[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6LUVqpQi4hOEb-UftmIyX-cmDy4-oZ1w-1YoXBHe1g8":3,"$fQH0T6Q1W3ifVkSA0AABRgK5L3z5J2ql-7N3sZKkPQC0":254,"$fIZl1S5sOmdtE34qyQMldJuCTqTJdBsHWdvbJGJ4etok":258},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":38,"analysis":135,"fingerprints":234},"wpalerts","WPAlerts","1.5.3","webstylemedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fscherbakovwebstylestudio\u002F","\u003Cp>WPAlerts is a web-based software (http:\u002F\u002Fwp-alerts.com\u002F) that allows one person to update multiple WordPress web sites from one dashboard. The WPAlerts plugin connects a WordPress web site to our web site for easy updating.\u003Cbr \u002F>\nTo use the software you need this free plugin to be installed on you WordPress site. It allows you to easily update WordPress websites, plugins and themes. Also you can make backups of your WordPress sites.\u003C\u002Fp>\n\u003Ch4>Many WordPress Blogs – One Dashboard\u003C\u002Fh4>\n\u003Cp>The WPAlerts software allows you to make updates on your WordPress sites easily. You have one dashboard where you can see and manage all your blogs at one place.\u003C\u002Fp>\n\u003Ch4>Assign Categories to Your Blogs\u003C\u002Fh4>\n\u003Cp>The WPAlerts website (http:\u002F\u002Fwp-alerts.com\u002F) dashboard allows you to assign categories for your blogs for easily manage any amount of the website you want.\u003C\u002Fp>\n\u003Ch4>Make Updates in Just One-Click\u003C\u002Fh4>\n\u003Cp>To make updates on your website you may want to select which plugins or themes on which blogs to update or even use one button to make updates on all your blogs instantly.\u003C\u002Fp>\n\u003Ch4>Weekly or Montly Reports\u003C\u002Fh4>\n\u003Cp>You may setup the weekly or monthly email notifications about the updates needed.\u003C\u002Fp>\n\u003Ch4>Multi-users\u003C\u002Fh4>\n\u003Cp>You may have multiple users in your account and easily manage blogs with the user accounts.\u003C\u002Fp>\n\u003Ch4>Something Else?\u003C\u002Fh4>\n\u003Cp>We constantly working on adding new features to our system to be ahead of our competitors providing the best service on the market for our customers!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check available updates on your sites – WordPress cores, plugins, themes\u003C\u002Fli>\n\u003Cli>Make your WordPress site backups\u003C\u002Fli>\n\u003Cli>Back Ups to Amazon S3\u003C\u002Fli>\n\u003Cli>Assign categories to your blogs so you can keep your dashboard clean and easily manage your blogs\u003C\u002Fli>\n\u003Cli>Multiple Blogs in one dashboard\u003C\u002Fli>\n\u003Cli>Multiple Users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Setup\u003C\u002Fh4>\n\u003Cp>To start with the WPAlerts software go to http:\u002F\u002Fwp-alerts.com\u002F and register free account here https:\u002F\u002Fwp-alerts.com\u002Fsite\u002Fregister.\u003Cbr \u002F>\nOnce you registered and\u002For login (https:\u002F\u002Fwp-alerts.com\u002Fsite\u002Flogin) you’ll see the dashboard where you can easily add categories or website groups.\u003Cbr \u002F>\nTo add the WordPress blog to your dashboard press ‘Add Website’ button and input ‘Title’ and ‘Url’ of your Website in the popup window.\u003Cbr \u002F>\nAfter adding your website you’ll see the instructions of plugin setup. You will need to copy your website API Key and install WPAlert plugin on your website, activate the plugin and enter the API Key in the WPAlert plugin settings.\u003Cbr \u002F>\nThe final step is press ‘Refresh Website’ button to sync your WordPress website with the dashboard.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>You can email us at wpalerts@webstylemedia.com for support.\u003C\u002Fp>\n","WPAlerts is a web-based software (http:\u002F\u002Fwp-alerts.com\u002F) that allows one person to update multiple WordPress web sites from one dashboard.",10,1932,60,2,"2017-04-22T17:17:00.000Z","4.7.33","3.0","",[20,21,22,23,4],"plugins","themes","updates","wordpress-cores","http:\u002F\u002Fwp-alerts.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpalerts.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"scherbakovwebstylestudio",1,30,84,"2026-05-20T04:11:54.937Z",[39,60,80,97,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":57,"download_link":58,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":59},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255477,94,61,"2021-06-04T00:46:00.000Z","5.0.25","3.7",[55,20,56,21,22],"core","stable","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip","2026-04-16T10:56:18.058Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":78,"download_link":79,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":59},"wp-disable-updates","WP Disables Updates","1.1.3","vinvin27","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinvin27\u002F","\u003Cp>WP Disables Updates allow you to disables plugin or themes or translation or wordpress core updates.\u003C\u002Fp>\n\u003Cp>Major features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable plugins updates.\u003C\u002Fli>\n\u003Cli>Disable themes updates.\u003C\u002Fli>\n\u003Cli>Disable translation updates.\u003C\u002Fli>\n\u003Cli>Disable WordPress core updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: Used there features if you know what you are doing. No updates = Security holes, but sometimes updates may break your website.\u003Cbr \u002F>\nWordPress has added a quite convenient feature since version 3.7: Automatic update.\u003C\u002Fp>\n\u003Cp>But sometimes, updates can be a real problem for your website.\u003Cbr \u002F>\nIt is important to make updates to avoid security problems, but you must be very careful when applying updates.\u003Cbr \u002F>\nFor example, if you use a prenium theme and you have not made a child theme for the changes. If the theme requires an update, it may delete all your changes and lost working hours….\u003C\u002Fp>\n\u003Cp>But be careful, it’s to be used, if you know what you’re doing. You have to be on the lookout for changes made to the plugins.\u003Cbr \u002F>\nIf a correction has been made to fill a security hole or just to improve the plugin.\u003C\u002Fp>\n\u003Cp>More detail on this blog post – write in French :\u003Cbr \u002F>\nDésactiver les \u003Ca href=\"https:\u002F\u002Fwww.vinvin.dev\u002Fwordpress-desactiver-mise-jour\u002F\" rel=\"nofollow ugc\">mises à jour WordPress\u003C\u002Fa>\u003C\u002Fp>\n","WP Disables Updates allow you to disables plugin or themes or wordpress core updates.",800,12990,100,3,"2022-11-06T07:10:00.000Z","6.1.10","3.2","5.6",[77,20,21,22],"disable","https:\u002F\u002Fwww.vinvin.dev\u002Fworpdress\u002Fplugins\u002Fdisable-plugins-themes-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-disable-updates.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":27,"num_ratings":27,"last_updated":90,"tested_up_to":91,"requires_at_least":18,"requires_php":75,"tags":92,"homepage":94,"download_link":95,"security_score":96,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":59},"site-update-notification","Site Update Notification","1.0","Rakib Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwprakibhossain\u002F","\u003Cp>Site Update Notification is a simple WordPress plugin that sends email notifications to administrators when plugins, themes, or WordPress need updates.\u003C\u002Fp>\n\u003Cp>This plugin checks for available updates for plugins, themes, and WordPress core every day and sends an email notification with the list of updates that need to be installed.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sends email notifications for plugin updates\u003C\u002Fli>\n\u003Cli>Sends email notifications for theme updates\u003C\u002Fli>\n\u003Cli>Sends email notifications for WordPress core updates\u003C\u002Fli>\n\u003Cli>Customizable email address\u003C\u002Fli>\n\u003Cli>Easy-to-use and lightweight\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that sends email notifications when plugins, themes, or WordPress need updates.",50,603,"2025-01-06T14:15:00.000Z","8.1.30",[55,93,20,21,22],"notifications","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsite-update-notification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-update-notification.1.0.zip",92,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":27,"num_ratings":27,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":117,"download_link":118,"security_score":70,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":59},"version-locker","Version Locker","1.2.2","Vishal Paswan","https:\u002F\u002Fprofiles.wordpress.org\u002Falphadev01\u002F","\u003Cp>Version Locker lets you lock specific plugins and themes to their current version. Once locked, they won’t update automatically or manually until you unlock them.\u003C\u002Fp>\n\u003Cp>Useful for keeping your site stable when you have customized plugins, client sites, or production environments where you need control over when things update.\u003C\u002Fp>\n\u003Ch3>What It Does\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lock individual plugins to prevent updates\u003C\u002Fli>\n\u003Cli>Lock individual themes to prevent updates\u003C\u002Fli>\n\u003Cli>Block all plugin updates at once (global killswitch)\u003C\u002Fli>\n\u003Cli>Block all theme updates at once (global killswitch)\u003C\u002Fli>\n\u003Cli>Block WordPress core updates (global killswitch)\u003C\u002Fli>\n\u003Cli>Quick toggle locks on\u002Foff without page reload\u003C\u002Fli>\n\u003Cli>Bulk lock or unlock multiple items\u003C\u002Fli>\n\u003Cli>Email alerts when locked items try to update\u003C\u002Fli>\n\u003Cli>Search and filter your plugins and themes\u003C\u002Fli>\n\u003Cli>Activity log showing who locked what and when\u003C\u002Fli>\n\u003Cli>Works on Multisite (each site has its own locks)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cp>The plugin uses WordPress filters to hide update notifications and block update attempts. It doesn’t modify any plugin or theme files.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnemai\u002F\" rel=\"nofollow ugc\">Nemai Naskar\u003C\u002Fa> for testing and feedback on 1.2.2.\u003C\u002Fp>\n","Lock plugin and theme updates to prevent accidental or automatic updates. Simple, secure update control for WordPress.",20,219,"2026-04-11T12:50:00.000Z","6.9.4","6.0","7.0",[112,113,114,115,116],"disable-updates","lock-plugins","lock-themes","update-manager","version-control","https:\u002F\u002Fgithub.com\u002Fvishalpaswan\u002Fversion-locker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fversion-locker.1.2.2.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":11,"downloaded":127,"rating":70,"num_ratings":34,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":133,"download_link":134,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":59},"l7-automatic-updates","L7 Automatic Updates","2.0.0","Jeff","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeffreysmattson\u002F","\u003Cp>A simple plugin that gives you the flexibility to set whether you want individual plugins to update or not.  This is something I find very useful on many of my sites.  Some plugins have been edited by previous Developers and they cannot be updated.  Other plugins on the same site still need to be updated.  You can set this to update the ones that can be updated automatically and don’t need specific attention.\u003C\u002Fp>\n\u003Cp>Choose whether you want the updater to update even though you are using a version control system such as SVN or git.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Users can set automatic updates:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For Major WordPress Releases\u003C\u002Fli>\n\u003Cli>For Minor WordPress Releases\u003C\u002Fli>\n\u003Cli>For Themes\u003C\u002Fli>\n\u003Cli>For All Plugins\u003C\u002Fli>\n\u003Cli>For Individual Plugins\u003C\u002Fli>\n\u003Cli>Change notification email address.\u003C\u002Fli>\n\u003C\u002Ful>\n","Set individual plugins, major and minor WordPress releases, themes and all plugins to automatically update.",1929,"2017-09-02T03:51:00.000Z","4.8.28","3.8.2",[132,55,20,21,22],"automatic","http:\u002F\u002Flayer7web.com\u002Fprojects\u002Fl7-automatic-updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fl7-automatic-updates.zip",{"attackSurface":136,"codeSignals":174,"taintFlows":221,"riskAssessment":222,"analyzedAt":233},{"hooks":137,"ajaxHandlers":164,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":34,"unprotectedCount":27},[138,144,148,152,156,160],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","init","process_post","wpalerts.php",46,{"type":139,"name":145,"callback":146,"file":142,"line":147},"admin_init","wpalerts_admin_init",47,{"type":139,"name":149,"callback":150,"file":142,"line":151},"admin_menu","wpalerts_admin_menu",48,{"type":139,"name":153,"callback":154,"file":142,"line":155},"admin_notices","wpalerts_admin_notices",49,{"type":157,"name":158,"callback":159,"file":142,"line":88},"filter","request_filesystem_credentials","set_filesystem_credentials",{"type":157,"name":161,"callback":162,"file":142,"line":163},"pre_site_transient_update_plugins","forcably_filter_update_plugins",213,[165],{"action":166,"nopriv":167,"callback":168,"hasNonce":167,"hasCapCheck":169,"file":142,"line":170},"wpalerts_calculate_backup_size",true,"wpalerts_ajax_calculate_backup_size",false,2124,[],[],[],{"dangerousFunctions":175,"sqlUsage":203,"outputEscaping":205,"fileOperations":143,"externalRequests":14,"nonceChecks":34,"capabilityChecks":27,"bundledLibraries":220},[176,180,183,186,189,192,195,197,200],{"fn":177,"file":142,"line":178,"context":179},"shell_exec",532,"if ( ! @shell_exec( 'echo backupwordpress' ) )",{"fn":177,"file":142,"line":181,"context":182},791,"if ( is_null( shell_exec( 'hash mysqldump 2>&1' ) ) ) {",{"fn":177,"file":142,"line":184,"context":185},843,"if ( is_null( shell_exec( 'hash zip 2>&1' ) ) ) {",{"fn":177,"file":142,"line":187,"context":188},999,"$stderr = shell_exec( $cmd );",{"fn":177,"file":142,"line":190,"context":191},1141,"$error = shell_exec( 'cd ' . escapeshellarg( $this->get_path() ) . ' && ' . escapeshellcmd( $this->g",{"fn":177,"file":142,"line":193,"context":194},1236,"$stderr = shell_exec( 'cd ' . escapeshellarg( $this->get_root() ) . ' && ' . escapeshellcmd( $this->",{"fn":177,"file":142,"line":196,"context":194},1240,{"fn":177,"file":142,"line":198,"context":199},1246,"$stderr = shell_exec( 'cd ' . escapeshellarg( $this->get_path() ) . ' && ' . escapeshellcmd( $this->",{"fn":177,"file":142,"line":201,"context":202},1265,"return shell_exec( 'cd ' . escapeshellarg( $this->get_root() ) . ' && ' . escapeshellcmd( $this->get",{"prepared":34,"raw":27,"locations":204},[],{"escaped":206,"rawEcho":207,"locations":208},6,5,[209,212,214,216,218],{"file":142,"line":210,"context":211},74,"raw output",{"file":142,"line":213,"context":211},359,{"file":142,"line":215,"context":211},370,{"file":142,"line":217,"context":211},375,{"file":142,"line":219,"context":211},467,[],[],{"summary":223,"deductions":224},"The wpalerts plugin v1.5.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having a very limited attack surface with no unprotected entry points and all SQL queries utilizing prepared statements. The absence of known vulnerabilities and a clean vulnerability history are also strong indicators of a generally secure plugin.\n\nHowever, several significant concerns are raised by the static analysis. The presence of the 'shell_exec' dangerous function is a major red flag, as it can lead to arbitrary code execution if not handled with extreme caution and proper sanitization. While no taint flows were identified, the potential for exploitation via 'shell_exec' remains high. Furthermore, the plugin's output escaping is only at 55%, suggesting a substantial risk of cross-site scripting (XSS) vulnerabilities. The large number of file operations also warrants scrutiny, as misconfigurations or vulnerabilities in these could lead to data leakage or compromise.\n\nIn conclusion, while the plugin has a clean history and a controlled entry point, the identified 'shell_exec' function and the significant portion of unescaped output present critical security risks. These issues demand immediate attention and remediation to improve the plugin's overall security. The plugin's strengths lie in its limited attack surface and secure database interactions, but these are overshadowed by the potential for severe exploitation through the identified code signals.",[225,228,231],{"reason":226,"points":227},"Dangerous function (shell_exec) found",15,{"reason":229,"points":230},"Significant portion of outputs not properly escaped",7,{"reason":232,"points":11},"No capability checks on entry points","2026-03-16T23:14:32.904Z",{"wat":235,"direct":244},{"assetPaths":236,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[237,238],"\u002Fwp-content\u002Fplugins\u002Fwpalerts\u002Fcss\u002Fwpalerts-admin.css","\u002Fwp-content\u002Fplugins\u002Fwpalerts\u002Fjs\u002Fwpalerts-admin.js",[],[238],[242,243],"wpalerts\u002Fcss\u002Fwpalerts-admin.css?ver=","wpalerts\u002Fjs\u002Fwpalerts-admin.js?ver=",{"cssClasses":245,"htmlComments":247,"htmlAttributes":248,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":253},[246],"wpalerts-api-key-description",[],[249],"data-wp-alert-id",[],[252],"wpalerts_admin_obj",[],{"error":167,"url":255,"statusCode":256,"statusMessage":257,"message":257},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwpalerts\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":259},[260,267],{"version":261,"download_url":262,"svn_tag_url":263,"released_at":28,"has_diff":169,"diff_files_changed":264,"diff_lines":28,"trac_diff_url":265,"vulnerabilities":266,"is_current":169},"1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpalerts.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpalerts\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwpalerts%2Ftags%2F1.0&new_path=%2Fwpalerts%2Ftags%2F1.5",[],{"version":83,"download_url":268,"svn_tag_url":269,"released_at":28,"has_diff":169,"diff_files_changed":270,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":271,"is_current":169},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpalerts.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpalerts\u002Ftags\u002F1.0\u002F",[],[]]