We have started doing monitoring of the plugins in the ClassicPress Plugin Directory to try proactively catch serious vulnerabilities as they are introduced in to plugins. This is similar to monitoring we already do of the WordPress Plugin Directory, which has caught quite a few serious vulnerabilities. Of the plugins we could check, we didn’t find any serious issues so far, but running them through a more expansive check, we found a couple of with less serious security issues. We have notified the developers of those plugins about those issues.
We did run into a couple of issues. First, not all of the entries provide download links for the zip of the plugin, which is something that is a known issue, though it doesn’t appear to have been fully resolved. The other being that when requesting listing pages not through a web browser, they only show plugins that are “Developed for CP” and not “Works with CP”. Is there some addition to the URL that would include those or is there some other method of getting a list of the download links for the plugins in the directory?