Some updated for a new version (#105)

- Check: PHP compatibility with PHP 5.6-8.3
- Check: PHPCS
- Fixed to be compatible with everything
- Update the versions and changelog

changelog.txt

@@ -1,10 +1,12 @@
 == Changelog ==
 
-= [3.3.5] - 2024-08-13 =
+= [3.3.5] - 2024-08-14 =
 
 **Added**
 
-* Add counters (in gold) for Core, Plugins, and Themes.
+* Add counters for Core, Plugins, and Themes.
+* Add a Vulnerabilities filter in the Plugin list (WordPress and WordPress Multisite).
+* Add a Vulnerabilities filter in the Themes list (WordPress Multisite).
 
 **Compatibility**
 

readme.txt

@@ -3,9 +3,9 @@ Contributors: javiercasares, davidperez, lbonomo, alexclassroom
 Tags: security, vulnerability, site-health
 Requires at least: 4.1
 Tested up to: 6.7
-Stable tag: 3.3.4
+Stable tag: 3.3.5
 Requires PHP: 5.6
-Version: 3.3.4
+Version: 3.3.5
 License: GPL-2.0-or-later
 License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
 
@@ -109,21 +109,23 @@ First of all, peace of mind. Investigate what the vulnerability is and, above al
 
 * WordPress: 4.1 - 6.7
 * PHP: 5.6 - 8.3
-* WP-CLI: 2.3.0 - 2.10.0
+* WP-CLI: 2.3.0 - 2.11.0
 
 == Changelog ==
 
-= [3.3.4] - 2024-08-12 =
+= [3.3.5] - 2024-08-14 =
 
-**Fixed**
+**Added**
 
-* The "Last updated on" column in the plugin list is available again.
+* Add counters for Core, Plugins, and Themes.
+* Add a Vulnerabilities filter in the Plugin list (WordPress and WordPress Multisite).
+* Add a Vulnerabilities filter in the Themes list (WordPress Multisite).
 
 **Compatibility**
 
 * WordPress: 4.1 - 6.7
 * PHP: 5.6 - 8.3
-* WP-CLI: 2.3.0 - 2.10.0
+* WP-CLI: 2.3.0 - 2.11.0
 
 **Tests**
 
@@ -132,11 +134,11 @@ First of all, peace of mind. Investigate what the vulnerability is and, above al
 * Plugin Check (PCP): 1.0.2
 * SonarCloud Code Review
 
-= [3.3.3] - 2024-08-05 =
+= [3.3.4] - 2024-08-12 =
 
 **Fixed**
 
-* The Dashboard panel is availbale, again.
+* The "Last updated on" column in the plugin list is available again.
 
 **Compatibility**
 
@@ -151,11 +153,11 @@ First of all, peace of mind. Investigate what the vulnerability is and, above al
 * Plugin Check (PCP): 1.0.2
 * SonarCloud Code Review
 
-= [3.3.1] - 2024-08-02 =
+= [3.3.3] - 2024-08-05 =
 
 **Fixed**
 
-* Delete the wp_is_rest_endpoint check. Does not need it.
+* The Dashboard panel is availbale, again.
 
 **Compatibility**
 
@@ -170,17 +172,11 @@ First of all, peace of mind. Investigate what the vulnerability is and, above al
 * Plugin Check (PCP): 1.0.2
 * SonarCloud Code Review
 
-= [3.3.0] - 2024-08-02 =
-
-**Added**
-
-* Ability to exclude of vulnerability types at a global level.
-* WP-CLI commands formats (--format=[table,json]).
-* REST API endpoints (requires Application Password).
+= [3.3.1] - 2024-08-02 =
 
-**Changed**
+**Fixed**
 
-* README file.
+* Delete the wp_is_rest_endpoint check. Does not need it.
 
 **Compatibility**
 
@@ -195,30 +191,27 @@ First of all, peace of mind. Investigate what the vulnerability is and, above al
 * Plugin Check (PCP): 1.0.2
 * SonarCloud Code Review
 
-= [3.2.2] - 2024-07-27 =
+= [3.3.0] - 2024-08-02 =
 
 **Added**
 
-* Ability to configure a different From: email address for sending vulnerability notifications via `wp-config.php`.
+* Ability to exclude of vulnerability types at a global level.
+* WP-CLI commands formats (--format=[table,json]).
+* REST API endpoints (requires Application Password).
 
 **Changed**
 
-* The URL for the website now uses its own domain name.
-* Dashboard visibility is restricted to users with specific capabilities, similar to Site Health.
-
-**Fixed**
-
-* Various minor fixes to prevent warnings and potential errors due to misconfigured WordPress setups.
-* Allow loading of some necessary libraries.
+* README file.
 
 **Compatibility**
 
-* WordPress: 4.1 - 6.6
+* WordPress: 4.1 - 6.7
 * PHP: 5.6 - 8.3
 * WP-CLI: 2.3.0 - 2.10.0
 
 **Tests**
 
+* PHP Coding Standards: 3.10.2
 * WordPress Coding Standards: 3.1.0
 * Plugin Check (PCP): 1.0.2
 * SonarCloud Code Review
@@ -236,14 +229,15 @@ This plugin adheres to the following security measures and review protocols for
 * [WordPress APIs Security](https://developer.wordpress.org/apis/security/)
 * [WordPress Coding Standards](https://github.com/WordPress/WordPress-Coding-Standards)
 * [Plugin Check (PCP)](https://wordpress.org/plugins/plugin-check/)
+* [SonarCloud Code Review](https://www.sonarsource.com/products/sonarcloud/)
 
 == Privacy ==
 
 * This plugin or the WordPress Vulnerability Database API does not collect any information about your site, your identity, the plugins, themes or content the site has.
 
 == Vulnerabilities ==
 
-* No vulnerabilities have been published up to version 3.3.3.
+* No vulnerabilities have been published up to version 3.3.5.
 
 Found a security vulnerability? Please report it to us privately at the [WPVulnerability GitHub repository](https://github.com/javiercasares/wpvulnerability/security/advisories/new).
 

wpvulnerability-plugins.php

@@ -12,12 +12,12 @@
 /**
  * Adds a vulnerability notice under vulnerable plugins.
  *
- * This function retrieves the vulnerability data for the specified plugin from the WordPress options table 
- * and displays a detailed notice below the plugin's row on the plugins management page in the WordPress admin area. 
- * The notice includes information about the plugin's vulnerabilities, such as affected versions, severity, CVSS scores, 
+ * This function retrieves the vulnerability data for the specified plugin from the WordPress options table
+ * and displays a detailed notice below the plugin's row on the plugins management page in the WordPress admin area.
+ * The notice includes information about the plugin's vulnerabilities, such as affected versions, severity, CVSS scores,
  * and links to sources.
  *
- * The function is applicable both in single-site and multisite installations. In a multisite setup, the notice 
+ * The function is applicable both in single-site and multisite installations. In a multisite setup, the notice
  * is displayed only in the network admin area or in the site admin area of individual sites.
  *
  * @since 2.0.0
@@ -36,7 +36,7 @@ function wpvulnerability_plugin_info_after( $plugin_file, $plugin_data ) {
 		$plugin_vulnerabilities = json_decode( get_option( 'wpvulnerability-plugins' ), true );
 	}
 
-	if( ( is_multisite() && is_network_admin() ) || ! is_multisite() ) {
+	if ( ( is_multisite() && is_network_admin() ) || ! is_multisite() ) {
 
 		// Determine whether the plugin is active and add an appropriate CSS class to the table row.
 		$tr_class = '';
@@ -132,9 +132,6 @@ function wpvulnerability_plugin_info_after( $plugin_file, $plugin_data ) {
 		echo $information; // phpcs:ignore
 
 	}
-
-	return;
-
 }
 
 /**
@@ -681,9 +678,8 @@ function wpvulnerability_plugins_add_tab() {
 
 	if ( ! is_multisite() ) {
 		add_filter( 'views_plugins', 'wpvulnerability_plugins_view' );
-	} elseif( is_multisite() && is_network_admin() ) {
+	} elseif ( is_multisite() && is_network_admin() ) {
 		add_filter( 'views_plugins-network', 'wpvulnerability_plugins_view' );
 	}
-
 }
 add_action( 'admin_head', 'wpvulnerability_plugins_add_tab' );

wpvulnerability-run.php

@@ -695,27 +695,26 @@ function wpvulnerability_counter_themes() {
 
 	if ( $wpvulnerability_themes_total > 0 ) {
 
-	if ( ! is_multisite() ) {
-		global $submenu;
-		if ( isset( $submenu['themes.php'] ) ) {
-			foreach ( $submenu['themes.php'] as $key => $value ) {
-				if ( 'themes.php' === $submenu['themes.php'][ $key ][2] ) {
-					$submenu['themes.php'][ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . __( 'Vulnerabilities', 'wpvulnerability' ) . '">' . $wpvulnerability_themes_total . '</span></span>'; // phpcs:ignore
-					break;
+		if ( ! is_multisite() ) {
+			global $submenu;
+			if ( isset( $submenu['themes.php'] ) ) {
+				foreach ( $submenu['themes.php'] as $key => $value ) {
+					if ( 'themes.php' === $submenu['themes.php'][ $key ][2] ) {
+						$submenu['themes.php'][ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . __( 'Vulnerabilities', 'wpvulnerability' ) . '">' . $wpvulnerability_themes_total . '</span></span>'; // phpcs:ignore
+						break;
+					}
 				}
 			}
-		}
-	} elseif ( is_multisite() && is_network_admin() ) {
-		global $menu;
-		foreach ( $menu as $key => $value ) {
-			if ( 'themes.php' === $menu[ $key ][2] ) {
-				$menu[ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . __( 'Vulnerabilities', 'wpvulnerability' ) . '">' . $wpvulnerability_themes_total . '</span></span>'; // phpcs:ignore
-				break;
+		} elseif ( is_multisite() && is_network_admin() ) {
+			global $menu;
+			foreach ( $menu as $key => $value ) {
+				if ( 'themes.php' === $menu[ $key ][2] ) {
+					$menu[ $key ][0] .= ' <span class="update-plugins" style="background-color: #FFD700; color: #000000;"><span class="update-count" title="' . __( 'Vulnerabilities', 'wpvulnerability' ) . '">' . $wpvulnerability_themes_total . '</span></span>'; // phpcs:ignore
+					break;
+				}
 			}
 		}
 	}
-
-	}
 }
 if ( is_multisite() && is_network_admin() ) {
 	add_action( 'network_admin_menu', 'wpvulnerability_counter_themes' );

wpvulnerability-themes.php

@@ -290,7 +290,7 @@ function wpvulnerability_theme_page() {
 /**
  * Filters the themes list to show only vulnerable themes when the "Vulnerable" tab is selected.
  *
- * This function hooks into the WordPress themes listing in the network admin to filter the displayed themes 
+ * This function hooks into the WordPress themes listing in the network admin to filter the displayed themes
  * based on their vulnerability status. When the "Vulnerable" tab is selected (identified by the `theme_status=vulnerable`
  * query parameter), it filters the themes list to include only those themes with known vulnerabilities.
  *
@@ -323,9 +323,19 @@ function wpvulnerability_themes_filter() {
 
 			}
 		}
-
 	}
 }
+/**
+ * Initializes the vulnerability filtering for the themes list in the network admin area of a multisite installation.
+ *
+ * This function checks if the current environment is a multisite network and whether the user is in the network
+ * admin area. If both conditions are met, it hooks into the 'admin_head-themes.php' action to apply a filter that
+ * shows only vulnerable themes in the themes list.
+ *
+ * @since 3.3.5
+ *
+ * @return void
+ */
 function wpvulnerability_themes_filter_init() {
 	if ( is_multisite() && is_network_admin() ) {
 		add_action( 'admin_head-themes.php', 'wpvulnerability_themes_filter' );
@@ -378,7 +388,7 @@ function wpvulnerability_themes_view( $views ) {
  * Adds a custom filter to the themes page in the WordPress admin to display a tab for vulnerable themes.
  *
  * This function hooks into the 'views_themes-network' filter to add a custom tab or view for displaying vulnerable themes
- * on the themes management page in the WordPress network admin area. The tab is added only in a multisite setup 
+ * on the themes management page in the WordPress network admin area. The tab is added only in a multisite setup
  * and specifically in the network admin context.
  *
  * @since 3.3.5
@@ -387,9 +397,8 @@ function wpvulnerability_themes_view( $views ) {
  */
 function wpvulnerability_themes_add_tab() {
 
-	if( is_multisite() && is_network_admin() ) {
+	if ( is_multisite() && is_network_admin() ) {
 		add_filter( 'views_themes-network', 'wpvulnerability_themes_view' );
 	}
-
 }
 add_action( 'admin_head', 'wpvulnerability_themes_add_tab' );

wpvulnerability.php

@@ -5,7 +5,7 @@
  * Description: Receive information about possible vulnerabilities in your WordPress from WordPress Vulnerability Database API.
  * Requires at least: 4.1
  * Requires PHP: 5.6
- * Version: 3.3.4
+ * Version: 3.3.5
  * Author: Javier Casares
  * Author URI: https://www.javiercasares.com/
  * License: GPL-2.0-or-later
@@ -23,7 +23,7 @@
 /**
  * Set some constants that I can change in future verions
  */
-define( 'WPVULNERABILITY_PLUGIN_VERSION', '3.3.4' );
+define( 'WPVULNERABILITY_PLUGIN_VERSION', '3.3.5' );
 define( 'WPVULNERABILITY_API_HOST', 'https://www.wpvulnerability.net/' );
 define( 'WPVULNERABILITY_CACHE_HOURS', 12 );