[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSvUAiTykyejF4uQ9VytynUCEKcGGl6RXe5AJl7WiVSM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":116,"fingerprints":161},"a-better-planet","A Better Planet","0.1","themefurnace","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemefurnace\u002F","\u003Cp>A Better Planet is a widget for your dashboard which will show up to date news, tutorials and resources from over 30 contributing sites.\u003Cbr \u002F>\nFor more information about the project visit the official site: http:\u002F\u002Fabetterplanetwp.com\u003C\u002Fp>\n\u003Cp>You may also follow the feed via RSS : http:\u002F\u002Fabetterplanetwp.com\u002Fmasterfeed\u003C\u002Fp>\n\u003Cp>And on Twitter : https:\u002F\u002Ftwitter.com\u002Fabetterplanetwp\u003C\u002Fp>\n\u003Cp>If you would like to submit your site, please do so at WPlift http:\u002F\u002Fwplift.com\u002Fcontact\u003C\u002Fp>\n\u003Cp>Thanks to WPtips for the code for the widget : http:\u002F\u002Fwpti.ps\u002Ffunctions\u002Fmake-latest-news-dashboard-widget\u003C\u002Fp>\n","A Better Planet is a widget for your dashboard which will show up to date news, tutorials and resources from over 30 contributing sites.",10,2983,100,2,"2013-05-22T12:09:00.000Z","3.6.1","3.2","",[20,21,22],"dashboard","news","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa-better-planet.zip",85,0,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-05T05:56:40.291Z",[35,52,71,89,107],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":31,"downloaded":43,"rating":25,"num_ratings":25,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":18,"tags":47,"homepage":49,"download_link":50,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":51},"laughing-squid-dashboard-widget","Laughing Squid Web Hosting News & Status WordPress Dashboard Widget","2.0","Shelby DeNike","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdenike\u002F","\u003Cp>The Laughing Squid Web Hosting News & Status WordPress Dashboard Widget provides status information within your WordPress dashboard pulled directly from the \u003Ca href=\"http:\u002F\u002Flaughingsquidhosting.wordpress.com\u002F\" rel=\"nofollow ugc\">Laughing Squid Web Hosting News & Status blog\u003C\u002Fa>.\u003C\u002Fp>\n","The Laughing Squid Web Hosting News & Status WordPress Dashboard Widget provides status information within your dashboard from Laughing Squid Web  …",11844,"2016-12-07T18:15:00.000Z","4.7.32","3.1",[20,48,21,22],"hosting","https:\u002F\u002Flaughingsquid.us","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flaughing-squid-dashboard-widget.zip","2026-03-15T15:16:48.613Z",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":25,"num_ratings":25,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":69,"download_link":70,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":51},"periscopio","Periscopio","1.0.0","Fernando Tellado","https:\u002F\u002Fprofiles.wordpress.org\u002Ffernandot\u002F","\u003Cp>Periscopio lets you replace the default “WordPress Events and News” dashboard widget with a fully customizable version that displays news from RSS feeds and events from the WordPress.org API.\u003C\u002Fp>\n\u003Cp>Perfect for agencies, developers, and site owners who want to display relevant news sources on the WordPress dashboard instead of the default WordPress.org news.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Replace or complement the default WordPress news widget\u003C\u002Fli>\n\u003Cli>Customizable widget title\u003C\u002Fli>\n\u003Cli>Events section with WordPress community events and editable location\u003C\u002Fli>\n\u003Cli>News section with aggregated RSS feeds sorted by date\u003C\u002Fli>\n\u003Cli>Add unlimited RSS feeds with URL validation before adding\u003C\u002Fli>\n\u003Cli>Configure items per feed and maximum total items displayed\u003C\u002Fli>\n\u003Cli>Configurable footer links for both events and news sections\u003C\u002Fli>\n\u003Cli>Automatic feed caching with configurable duration\u003C\u002Fli>\n\u003Cli>Fully translatable (all URLs are translatable for locale support)\u003C\u002Fli>\n\u003Cli>Clean, native WordPress admin styling\u003C\u002Fli>\n\u003Cli>Two-column settings page with meta box layout\u003C\u002Fli>\n\u003Cli>Cache management tools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Default Feeds\u003C\u002Fh4>\n\u003Cp>The plugin comes pre-configured with these feeds (you can change them):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress News (wordpress.org)\u003C\u002Fli>\n\u003Cli>Matt Mullenweg’s blog (ma.tt)\u003C\u002Fli>\n\u003Cli>Make WordPress Project\u003C\u002Fli>\n\u003Cli>WordPress España News\u003C\u002Fli>\n\u003Cli>AyudaWP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following external services:\u003C\u002Fp>\n\u003Ch4>WordPress.org Events API\u003C\u002Fh4>\n\u003Cp>This plugin uses the WordPress.org Events API to retrieve WordPress community events (meetups, WordCamps) near the user’s location. The user’s configured location and locale are sent to the API when the dashboard widget is loaded or when the location is updated in the settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service: \u003Ca href=\"https:\u002F\u002Fapi.wordpress.org\u002Fevents\u002F1.0\u002F\" rel=\"nofollow ugc\">WordPress.org Events API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Data sent: city\u002Flocation name, user locale, and timezone\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fabout\u002Fprivacy\u002F\" rel=\"ugc\">WordPress.org Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>RSS feeds\u003C\u002Fh4>\n\u003Cp>This plugin fetches RSS feeds from URLs configured by the site administrator. By default it includes feeds from wordpress.org, ma.tt, make.wordpress.org, and ayudawp.com, but administrators can add, remove, or change feeds in the settings page. Feed content is cached locally for the configured cache duration.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Data sent: standard HTTP requests to the configured feed URLs\u003C\u002Fli>\n\u003Cli>No personal user data is transmitted to the feed providers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help or have suggestions?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservicios.ayudawp.com\" rel=\"nofollow ugc\">Official website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fperiscopio\u002F\" rel=\"ugc\">WordPress support forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002FAyudaWordPressES\" rel=\"nofollow ugc\">YouTube channel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fayudawp.com\" rel=\"nofollow ugc\">Documentation and tutorials\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Love the plugin? Please leave us a 5-star review and help spread the word!\u003C\u002Fp>\n\u003Ch3>About AyudaWP\u003C\u002Fh3>\n\u003Cp>We are specialists in WordPress security, SEO, and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.\u003C\u002Fp>\n","Replace the default WordPress News widget with your own customizable RSS feeds and events.",20,156,"2026-03-06T12:29:00.000Z","6.9.4","5.0","7.4",[20,67,21,68,22],"feeds","rss","https:\u002F\u002Fservicios.ayudawp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fperiscopio.1.0.0.zip",{"slug":72,"name":73,"version":55,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":13,"num_ratings":30,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":18,"tags":82,"homepage":87,"download_link":88,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":51},"better-press-newsfeed","Better Press Newsfeed","Andrew Norcross","https:\u002F\u002Fprofiles.wordpress.org\u002Fnorcross\u002F","\u003Cp>A simple plugin to provide a dashboard widget for WP Tavern and Post Status news feeds. As the go-to news sites, some people want easy access to their news items. This gives you that.\u003C\u002Fp>\n","A plugin to provide a dashboard widget for WP Tavern and Post Status.",1923,"2014-04-17T17:04:00.000Z","3.9.40","3.0",[83,84,85,86],"dashboard-widgets","news-feeds","post-status","wp-tavern","http:\u002F\u002Freaktivstudios.com\u002Fcustom-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-press-newsfeed.1.0.0.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":25,"num_ratings":25,"last_updated":98,"tested_up_to":16,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":105,"download_link":106,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":51},"nova-dashboard-widget-bbc-news-politics","Nova Dashboard Widget – BBC News – Politics","1.0","Conor Lyons","https:\u002F\u002Fprofiles.wordpress.org\u002Fspike2828\u002F","\u003Cp>Welcome to the Nova Digital Media Dashboard Widget Plugin\u003C\u002Fp>\n\u003Cp>This plugin Adds the RSS Feed of BBC News Politics\u003C\u002Fp>\n\u003Ch3>Looking To Add All The BBC RSS Feeds To Your Dashboard?\u003C\u002Fh3>\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnova-dashboard-widget-bbc-news\u002F\" rel=\"ugc\">Look No Further\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Big Thanks to some of \u003Ca href=\"http:\u002F\u002Fwww.novadigitalmedia.com\" rel=\"nofollow ugc\">The Best local marketing experts In Essex\u003C\u002Fa> \u003Ca href=\"http:\u002F\u002Fwww.novadigitalmedia.com\" rel=\"nofollow ugc\">Nova Digital Media\u003C\u002Fa>\u003C\u002Fp>\n","The Nova Dashboard widget adds the BBC News Politics rss feed to your Dashboard",1674,"2013-10-12T10:48:00.000Z","3.0.1",[101,102,103,68,104],"bbc-news","dashboard-widget","nova-dashboard-widget","rss-feed","http:\u002F\u002Fwww.novadigitalmedia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnova-dashboard-widget-bbc-news-politics.zip",{"slug":108,"name":109,"version":92,"author":93,"author_profile":94,"description":110,"short_description":111,"active_installs":11,"downloaded":112,"rating":25,"num_ratings":25,"last_updated":18,"tested_up_to":16,"requires_at_least":99,"requires_php":18,"tags":113,"homepage":105,"download_link":114,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":115},"nova-dashboard-widget-bbc-news-technology","Nova Dashboard Widget – BBC News – Technology","\u003Cp>Welcome to the Nova Digital Media Dashboard Widget Plugin\u003C\u002Fp>\n\u003Cp>This plugin Adds the RSS Feed of BBC News Technology\u003C\u002Fp>\n\u003Ch3>Looking To Add All The BBC RSS Feeds To Your Dashboard?\u003C\u002Fh3>\n\u003Cp>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnova-dashboard-widget-bbc-news\u002F\" rel=\"ugc\">Look No Further\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Big Thanks to some of \u003Ca href=\"http:\u002F\u002Fwww.novadigitalmedia.com\" rel=\"nofollow ugc\">The Best local marketing experts In Essex\u003C\u002Fa> \u003Ca href=\"http:\u002F\u002Fwww.novadigitalmedia.com\" rel=\"nofollow ugc\">Nova Digital Media\u003C\u002Fa>\u003C\u002Fp>\n","The Nova Dashboard widget adds the BBC News Technology rss feed to your Dashboard",1830,[101,102,103,68,104],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnova-dashboard-widget-bbc-news-technology.zip","2026-03-15T10:48:56.248Z",{"attackSurface":117,"codeSignals":135,"taintFlows":148,"riskAssessment":149,"analyzedAt":160},{"hooks":118,"ajaxHandlers":131,"restRoutes":132,"shortcodes":133,"cronEvents":134,"entryPointCount":25,"unprotectedCount":25},[119,125],{"type":120,"name":121,"callback":122,"file":123,"line":124},"action","wp_dashboard_setup","shcfeed_setup_function","a-better-planet.php",19,{"type":126,"name":127,"callback":128,"file":129,"line":130},"filter","wp_feed_cache_transient_lifetime","return_1600","feed.php",9,[],[],[],[],{"dangerousFunctions":136,"sqlUsage":137,"outputEscaping":139,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":147},[],{"prepared":25,"raw":25,"locations":138},[],{"escaped":25,"rawEcho":140,"locations":141},3,[142,145,146],{"file":129,"line":143,"context":144},29,"raw output",{"file":129,"line":143,"context":144},{"file":129,"line":143,"context":144},[],[],{"summary":150,"deductions":151},"The \"a-better-planet\" v0.1 plugin exhibits a generally positive security posture based on the provided static analysis.  The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code signals indicate no dangerous functions, no direct SQL queries (all prepared statements), no file operations, and no external HTTP requests. This suggests a developer who is mindful of common web vulnerabilities. \n\nHowever, a critical concern arises from the complete lack of output escaping. With three identified output points and zero properly escaped, any user-supplied data rendered directly to the browser is highly susceptible to cross-site scripting (XSS) attacks. The absence of nonce checks and capability checks, while perhaps justifiable given the limited attack surface, also means that even if new entry points were introduced without proper authorization, they could be exploited. The vulnerability history is clean, but this is a very early version (v0.1) and does not provide long-term assurance. \n\nIn conclusion, while the plugin's current design minimizes direct exploitation vectors, the critical oversight in output escaping presents a significant risk. The developer has demonstrated good practices in other areas, but this single flaw could lead to serious security incidents. The lack of any vulnerability history is a positive sign but does not offset the immediate XSS risk.",[152,155,158],{"reason":153,"points":154},"Output escaping is not implemented",8,{"reason":156,"points":157},"No nonce checks found",5,{"reason":159,"points":157},"No capability checks found","2026-03-16T23:38:37.680Z",{"wat":162,"direct":167},{"assetPaths":163,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[],[],[],[],{"cssClasses":168,"htmlComments":169,"htmlAttributes":170,"restEndpoints":171,"jsGlobals":172,"shortcodeOutput":173},[],[],[],[],[],[]]