Initial release. No upgrade steps required.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3571912,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3571912,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3571912,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3571912,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3571912,"resolution":"1","location":"assets","locale":"","width":1918,"height":880},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3571912,"resolution":"2","location":"assets","locale":"","width":1918,"height":881},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3571912,"resolution":"3","location":"assets","locale":"","width":1918,"height":876},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3571912,"resolution":"4","location":"assets","locale":"","width":1918,"height":875}},"screenshots":{"1":"Main compliance dashboard with score ring and per-framework risk cards.","2":"Scan results table with filter tabs for CRA, GDPR, and NIS2 findings.","3":"Developer Tools \u2014 VDP, SBOM, security.txt, and Conformity Declaration generators.","4":"PDF compliance report download."}},"plugin_section":[],"plugin_tags":[14361,267089,131785,267090,600],"plugin_category":[54],"plugin_contributors":[253916],"plugin_business_model":[],"class_list":["post-324714","plugin","type-plugin","status-publish","hentry","plugin_tags-compliance","plugin_tags-cra","plugin_tags-gdpr","plugin_tags-nis2","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-erdincbulat","plugin_committers-erdincbulat"],"banners":{"banner":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/banner-772x250.png?rev=3571912","banner_2x":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/banner-1544x500.png?rev=3571912","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/icon-128x128.png?rev=3571912","icon_2x":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/icon-256x256.png?rev=3571912","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/screenshot-1.png?rev=3571912","caption":"Main compliance dashboard with score ring and per-framework risk cards."},{"src":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/screenshot-2.png?rev=3571912","caption":"Scan results table with filter tabs for CRA, GDPR, and NIS2 findings."},{"src":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/screenshot-3.png?rev=3571912","caption":"Developer Tools \u2014 VDP, SBOM, security.txt, and Conformity Declaration generators."},{"src":"https:\/\/ps.w.org\/erdo-cra-compliance\/assets\/screenshot-4.png?rev=3571912","caption":"PDF compliance report download."}],"raw_content":"\n
Erdo CRA Compliance<\/strong> helps WordPress site owners and plugin developers prepare for EU regulatory deadlines \u2014 the CRA Vulnerability Disclosure Policy obligation (September 11, 2026) and full CRA compliance (December 11, 2027).<\/p>\n\n This plugin provides automated analysis tools and document templates to assist with EU regulatory preparation. It does not<\/strong> constitute legal advice and does not<\/strong> guarantee regulatory compliance with the CRA, GDPR, NIS2, or any other regulation. All assessments, scores, and generated documents (VDP, SBOM, security.txt, Conformity Declaration) are starting points and templates only. Consult a qualified legal or compliance professional before relying on any output for regulatory purposes.<\/p>\n\n This plugin connects to the following third-party services. Each is documented below with what it is used for, what data is sent, when, and links to the relevant terms and privacy policy.<\/p>\n\n WordPress.org Plugins API<\/strong><\/p>\n\n This plugin makes HTTP requests to the WordPress.org Plugins API ( Patchstack Vulnerability Database (optional)<\/strong><\/p>\n\n This plugin can optionally connect to the Patchstack vulnerability database ( When enabled, the plugin sends the configured API key (for authentication) and the slugs\/versions of installed plugins (to look up known vulnerabilities) during a manual or scheduled scan. Vulnerability responses are cached for 6 hours using WordPress transients. No personal or visitor data is sent. This service is provided by Patchstack O\u00dc: Terms of Service<\/a>, Privacy Policy<\/a>.<\/p>\n\n GDPR Scanner \u2014 third-party script detection<\/strong><\/p>\n\n The GDPR scanner module includes a list of known third-party script domains (e.g. Google Analytics, Facebook Pixel, Intercom, HubSpot) used to detect whether your site<\/em> is loading scripts from these services. This is a local pattern match against script URLs already enqueued on your own site \u2014 the plugin itself does not contact, query, or send any data to these third-party services.<\/p>\n\n This plugin does not collect, store, or transmit any personal data to external services beyond the requests described above.<\/p>\n\n\n No. This plugin provides automated analysis and document templates to help you assess and document your compliance posture. All assessments and generated documents should be reviewed by a qualified legal or compliance professional before regulatory use.<\/p><\/dd>\n The CRA is an EU regulation requiring manufacturers of \"products with digital elements\" (including software) to meet cybersecurity requirements throughout the product lifecycle \u2014 including vulnerability disclosure, security updates, and SBOM documentation.<\/p><\/dd>\n The plugin is designed for single-site installations. Multisite support is not included in this version.<\/p><\/dd>\n The score (0\u2013100) is calculated as: 100 minus 10 points per HIGH risk finding and 5 points per MEDIUM risk finding, floored at 0. It is an indicative benchmark, not a regulatory certification.<\/p><\/dd>\n Common reasons: not updated for over 2 years, tested on a WordPress version 2+ major releases behind current, requires an end-of-life PHP version, or has been removed from WordPress.org.<\/p><\/dd>\n The plugin captures enqueued script sources on frontend page loads and stores them temporarily. This allows the GDPR scanner to identify external domains even when running in the admin context.<\/p><\/dd>\n\n<\/dl>\n\n\nWhat it does<\/h4>\n\n
\n
\/.well-known\/security.txt<\/code> on your site.<\/li>\nCRA Deadlines<\/h4>\n\n
\n
Legal Disclaimer<\/h4>\n\n
External Services<\/h4>\n\n
api.wordpress.org\/plugins\/info\/<\/code>) to retrieve metadata for installed plugins (last updated, tested WordPress version, PHP requirements, active installs). This request is made only during a manual or scheduled scan. No user data is sent \u2014 only plugin slugs are included in the request. Responses are cached for 12 hours per plugin using WordPress transients to minimise API requests. See the WordPress.org privacy policy<\/a>.<\/p>\n\npatchstack.com\/database\/api\/v2<\/code>) to check installed plugins against known security vulnerabilities (CVEs). This connection is opt-in and disabled by default \u2014 it is only made if the site owner enters their own Patchstack API key on the plugin's Settings page.<\/p>\n\nPrivacy<\/h4>\n\n
\n
erdo-cra-compliance<\/code> folder to \/wp-content\/plugins\/<\/code>.<\/li>\n\n
Does this plugin guarantee EU compliance?<\/h3><\/dt>\n
What is the EU Cyber Resilience Act?<\/h3><\/dt>\n
Does the plugin work with multisite?<\/h3><\/dt>\n
What does the compliance score mean?<\/h3><\/dt>\n
Why is a plugin showing HIGH risk?<\/h3><\/dt>\n
How are third-party scripts detected for GDPR?<\/h3><\/dt>\n
1.0.0<\/h4>\n\n
\n