[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyMO-bbu3XTlb9P_Zn1sE1yJ45LoPZEibfip9yUNXt4I":3},{"slug":4,"name":4,"version":5,"author":4,"author_profile":6,"description":7,"short_description":8,"active_installs":9,"downloaded":10,"rating":11,"num_ratings":11,"last_updated":12,"tested_up_to":13,"requires_at_least":14,"requires_php":15,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":125,"fingerprints":704},"wp2phone","0.1.6","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp2phone\u002F","\u003Cp>wp2phone plugin allows you to create, design and manage the content of a native iPhone & iPad app, directly in WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Plugin key features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Design & customize the appearance of your app in WordPress (tab bar menu, cell colors, header images).\u003C\u002Fli>\n\u003Cli>Select posts, pages, categories, tags to publish.\u003C\u002Fli>\n\u003Cli>Push notifications on new posts.\u003C\u002Fli>\n\u003Cli>Full integration with WordPress dashboard.\u003C\u002Fli>\n\u003Cli>No programming knowledge required.\u003C\u002Fli>\n\u003Cli>No developer account required.\u003C\u002Fli>\n\u003Cli>Use your Flurry ID to measure the audience of your app.\u003C\u002Fli>\n\u003Cli>Use your AdMob ID to monetize.\u003C\u002Fli>\n\u003Cli>Define your own Ad, pushed on app launch.\u003C\u002Fli>\n\u003Cli>Smart App Banners to promote your app on your website (Safari iOS 6 only).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your app key features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Universal app (iPhone & iPad).\u003C\u002Fli>\n\u003Cli>Customized app icon.\u003C\u002Fli>\n\u003Cli>Customized splash screen.\u003C\u002Fli>\n\u003Cli>Share content via Facebook, Twitter or Email.\u003C\u002Fli>\n\u003Cli>Support of iOS 4, 5, 6.\u003C\u002Fli>\n\u003Cli>Modify appearance and contents, even when available on the App Store.\u003C\u002Fli>\n\u003Cli>Optimized for iPhone 5.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Full preview of your app available via the free \u003Ca href=\"http:\u002F\u002Fitunes.apple.com\u002Fus\u002Fapp\u002Fwp2phone\u002Fid483679543?mt=8\" rel=\"nofollow ugc\">wp2phone app\u003C\u002Fa> on the App Store.\u003C\u002Fp>\n\u003Cp>wp2phone is an easy, fast, cheap and reliable solution to create your native app.\u003C\u002Fp>\n\u003Cp>For more information visit: \u003Ca href=\"http:\u002F\u002Fwp2phone.com\" rel=\"nofollow ugc\">wp2phone.com\u003C\u002Fa>\u003C\u002Fp>\n","wp2phone plugin allows you to create, design and manage the content of a native iPhone & iPad app, directly in WordPress dashboard.",10,4559,0,"2012-10-13T17:47:00.000Z","3.4.2","2.9","",[17,18,19,20,21],"ios","ios4","ipad","iphone","ipod","http:\u002F\u002Fwp2phone.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp2phone.0.1.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":4,"display_name":4,"profile_url":6,"plugin_count":29,"total_installs":9,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T19:14:31.330Z",[34,51,68,87,109],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":9,"downloaded":42,"rating":43,"num_ratings":29,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":15,"tags":47,"homepage":49,"download_link":50,"security_score":43,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"ipad-rubberneck-disrupter","iPad Rubberneck Disrupter","1.0.2","cubecolour","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumeeja\u002F","\u003Cp>When you login to your WordPress site on your iPad, iPhone or iPod Touch, each character of your password will be displayed as you enter it.\u003C\u002Fp>\n\u003Cp>This is not ideal when you login to a WordPress site from your iPad as part of a presentation or screencast, or when you login in a public place and someone might be looking over your shoulder.\u003C\u002Fp>\n\u003Cp>This plugin obscures the password as you type it on your iPad; It causes each character of the password to appear as a plain disc.\u003C\u002Fp>\n\u003Cp>Note:\u003Cbr \u002F>\nThe iPad’s soft keys highlight to indicate a keystroke. If you are presenting on an external screen or projector, in addition to masking the password with this plugin, it is recommended to use a bluetooth keyboard paired to your iPad so that the soft keyboard does not appear on the screen.\u003C\u002Fp>\n","Hides the WordPress login password as it is typed on your iPad or other IOS device.",9653,100,"2025-06-23T10:00:00.000Z","6.8.5","3.5",[17,19,20,21,48],"password","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fipad-rubberneck-disrupter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipad-rubberneck-disrupter.1.0.2.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":9,"downloaded":59,"rating":60,"num_ratings":29,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":15,"tags":64,"homepage":15,"download_link":67,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"push-notifications-ios","Push Notification iOS","0.3","zedamin","https:\u002F\u002Fprofiles.wordpress.org\u002Fzedamin\u002F","\u003Cp>This plugin allows you to send notifications directly from your WordPress site with payload (JSON) to all devices, that have installed your app to notify users about something new.\u003C\u002Fp>\n\u003Cp>Now, go to Installation section to find out how to install and use plugin.\u003C\u002Fp>\n","This plugin allows you to send Push Notifications directly from your WordPress site to your iOS app.",1739,40,"2013-11-22T14:08:00.000Z","3.7.41","3.6",[17,19,20,65,66],"ipod-touch","push-notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notifications-ios.zip",{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":76,"downloaded":77,"rating":43,"num_ratings":78,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":15,"tags":82,"homepage":85,"download_link":86,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"retina-2x","Retina @2x","1.6","Wouter Postma","https:\u002F\u002Fprofiles.wordpress.org\u002Fwouterpostmanl\u002F","\u003Cp>This plugin adds a simple Javascript to your WordPress website that will check for each image if there is a retina version available. This will make sure that your images (logo’s, buttons, images with text) look sharp on Apple devices with retina displays.\u003C\u002Fp>\n\u003Cp>When you have for example a logo of 200 by 200 pixels called “Logo.png”, you will need to upload a second image of 400 by 400 pixels called “Logo@2x.png” in the exact same directory.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fimulus.github.io\u002Fretinajs\u002F\" rel=\"nofollow ugc\">Retina.js by imulus\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwouterpostmanl#content-plugins\" rel=\"nofollow ugc\">View my other plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that looks for retina images automatically based on the @2x naming convention.",800,10993,6,"2017-05-13T15:50:00.000Z","4.8.28","3.0.1",[83,17,19,20,84],"images","retina","https:\u002F\u002Fwouterpostma.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fretina-2x.1.6.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":15,"tags":102,"homepage":105,"download_link":106,"security_score":31,"vuln_count":107,"unpatched_count":11,"last_vuln_date":108,"fetched_at":26},"smart-app-banner","Smart App Banner","1.1.6","stephend","https:\u002F\u002Fprofiles.wordpress.org\u002Fstephend\u002F","\u003Cp>This is a WordPress plugin that allows you to use the Smart App Banners with your\u003Cbr \u002F>\nWordPress blog.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.apple.com\u002Flibrary\u002Fios\u002F#documentation\u002FAppleApplications\u002FReference\u002FSafariWebContent\u002FPromotingAppswithAppBanners\u002FPromotingAppswithAppBanners.html#\u002F\u002Fapple_ref\u002Fdoc\u002Fuid\u002FTP40002051-CH6-SW1\" rel=\"nofollow ugc\">According to Apple\u003C\u002Fa>, Smart App Banners:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>vastly improve users’ browsing experience compared to other promotional methods.\u003Cbr \u002F>\n  As banners are implemented in iOS 6, they will provide a consistent look and\u003Cbr \u002F>\n  feel across the web that users will come to recognize. Users will trust that tapping the\u003Cbr \u002F>\n  banner will take them to the App Store and not a third-party advertisement. They will\u003Cbr \u002F>\n  appreciate that banners are presented unobtrusively at the top of a webpage, instead of\u003Cbr \u002F>\n  as a full-screen ad interrupting the web content. And with a large and prominent\u003Cbr \u002F>\n  close button, a banner is easy for users to dismiss.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>It’s really simple to use. In short, you download and activate the plugin. On pages and posts you should find a “Smart App Banner” settings box. If you want the Smart App Banner to appear on this page then enter the App ID of your application here. You can also enter affiliate data and an app argument here.\u003C\u002Fp>\n\u003Cp>If you want to display a banner on the home page there’s a setting screen (Settings -> Smart App Banner) where you can enter the App ID.\u003C\u002Fp>\n\u003Cp>You can find the App ID in iTunes Connect, using the\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fitunes.apple.com\u002Flinkmaker\u002F\" rel=\"nofollow ugc\">iTunes Link Maker\u003C\u002Fa> or if the iTunes URL for your\u003Cbr \u002F>\napp looks like this:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fitunes.apple.com\u002Fus\u002Fapp\u002Frootn-tootn-baby-feed-timer\u002Fid530589336?ls=1&mt=8\u003C\u002Fp>\n\u003Cp>Then your ID is “530589336”.\u003C\u002Fp>\n\u003Cp>The other two fields are optional.\u003C\u002Fp>\n\u003Cp>The affiliate data field varies depending on the affiliate. The most common is PHG, where the value looks like “at=AFFILIATE_TOKEN” or “at=AFFILIATE_TOKEN&ct=CAMPAIGN” (without the quotes). You can find the token when you sign into the PHG website. The campaign is just some text you use to identify a particular marketing campaign.\u003C\u002Fp>\n\u003Cp>So I might have “at=11lmMT&ct=wordpress” on the product pages of my website. Check the documentation to find your affiliate token and confirm the format.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.apple.com\u002Flibrary\u002Fios\u002Fdocumentation\u002FAppleApplications\u002FReference\u002FSafariWebContent\u002FPromotingAppswithAppBanners\u002FPromotingAppswithAppBanners.html\" rel=\"nofollow ugc\">According to the documentation\u003C\u002Fa>, the app argument value is:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>A URL that provides context to your native app. If you include this, and the user has your\u003Cbr \u002F>\n  app installed, she can jump from your website to the corresponding position in your iOS app.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin does not restrict or validate what you put here.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>You can format it however you’d like, as long as it is a valid URL.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","This is a WordPress plugin that allows you to use Smart App Banners, introduced in iOS 6, with your WordPress blog.",600,24996,94,3,"2024-03-23T20:35:00.000Z","6.4.8","4.6",[103,104,17,19,20],"apple","banner","https:\u002F\u002Fwww.zx81.org.uk\u002Fsoftware\u002Fwordpress-smart-app-banner-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmart-app-banner.1.1.6.zip",2,"2023-10-18 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":43,"num_ratings":29,"last_updated":119,"tested_up_to":120,"requires_at_least":81,"requires_php":15,"tags":121,"homepage":123,"download_link":124,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"ios-smart-app-banner-for-safari","iOS Smart App Banner For Safari","1.0","carpemobile","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarpemobile\u002F","\u003Cp>This WordPress plugin gives you an easy way to add a Smart App Banner for your app (or any iOS app) to any of your pages. What sets this plugin above the others out there is that it makes it easy to add your app, affiliate identifier, affiliate campaign name and deep link app arguments. You can change any of these parameters for each page on your WordPress site.e\u003C\u002Fp>\n\u003Cp>It is really easy to get up and running! Just download and install the plugin, then edit any page that you would like to have a Smart App Banner displayed for and enter the App Store ID for the app.\u003C\u002Fp>\n","iOS Smart App Banner For Safari plugin quickly and easily displays app banners for your web users who are using mobile Safari on iOS.",20,2105,"2016-01-22T18:15:00.000Z","4.4.34",[17,19,20,122,88],"smart","http:\u002F\u002Fcarpemobile.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fios-smart-app-banner-for-safari.1.0.zip",{"attackSurface":126,"codeSignals":159,"taintFlows":584,"riskAssessment":688,"analyzedAt":703},{"hooks":127,"ajaxHandlers":150,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":29,"unprotectedCount":29},[128,134,138,142,146],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","admin_menu","wp2p_admin_menu","plugin.php",46,{"type":129,"name":135,"callback":136,"file":132,"line":137},"admin_init","wp2p_admin_init",47,{"type":129,"name":139,"callback":140,"file":132,"line":141},"wp_json_wp2p_json"," wp2p_json",49,{"type":129,"name":143,"callback":144,"file":132,"line":145},"publish_post","wp2p_publish_post",50,{"type":129,"name":147,"callback":148,"file":132,"line":149},"wp_head","wp2p_head",51,[151],{"action":152,"nopriv":153,"callback":154,"hasNonce":153,"hasCapCheck":153,"file":132,"line":155},"wp2p_action",false,"wp2p_action_callback",48,[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":185,"fileOperations":581,"externalRequests":107,"nonceChecks":11,"capabilityChecks":582,"bundledLibraries":583},[],{"prepared":11,"raw":162,"locations":163},9,[164,168,172,174,176,177,179,181,183],{"file":165,"line":166,"context":167},"includes\\functions.php",375,"$wpdb->get_row() with variable interpolation",{"file":169,"line":170,"context":171},"includes\\request-comment.php",33,"$wpdb->get_results() with variable interpolation",{"file":169,"line":173,"context":171},37,{"file":175,"line":170,"context":171},"includes\\request-post.php",{"file":175,"line":173,"context":171},{"file":175,"line":178,"context":171},41,{"file":175,"line":180,"context":171},45,{"file":175,"line":182,"context":171},54,{"file":175,"line":184,"context":171},61,{"escaped":29,"rawEcho":186,"locations":187},218,[188,191,194,196,197,199,200,202,204,205,207,209,211,213,215,216,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,288,290,292,293,295,297,299,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,369,371,372,373,374,376,378,380,382,384,386,388,389,391,392,394,395,397,398,399,401,402,404,406,408,409,411,412,414,415,417,418,420,421,423,424,426,427,429,430,432,433,434,436,438,440,442,444,446,448,450,452,454,457,458,460,461,462,464,465,466,468,470,472,473,474,476,478,480,481,483,485,487,488,489,491,493,495,497,499,500,502,504,505,508,511,513,515,517,519,521,522,524,525,527,528,530,531,533,535,536,538,540,542,544,546,548,550,552,554,556,558,559,561,563,565,567,568,569,571,573,575,577,579],{"file":189,"line":155,"context":190},"includes\\add-comment.php","raw output",{"file":192,"line":193,"context":190},"includes\\content_page.php",176,{"file":192,"line":195,"context":190},179,{"file":192,"line":195,"context":190},{"file":192,"line":198,"context":190},180,{"file":192,"line":198,"context":190},{"file":192,"line":201,"context":190},184,{"file":192,"line":203,"context":190},191,{"file":192,"line":203,"context":190},{"file":192,"line":206,"context":190},192,{"file":192,"line":208,"context":190},195,{"file":192,"line":210,"context":190},196,{"file":192,"line":212,"context":190},198,{"file":192,"line":214,"context":190},210,{"file":192,"line":186,"context":190},{"file":192,"line":186,"context":190},{"file":192,"line":218,"context":190},219,{"file":192,"line":220,"context":190},223,{"file":192,"line":222,"context":190},224,{"file":192,"line":224,"context":190},236,{"file":192,"line":226,"context":190},244,{"file":192,"line":228,"context":190},245,{"file":192,"line":230,"context":190},247,{"file":192,"line":232,"context":190},254,{"file":192,"line":234,"context":190},256,{"file":192,"line":236,"context":190},263,{"file":192,"line":238,"context":190},264,{"file":192,"line":240,"context":190},269,{"file":192,"line":242,"context":190},270,{"file":192,"line":244,"context":190},272,{"file":192,"line":246,"context":190},279,{"file":192,"line":248,"context":190},281,{"file":192,"line":250,"context":190},288,{"file":192,"line":252,"context":190},289,{"file":192,"line":254,"context":190},294,{"file":192,"line":256,"context":190},295,{"file":192,"line":258,"context":190},309,{"file":192,"line":260,"context":190},320,{"file":192,"line":262,"context":190},321,{"file":192,"line":264,"context":190},324,{"file":192,"line":266,"context":190},325,{"file":192,"line":268,"context":190},328,{"file":192,"line":270,"context":190},329,{"file":192,"line":272,"context":190},332,{"file":192,"line":274,"context":190},333,{"file":192,"line":276,"context":190},336,{"file":192,"line":278,"context":190},337,{"file":192,"line":280,"context":190},340,{"file":192,"line":282,"context":190},341,{"file":192,"line":284,"context":190},352,{"file":192,"line":286,"context":190},360,{"file":192,"line":286,"context":190},{"file":192,"line":289,"context":190},361,{"file":192,"line":291,"context":190},364,{"file":192,"line":291,"context":190},{"file":192,"line":294,"context":190},365,{"file":192,"line":296,"context":190},376,{"file":192,"line":298,"context":190},384,{"file":192,"line":298,"context":190},{"file":192,"line":301,"context":190},385,{"file":192,"line":303,"context":190},396,{"file":192,"line":305,"context":190},408,{"file":192,"line":307,"context":190},409,{"file":192,"line":309,"context":190},415,{"file":192,"line":311,"context":190},416,{"file":192,"line":313,"context":190},422,{"file":192,"line":315,"context":190},423,{"file":192,"line":317,"context":190},429,{"file":192,"line":319,"context":190},430,{"file":192,"line":321,"context":190},443,{"file":192,"line":323,"context":190},444,{"file":192,"line":325,"context":190},447,{"file":192,"line":327,"context":190},448,{"file":192,"line":329,"context":190},449,{"file":192,"line":331,"context":190},453,{"file":192,"line":333,"context":190},454,{"file":192,"line":335,"context":190},455,{"file":192,"line":337,"context":190},459,{"file":192,"line":339,"context":190},460,{"file":192,"line":341,"context":190},461,{"file":192,"line":343,"context":190},473,{"file":192,"line":345,"context":190},565,{"file":192,"line":347,"context":190},578,{"file":192,"line":349,"context":190},586,{"file":192,"line":351,"context":190},594,{"file":192,"line":353,"context":190},602,{"file":192,"line":355,"context":190},613,{"file":192,"line":357,"context":190},735,{"file":192,"line":359,"context":190},852,{"file":192,"line":361,"context":190},855,{"file":192,"line":363,"context":190},872,{"file":192,"line":365,"context":190},875,{"file":192,"line":367,"context":190},876,{"file":192,"line":367,"context":190},{"file":192,"line":370,"context":190},881,{"file":192,"line":370,"context":190},{"file":192,"line":370,"context":190},{"file":192,"line":370,"context":190},{"file":192,"line":375,"context":190},887,{"file":192,"line":377,"context":190},888,{"file":192,"line":379,"context":190},895,{"file":192,"line":381,"context":190},896,{"file":192,"line":383,"context":190},910,{"file":192,"line":385,"context":190},911,{"file":192,"line":387,"context":190},912,{"file":192,"line":387,"context":190},{"file":192,"line":390,"context":190},914,{"file":192,"line":390,"context":190},{"file":192,"line":393,"context":190},916,{"file":192,"line":393,"context":190},{"file":192,"line":396,"context":190},918,{"file":192,"line":396,"context":190},{"file":192,"line":396,"context":190},{"file":192,"line":400,"context":190},923,{"file":192,"line":400,"context":190},{"file":192,"line":403,"context":190},957,{"file":192,"line":405,"context":190},958,{"file":192,"line":407,"context":190},965,{"file":165,"line":170,"context":190},{"file":165,"line":410,"context":190},43,{"file":165,"line":149,"context":190},{"file":165,"line":413,"context":190},62,{"file":165,"line":413,"context":190},{"file":165,"line":416,"context":190},63,{"file":165,"line":416,"context":190},{"file":165,"line":419,"context":190},65,{"file":165,"line":419,"context":190},{"file":165,"line":422,"context":190},66,{"file":165,"line":422,"context":190},{"file":165,"line":425,"context":190},67,{"file":165,"line":425,"context":190},{"file":165,"line":428,"context":190},68,{"file":165,"line":428,"context":190},{"file":165,"line":431,"context":190},69,{"file":165,"line":431,"context":190},{"file":165,"line":431,"context":190},{"file":165,"line":435,"context":190},79,{"file":165,"line":437,"context":190},80,{"file":165,"line":439,"context":190},86,{"file":165,"line":441,"context":190},87,{"file":165,"line":443,"context":190},91,{"file":165,"line":445,"context":190},92,{"file":165,"line":447,"context":190},96,{"file":165,"line":449,"context":190},97,{"file":165,"line":451,"context":190},98,{"file":165,"line":453,"context":190},99,{"file":455,"line":456,"context":190},"includes\\main_page.php",28,{"file":455,"line":178,"context":190},{"file":455,"line":459,"context":190},59,{"file":455,"line":425,"context":190},{"file":455,"line":431,"context":190},{"file":455,"line":463,"context":190},82,{"file":455,"line":445,"context":190},{"file":455,"line":97,"context":190},{"file":455,"line":467,"context":190},122,{"file":455,"line":469,"context":190},129,{"file":455,"line":471,"context":190},130,{"file":455,"line":471,"context":190},{"file":455,"line":471,"context":190},{"file":455,"line":475,"context":190},141,{"file":455,"line":477,"context":190},148,{"file":455,"line":479,"context":190},149,{"file":455,"line":479,"context":190},{"file":455,"line":482,"context":190},157,{"file":455,"line":484,"context":190},159,{"file":455,"line":486,"context":190},164,{"file":455,"line":486,"context":190},{"file":455,"line":486,"context":190},{"file":455,"line":490,"context":190},174,{"file":455,"line":492,"context":190},181,{"file":455,"line":494,"context":190},182,{"file":455,"line":496,"context":190},186,{"file":455,"line":498,"context":190},187,{"file":455,"line":210,"context":190},{"file":169,"line":501,"context":190},44,{"file":503,"line":180,"context":190},"includes\\request-interface.php",{"file":175,"line":431,"context":190},{"file":506,"line":507,"context":190},"includes\\request-taxonomy.php",57,{"file":509,"line":510,"context":190},"includes\\settings_page.php",95,{"file":509,"line":512,"context":190},128,{"file":509,"line":514,"context":190},131,{"file":509,"line":516,"context":190},154,{"file":509,"line":518,"context":190},158,{"file":509,"line":520,"context":190},161,{"file":509,"line":486,"context":190},{"file":509,"line":523,"context":190},175,{"file":509,"line":494,"context":190},{"file":509,"line":526,"context":190},183,{"file":509,"line":498,"context":190},{"file":509,"line":529,"context":190},188,{"file":509,"line":206,"context":190},{"file":509,"line":532,"context":190},193,{"file":509,"line":534,"context":190},197,{"file":509,"line":212,"context":190},{"file":509,"line":537,"context":190},208,{"file":509,"line":539,"context":190},215,{"file":509,"line":541,"context":190},216,{"file":509,"line":543,"context":190},217,{"file":509,"line":545,"context":190},220,{"file":509,"line":547,"context":190},221,{"file":509,"line":549,"context":190},222,{"file":509,"line":551,"context":190},232,{"file":509,"line":553,"context":190},239,{"file":509,"line":555,"context":190},240,{"file":509,"line":557,"context":190},241,{"file":509,"line":557,"context":190},{"file":509,"line":560,"context":190},252,{"file":509,"line":562,"context":190},259,{"file":509,"line":564,"context":190},260,{"file":509,"line":566,"context":190},261,{"file":509,"line":566,"context":190},{"file":509,"line":244,"context":190},{"file":509,"line":570,"context":190},282,{"file":509,"line":572,"context":190},283,{"file":509,"line":574,"context":190},290,{"file":509,"line":576,"context":190},292,{"file":132,"line":578,"context":190},169,{"file":132,"line":580,"context":190},178,8,4,[],[585,603,625,643,651,659,675],{"entryPoint":586,"graph":587,"unsanitizedCount":11,"severity":602},"wp2p_add_edit_tab (includes\\content_page.php:19)",{"nodes":588,"edges":599},[589,594],{"id":590,"type":591,"label":592,"file":192,"line":593},"n0","source","$_GET",75,{"id":595,"type":596,"label":597,"file":192,"line":198,"wp_function":598},"n1","sink","echo() [XSS]","echo",[600],{"from":590,"to":595,"sanitized":601},true,"low",{"entryPoint":604,"graph":605,"unsanitizedCount":29,"severity":602},"wp2p_content_page (includes\\content_page.php:629)",{"nodes":606,"edges":621},[607,610,611,615,619],{"id":590,"type":591,"label":608,"file":192,"line":609},"$_POST",709,{"id":595,"type":596,"label":597,"file":192,"line":359,"wp_function":598},{"id":612,"type":591,"label":613,"file":192,"line":614},"n2","$_GET['action']",642,{"id":616,"type":617,"label":618,"file":192,"line":614},"n3","transform","→ wp2p_add_edit_tab()",{"id":620,"type":596,"label":597,"file":192,"line":195,"wp_function":598},"n4",[622,623,624],{"from":590,"to":595,"sanitized":601},{"from":612,"to":616,"sanitized":153},{"from":616,"to":620,"sanitized":153},{"entryPoint":626,"graph":627,"unsanitizedCount":29,"severity":602},"\u003Ccontent_page> (includes\\content_page.php:0)",{"nodes":628,"edges":638},[629,630,631,632,633,634,636],{"id":590,"type":591,"label":592,"file":192,"line":593},{"id":595,"type":596,"label":597,"file":192,"line":198,"wp_function":598},{"id":612,"type":591,"label":608,"file":192,"line":609},{"id":616,"type":596,"label":597,"file":192,"line":359,"wp_function":598},{"id":620,"type":591,"label":613,"file":192,"line":614},{"id":635,"type":617,"label":618,"file":192,"line":614},"n5",{"id":637,"type":596,"label":597,"file":192,"line":195,"wp_function":598},"n6",[639,640,641,642],{"from":590,"to":595,"sanitized":601},{"from":612,"to":616,"sanitized":601},{"from":620,"to":635,"sanitized":153},{"from":635,"to":637,"sanitized":153},{"entryPoint":644,"graph":645,"unsanitizedCount":11,"severity":602},"wp2p_settings_page (includes\\settings_page.php:19)",{"nodes":646,"edges":649},[647,648],{"id":590,"type":591,"label":608,"file":509,"line":431},{"id":595,"type":596,"label":597,"file":509,"line":512,"wp_function":598},[650],{"from":590,"to":595,"sanitized":601},{"entryPoint":652,"graph":653,"unsanitizedCount":11,"severity":602},"\u003Csettings_page> (includes\\settings_page.php:0)",{"nodes":654,"edges":657},[655,656],{"id":590,"type":591,"label":608,"file":509,"line":431},{"id":595,"type":596,"label":597,"file":509,"line":512,"wp_function":598},[658],{"from":590,"to":595,"sanitized":601},{"entryPoint":660,"graph":661,"unsanitizedCount":98,"severity":674},"\u003Crequest-comment> (includes\\request-comment.php:0)",{"nodes":662,"edges":671},[663,666,669,670],{"id":590,"type":591,"label":664,"file":169,"line":665},"$_GET (x2)",24,{"id":595,"type":596,"label":667,"file":169,"line":170,"wp_function":668},"get_results() [SQLi]","get_results",{"id":612,"type":591,"label":592,"file":169,"line":665},{"id":616,"type":596,"label":597,"file":169,"line":501,"wp_function":598},[672,673],{"from":590,"to":595,"sanitized":153},{"from":612,"to":616,"sanitized":153},"high",{"entryPoint":676,"graph":677,"unsanitizedCount":687,"severity":674},"\u003Crequest-post> (includes\\request-post.php:0)",{"nodes":678,"edges":684},[679,681,682,683],{"id":590,"type":591,"label":680,"file":175,"line":665},"$_GET (x4)",{"id":595,"type":596,"label":667,"file":175,"line":170,"wp_function":668},{"id":612,"type":591,"label":592,"file":175,"line":665},{"id":616,"type":596,"label":597,"file":175,"line":431,"wp_function":598},[685,686],{"from":590,"to":595,"sanitized":153},{"from":612,"to":616,"sanitized":153},5,{"summary":689,"deductions":690},"The wp2phone plugin v0.1.6 exhibits a concerning security posture due to several critical code-level vulnerabilities. The most significant issue is the presence of an unprotected AJAX handler, which represents a direct attack vector. Furthermore, the plugin extensively uses SQL queries without prepared statements, increasing the risk of SQL injection vulnerabilities. The lack of output escaping for a substantial number of outputs is another major red flag, potentially leading to cross-site scripting (XSS) attacks. While the plugin has no recorded vulnerability history (CVEs), this lack of historical issues does not negate the immediate risks identified in the static analysis. The high number of unsanitized taint flows with critical and high severity ratings further amplifies these concerns, suggesting that untrusted data is not being properly validated or sanitized before being used in sensitive operations.\n\nDespite the identified issues, the plugin does have some positive aspects, such as a relatively small attack surface and the absence of bundled libraries that might be outdated. However, these strengths are heavily outweighed by the critical vulnerabilities found in the code analysis. The unprotected AJAX endpoint, raw SQL queries, and unescaped output present immediate and severe security risks that require urgent attention. The absence of known CVEs is not a reliable indicator of current security given the significant findings in the static analysis. Overall, this plugin should be considered high-risk until these identified vulnerabilities are addressed.",[691,693,695,697,699,701],{"reason":692,"points":9},"Unprotected AJAX handler",{"reason":694,"points":162},"All SQL queries use raw execution",{"reason":696,"points":581},"No output escaping for 219 outputs",{"reason":698,"points":9},"2 High severity taint flows",{"reason":700,"points":582},"4 Flows with unsanitized paths",{"reason":702,"points":687},"No nonce checks on AJAX handlers","2026-03-17T00:50:47.973Z",{"wat":705,"direct":714},{"assetPaths":706,"generatorPatterns":708,"scriptPaths":709,"versionParams":711},[707],"\u002Fwp-content\u002Fplugins\u002Fwp2phone\u002Fimages\u002Ficon16.png",[],[710],"\u002Fwp-content\u002Fplugins\u002Fwp2phone\u002Fjs\u002Fscript.js",[712,713],"wp2phone\u002Fstyle.css?ver=","wp2phone\u002Fjs\u002Fscript.js?ver=",{"cssClasses":715,"htmlComments":716,"htmlAttributes":720,"restEndpoints":722,"jsGlobals":723,"shortcodeOutput":725},[],[717,718,719],"\u003C!-- wp2phone -->","\u003C!-- (c) 2011, 2012 wp2phone -->","\u003C!-- http:\u002F\u002Fwp2phone.com -->",[721],"app-id=",[],[724],"MyAjax",[]]