links",[]]