[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyacHdCf7UflNy8hfAIBVh37M3t6sTHUEDwQTE3nxGBY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":71,"analysis":179,"fingerprints":295},"ad-widget","Ad Widget for WordPress","2.20.1","Broadstreet","https:\u002F\u002Fprofiles.wordpress.org\u002Fbroadstreetads\u002F","\u003Cp>This is the easiest way to place ads in your WordPress site. Just drag a widget\u003Cbr \u002F>\nto the sidebar, upload, an ad, and save.\u003C\u002Fp>\n\u003Cp>Watch a short video demo: \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FE9CC3ZWOaLU\" rel=\"nofollow ugc\">https:\u002F\u002Fyoutu.be\u002FE9CC3ZWOaLU\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Note: If you have an adblocker installed, it will prevent this widget (and parts of WordPress) from working properly.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Extremely intuitive for beginners\u003C\u002Fli>\n\u003Cli>No clunky ad management interface\u003C\u002Fli>\n\u003Cli>Easily place image banner ads\u003C\u002Fli>\n\u003Cli>Easily place Google ad tags and other ad code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you like Ad Widget and you’re selling ads, you might like our new \u003Ca href=\"http:\u002F\u002Fbroadstreetads.com\u002Fad-platform\u002Fad-formats\u002F\" rel=\"nofollow ugc\">ad formats for publishers\u003Cbr \u002F>\nand salespeople\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You will not find an easier way to run ads on your website!\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>Watch a short video demo: \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FE9CC3ZWOaLU\" rel=\"nofollow ugc\">https:\u002F\u002Fyoutu.be\u002FE9CC3ZWOaLU\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Cp>The Ad Widget is a very simple plugin. If you are having trouble\u003Cbr \u002F>\nloading ads on your site, please make sure that:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You do not have an ad blocker installed (you would be amazed how often this happens). Disable it and refresh the page a few times to see if the ad appears.\u003C\u002Fli>\n\u003Cli>You don’t have CSS in your theme which is hiding images (rare, but it happens)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have any other trouble, email kenny@broadstreetads.com – try to avoid\u003Cbr \u002F>\nthe WordPress support forums because they’re awful.\u003C\u002Fp>\n","Easily upload ad images and ad code to your sidebar. For those that don't need or want a complicated ad management system.",2000,310623,86,16,"2025-09-25T15:37:00.000Z","6.8.5","3.0","",[20,21,22,23,24],"ad","google","sidebar","tag","widget","https:\u002F\u002Fgithub.com\u002Fbroadstreetads\u002Fwordpress-ad-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fad-widget.2.20.1.zip",73,2,1,"2024-04-26 00:00:00","2026-03-15T15:16:48.613Z",[33,47],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2024-33696","wordpress-ad-widget-authenticated-admin-stored-cross-site-scripting","WordPress Ad Widget \u003C= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting","The WordPress Ad Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.20.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.20.0","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-05-01 13:30:07",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9604fccc-ed8b-480b-ab56-ffa341631b52?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":53,"severity":54,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"WF-f31bf9cd-fbf3-4f7a-bddd-ddd44c899710-ad-widget","wordpress-ad-widget-local-file-inclusion","WordPress Ad Widget \u003C= 2.11.0 - Local File Inclusion","The WordPress Ad Widget plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.11.0 via the 'step' parameter found in the ad-widget\\views\\modal\\index.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","\u003C2.12.0","2.12.0","critical",9.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2017-01-01 00:00:00","2024-01-22 19:56:02",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff31bf9cd-fbf3-4f7a-bddd-ddd44c899710?source=api-prod",2578,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":67,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"broadstreetads",5,2740,85,496,69,"2026-04-04T11:38:18.166Z",[72,90,116,137,157],{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":88,"download_link":89,"security_score":67,"vuln_count":82,"unpatched_count":82,"last_vuln_date":38,"fetched_at":31},"amikelive-adsense-widget","Amikelive Adsense Widget","0.5","mikaelfs","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikaelfs\u002F","\u003Cp>Amikelive Adsense Widget was originally Google Adsense Sidebar Widget accessible at \u003Ca href=\"http:\u002F\u002Ftech.amikelive.com\" title=\"Amikelive Tech\" rel=\"nofollow ugc\">Amikelive Tech\u003C\u002Fa>\u003Cbr \u002F>\nthat has been rewritten to comply with WordPress 2.8 coding style.\u003C\u002Fp>\n\u003Cp>WordPress users who want to display Google Adsense on the sidebar or widget area of their blogs without much hassle can use this plugin.\u003Cbr \u002F>\nOnly by configuring the plugin through the widget interface, everything is ready to rock and you will just wait for some ad revenue to flow\u003Cbr \u002F>\ninto your wallet.\u003C\u002Fp>\n\u003Cp>This plugin is licensed under GPLv2.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you want to report some malfunction of the plugin or contribute some ideas or features to be included in future releases, you\u003Cbr \u002F>\ncan post it at \u003Ca href=\"http:\u002F\u002Ftech.amikelive.com\u002Fnode-365\u002Fsidebar-adsense-widget-is-now-on-wordpress\u002F\" title=\"Amikelive Adsense Support Thread\" rel=\"nofollow ugc\">Amikelive Adsense Support Thread\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Other questions related to the installations will be better posted at WordPress forum since other users might have the solution for\u003Cbr \u002F>\nyour problem.\u003C\u002Fp>\n","This plugin enables Google adsense display on the sidebar or widget area only by activating and configuring the widget.",90,24684,0,"2010-07-05T14:53:00.000Z","3.0.5","2.8.0",[87,21,22,24],"adsense","http:\u002F\u002Ftech.amikelive.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famikelive-adsense-widget.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":80,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":111,"download_link":112,"security_score":113,"vuln_count":114,"unpatched_count":82,"last_vuln_date":115,"fetched_at":31},"duracelltomi-google-tag-manager","GTM4WP – A Google Tag Manager (GTM) plugin for WordPress","1.22.3","Thomas Geiger","https:\u002F\u002Fprofiles.wordpress.org\u002Fduracelltomi\u002F","\u003Cp>Google Tag Manager (GTM) is Google’s free tool for everyone to manage and deploy analytics and marketing tags as well as other code snippets\u003Cbr \u002F>\nusing an intuitive web UI. To learn more about this tool, visit the \u003Ca href=\"https:\u002F\u002Fmarketingplatform.google.com\u002Fabout\u002Ftag-manager\u002F\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin places the GTM container code snippets onto your WordPress website so that you do not need to add it manually.\u003Cbr \u002F>\nMultiple containers are also supported!\u003C\u002Fp>\n\u003Cp>The plugin complements your GTM setup by pushing page meta data and user information into the so called data layer.\u003Cbr \u002F>\nGoogle’s official help pages includes \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Ftag-platform\u002Ftag-manager\u002Fdatalayer#datalayer\" rel=\"nofollow ugc\">more details about the data layer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>PHP 7.4 is required to use this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>GTM container code placement\u003C\u002Fh4>\n\u003Cp>The original GTM container code is divided into two parts:\u003C\u002Fp>\n\u003Cp>The first part is a javascript code snippet that is added to the \u003Ccode>\u003Chead>\u003C\u002Fcode> section of every page of the website.\u003Cbr \u002F>\nThis part is critical to enable all features of GTM, and this plugin helps to place this part\u003Cbr \u002F>\ncorrectly on your site.\u003C\u002Fp>\n\u003Cp>The second part is an iframe snippet that acts as a failsafe\u002Ffallback should users’ JavaScript be disabled.\u003Cbr \u002F>\nGoogle recommends – for best performance – to place this code snippet directly after the opening \u003Ccode>\u003Cbody>\u003C\u002Fcode> tag on each page.\u003C\u002Fp>\n\u003Cp>Albeit not ideal, it will work when placed lower in the code. This plugin provides a code placement option for the second code snippet.\u003C\u002Fp>\n\u003Cp>If your WordPress theme is compatible with the additions of WordPress 5.2 then this plugin will place this second code to the right place.\u003Cbr \u002F>\nUsers of the Genisis theme, GeneratePress theme, Elementor, Oxygen Builder and Beaver Builder Theme will also have this placed correctly.\u003Cbr \u002F>\nTo utilize this, set the compatibility mode in plugin options to off.\u003C\u002Fp>\n\u003Cp>All other users can place this second code snippet using a custom PHP code (“Manually coded” option) or select the so called “Footer” option to\u003Cbr \u002F>\nadd the code lower in the code (it is not the recommended way but will work)\u003C\u002Fp>\n\u003Ch4>Basic data included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>post\u002Fpage titles\u003C\u002Fli>\n\u003Cli>post\u002Fpage dates\u003C\u002Fli>\n\u003Cli>post\u002Fpage category names\u003C\u002Fli>\n\u003Cli>post\u002Fpage tag names\u003C\u002Fli>\n\u003Cli>post\u002Fpage author ID and name\u003C\u002Fli>\n\u003Cli>post\u002Fpage ID\u003C\u002Fli>\n\u003Cli>post types\u003C\u002Fli>\n\u003Cli>post format\u003C\u002Fli>\n\u003Cli>post count on the current page + in the current category\u002Ftag\u002Ftaxonomy\u003C\u002Fli>\n\u003Cli>custom terms associated with any post type\u003C\u002Fli>\n\u003Cli>logged in status\u003C\u002Fli>\n\u003Cli>logged in user role\u003C\u002Fli>\n\u003Cli>logged in user ID (to track cross device behaviour in Google Analytics)\u003C\u002Fli>\n\u003Cli>logged in user email address (both unhashed and SHA256 hased values to be used with tracking)\u003C\u002Fli>\n\u003Cli>logger in user creation date\u003C\u002Fli>\n\u003Cli>site search data\u003C\u002Fli>\n\u003Cli>site name and id (for WordPress multisite instances)\u003C\u002Fli>\n\u003Cli>IP address of the visitor (please use the explicit consent of the visitor to utilize this)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Browser \u002F OS \u002F Device data\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>browser data (name, version, engine)\u003C\u002Fli>\n\u003Cli>OS data (name, version)\u003C\u002Fli>\n\u003Cli>device data (type, manufacturer, model)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Data is provided using the WhichBrowser library: http:\u002F\u002Fwhichbrowser.net\u002F\u003C\u002Fp>\n\u003Ch4>Weather data\u003C\u002Fh4>\n\u003Cp>(beta)\u003C\u002Fp>\n\u003Cp>Push data about users’ current weather conditions into the dataLayer. This can be used to generate weather-related\u003Cbr \u002F>\naudience\u002Fremarketing lists on ad platforms and allows for user segmentation in your web analytics solutions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>weather category (clouds, rain, snow, etc.)\u003C\u002Fli>\n\u003Cli>weather description: more detailed data\u003C\u002Fli>\n\u003Cli>temperature in Celsius or Fahrenheit\u003C\u002Fli>\n\u003Cli>air pressure\u003C\u002Fli>\n\u003Cli>wind speed and degrees\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Weather data is queried from Open Weather Map. Depending on your websites traffic, additional fees may apply:\u003Cbr \u002F>\nhttp:\u002F\u002Fopenweathermap.org\u002Fprice\u003C\u002Fp>\n\u003Cp>An (free) API key from OpenWeatherMap is required for this feature to work.\u003C\u002Fp>\n\u003Cp>ipstack.com is used to determine the site visitor’s location. A (free) API key from IPStack.com is required for this feature to work:\u003Cbr \u002F>\nhttps:\u002F\u002Fipstack.com\u002Fproduct\u003C\u002Fp>\n\u003Ch4>Media player events\u003C\u002Fh4>\n\u003Cp>(experimental)\u003C\u002Fp>\n\u003Cp>Track users’ interaction with any embedded media:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003Cli>Vimeo\u003C\u002Fli>\n\u003Cli>Soundcloud\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>DataLayer events can be chosen to fire upon media player load, media is being played, paused\u002Fstopped and optionally when\u003Cbr \u002F>\nthe user reaches 10, 20, 30, …, 90, 100% of the media duration.\u003C\u002Fp>\n\u003Cp>Tracking is supported for embedded media using the built-in oEmbed feature of WordPress as well as most other media plugins\u003Cbr \u002F>\nand copy\u002Fpasted codes. Players injected into the website after page load are not currently supported.\u003C\u002Fp>\n\u003Ch4>Scroll tracking\u003C\u002Fh4>\n\u003Cp>Fire tags based on how the visitor scrolls from the top to the bottom of a page.\u003Cbr \u002F>\nAn example would be to separate “readers” (who spend a specified amount of time on a page) from “scrollers”\u003Cbr \u002F>\n(who only scroll through within seconds). You can use these events to fire Analytics tags and\u002For remarketing\u002Fconversion tags\u003Cbr \u002F>\n(for micro conversions).\u003C\u002Fp>\n\u003Cp>Scroll tracking is based on the solution originally created by\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Nick Mihailovski\u003C\u002Fli>\n\u003Cli>Thomas Baekdal\u003C\u002Fli>\n\u003Cli>Avinash Kaushik\u003C\u002Fli>\n\u003Cli>Joost de Valk\u003C\u002Fli>\n\u003Cli>Eivind Savio\u003C\u002Fli>\n\u003Cli>Justin Cutroni\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Original script:\u003Cbr \u002F>\nhttp:\u002F\u002Fcutroni.com\u002Fblog\u002F2012\u002F02\u002F21\u002Fadvanced-content-tracking-with-google-analytics-part-1\u002F\u003C\u002Fp>\n\u003Ch4>Blacklist & Whitelist Tag Manager tags, triggers and variables\u003C\u002Fh4>\n\u003Cp>To increase website security, you have the option to white- and blacklist tags\u002Ftriggers\u002Fvariables.\u003Cbr \u002F>\nYou can prevent specific tags from firing or the use of certain variable types regardless of your GTM setup.\u003C\u002Fp>\n\u003Cp>If the Google account associated with your GTM account is being hacked, an attacker could easily\u003Cbr \u002F>\nexecute malware on your website without accessing its code on your hosting server. By blacklisting custom HTML tags\u003Cbr \u002F>\nand\u002For custom JavaScript variables you can secure the Tag Manager container.\u003C\u002Fp>\n\u003Ch4>Integration\u003C\u002Fh4>\n\u003Cp>Google Tag Manager for WordPress integrates with several popular plugins. More integration to come!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7: fire an event when a Contact Form 7 form was submitted with any result (mail sent, mail failed, spam detected, invalid input)\u003C\u002Fli>\n\u003Cli>WooCommerce:\n\u003Cul>\n\u003Cli>Implementation of \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Ftag-manager\u002Fecommerce-ga4\" rel=\"nofollow ugc\">GA4 E-commerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Does not support promotions since WooCommerce does not have such a feature (yet)\u003C\u002Fli>\n\u003Cli>Does not support refunds\u003C\u002Fli>\n\u003Cli>Compatibility with High Performance Order Storage (HPOS)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>AMP: load your AMP container on the AMP version of your pages\u003C\u002Fli>\n\u003Cli>Cookiebot: use automatic cookie blocking mode if needed\u003C\u002Fli>\n\u003Cli>Google Consent Mode v2: fire the “default” command with specific consent flags to integrat with non-certified Consent Management Platforms (CMPs) and plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Server side containers\u003C\u002Fh4>\n\u003Cp>If you are using a \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Ftag-manager\u002Fserverside\u002Fsend-data#update_the_gtmjs_source_domain\" rel=\"nofollow ugc\">server side container\u003C\u002Fa>\u003Cbr \u002F>\nyou can enter your custom domain name and custom path to load gtm.js from your there.\u003C\u002Fp>\n\u003Ch4>Exclude specific user roles from being tracked\u003C\u002Fh4>\n\u003Cp>You can set which user roles needs to be excluded from tracking when a user with that role visits the frontend. This will completely disable the container code for that user.\u003C\u002Fp>\n","Advanced tag management for WordPress with Google Tag Manager",700000,13906369,154,"2025-12-15T14:45:00.000Z","6.9.4","3.4.0","7.4",[106,107,108,109,110],"google-ads","google-analytics","google-tag-manager","gtm","tag-manager","https:\u002F\u002Fgtm4wp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduracelltomi-google-tag-manager.1.22.3.zip",98,3,"2022-05-31 00:00:00",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":113,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":133,"download_link":134,"security_score":135,"vuln_count":29,"unpatched_count":82,"last_vuln_date":136,"fetched_at":31},"image-widget","Image Widget","4.4.11","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Cp>Image Widget is a simple plugin that uses the native WordPress media manager to add image widgets to your site.\u003C\u002Fp>\n\u003Ch4>Image Widget Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Handles image resizing and alignment\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Add title and description\u003C\u002Fli>\n\u003Cli>Versatile – all fields are optional\u003C\u002Fli>\n\u003Cli>Upload, link to external image, or select an image from your media collection\u003C\u002Fli>\n\u003Cli>Customize the look & feel with filter hooks or theme overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quality You Can Trust\u003C\u002Fh4>\n\u003Cp>Image Widget is developed and maintained by \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F1aor\" rel=\"nofollow ugc\">The Events Calendar\u003C\u002Fa>, the same folks behind \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F19me\" rel=\"nofollow ugc\">The Events Calendar, Event Tickets, and a full suite of premium plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported by our team and contributions from community members. If you see a question in the forum you can help with or have a great idea and want to code it up or submit a patch, that would be awesome! Not only will we shower you with praise and thanks, it’s also a good way to get to know us and lead into options for paid work if you freelance.\u003C\u002Fp>\n\u003Ch4>Pull Requests & Translations\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthe-events-calendar\u002Fimage-widget\" rel=\"nofollow ugc\">Check us out on GitHub\u003C\u002Fa> to pull request changes.\u003C\u002Fp>\n\u003Cp>Translations can be submitted \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fimage-widget\" rel=\"nofollow ugc\">here on WordPress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The Image Widget comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “image-widget” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>New in 3.2: You may now also use the “sp_template_image-widget_widget.php” filter to override the default template behavior for .php template files. Eg: if you wanted widget.php to reside in a folder called my-custom-templates\u002F and wanted it to be called my-custom-name.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('sp_template_image-widget_widget.php', 'my_template_filter');\nfunction my_template_filter($template) {\n    return get_template_directory() . '\u002Fmy-custom-templates\u002Fmy-custom-name.php';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>There are a number of filters in the code that will allow you to override data as you see fit. The best way to learn what filters are available is always by simply searching the code for ‘apply_filters’. But all the same, here are a few of the more essential filters:\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_title\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This is actually a pretty typical filter in widgets and is applied to the widget title.\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_text\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Another very typical widget filter that is applied to the description body text. This filter also takes 2 additional arguments for $args and $instance so that you can learn more about the specific widget instance in the process of filtering the content.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attachment_id\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the attachment id of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_url\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url of the image displayed in the widget.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nTHIS IS DEPRECATED AND WILL EVENTUALLY BE DELETED\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_width\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display width of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_height\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display height of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxwidth\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-width style of the image. Hint: override this to use this in responsive designs 🙂\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to ‘100%’).\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxheight\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-height style of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to null)\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_size\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the selected image ‘size’ corresponding to WordPress registered sizes.\u003Cbr \u002F>\nIf this is set to ‘tribe_image_widget_custom’ then the width and height are used instead.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_align\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display alignment of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_alt\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the alt text of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url that the image links to.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link_target\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the link target of the image link.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of image attributes used in the image output. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_link_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of attributes used in the image link. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Ch4>Have You Supported the Image Widget?\u003C\u002Fh4>\n\u003Cp>If so, then THANK YOU! Also, feel free to add this line to your wp-config.php file to prevent the image widget from displaying a message after upgrades.\u003C\u002Fp>\n\u003Cp>define( ‘I_HAVE_SUPPORTED_THE_IMAGE_WIDGET’, true );\u003C\u002Fp>\n\u003Cp>For more info on the philosophy here, check out our \u003Ca href=\"http:\u002F\u002Ftri.be\u002Fdefine-i-have-donated-true\u002F\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>\u003C\u002Fp>\n","A simple image widget that uses the native WordPress media manager to add image widgets to your site.",100000,4620377,287,"2024-11-20T20:44:00.000Z","6.7.5","3.5",[20,131,132,22,24],"banner","image","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget.4.4.11.zip",91,"2024-11-22 00:00:00",{"slug":138,"name":139,"version":140,"author":141,"author_profile":142,"description":143,"short_description":144,"active_installs":124,"downloaded":145,"rating":146,"num_ratings":147,"last_updated":148,"tested_up_to":102,"requires_at_least":17,"requires_php":149,"tags":150,"homepage":18,"download_link":154,"security_score":155,"vuln_count":28,"unpatched_count":82,"last_vuln_date":156,"fetched_at":31},"widget-logic","Widget Logic","6.0.9","Widgetlogic.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwidgetlogics\u002F","\u003Cp>This plugin gives every widget an extra control field called “Widget logic” that lets you control the pages that the widget will appear on. The text field lets you use WP’s \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">Conditional Tags\u003C\u002Fa>, or any general PHP code.\u003C\u002Fp>\n\u003Cp>The configuring and options are in the usual widget admin interface.\u003C\u002Fp>\n\u003Cp>BIG UPDATE:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Now you can control widget in Gutenberg Widgets editor as well as in Classic Editor. It is just as easy as before but also in gutenberg view.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Pre-installed widgets let you add special widget with one click of the mouse. First pre-installed widget is Live Match that let you add widget of one random live football game with real time score updates (teams logos, livescore, minute of the match, tournament name). And more interesting widgets to come!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>NOTE ON DEFAULT FUNCTIONS:\u003C\u002Fstrong> Widget Logic includes a whitelist of common WordPress conditional tags and safe functions. If you need additional WordPress functions that are not currently whitelisted, please create a topic in our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwidget-logic\u002F\" rel=\"ugc\">support forum\u003C\u002Fa> to request them. We regularly add commonly requested functions in new releases.\u003C\u002Fp>\n\u003Ch4>Configuration\u003C\u002Fh4>\n\u003Cp>Aside from logic against your widgets, there are three options added to the foot of the widget admin page (see screenshots).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Use ‘wp_reset_query’ fix — Many features of WP, as well as the many themes and plugins out there, can mess with the conditional tags, such that is_home is NOT true on the home page. This can often be fixed with a quick wp_reset_query() statement just before the widgets are called, and this option puts that in for you rather than having to resort to code editing\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Load logic — This option allows you to set the point in the page load at which your widget logic if first checked. Pre v.50 it was when the ‘wp_head’ trigger happened, ie during the creation of the HTML’s HEAD block. Many themes didn’t call wp_head, which was a problem. From v.50 it happens, by default, as early as possible, which is as soon as the plugin loads. You can now specify these ‘late load’ points (in chronological order):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>after the theme loads (after_setup_theme trigger)\u003C\u002Fli>\n\u003Cli>when all PHP loaded (wp_loaded trigger)\u003C\u002Fli>\n\u003Cli>after query variables set (parse_query) – this is the default\u003C\u002Fli>\n\u003Cli>during page header (wp_head trigger)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You may need to delay the load if your logic depends on functions defined, eg in the theme functions.php file. Conversely you may want the load early so that the widget count is calculated correctly, eg to show an alternative layour or content when a sidebar has no widgets.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Don’t cache widget logic results — From v .58 the widget logic code should only execute once, but that might cause unexpected results with some themes, so this option is here to turn that behaviour off. (The truth\u002Ffalse of the code will be evaluated every time the sidebars_widgets filter is called.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom PHP Functions — From v.6.0.6 you can use the \u003Ccode>widget_logic_allowed_functions\u003C\u002Fcode> filter to add custom PHP functions that will be allowed in Widget Logic fields. By default, only WordPress conditional tags and a whitelist of safe functions are available. This filter allows you to extend the functionality and use your own custom functions.\u003C\u002Fp>\n\u003Cp>To add a custom function, add the following code to your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('widget_logic_allowed_functions', 'my_allowed_functions');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>function my_allowed_functions($functions) {\u003Cbr \u002F>\n    $functions[] = ‘\u003Cem>my_custom_function_name\u003C\u002Fem>‘;\u003Cbr \u002F>\n    return $functions;\u003Cbr \u002F>\n}`\u003C\u002Fp>\n\u003Cp>You can add multiple functions by using one wrapper function:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('widget_logic_allowed_functions', 'my_allowed_functions');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>function my_allowed_functions($functions) {\u003Cbr \u002F>\n    $functions[] = ‘is_special_page’;\u003Cbr \u002F>\n    $functions[] = ‘is_user_verified’;\u003Cbr \u002F>\n    $functions[] = ‘get_sidebar_title’;\u003Cbr \u002F>\n    return $functions;\u003Cbr \u002F>\n}`\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IMPORTANT NOTE ON VARIABLES:\u003C\u002Fstrong> Widget Logic is designed to work with simple data types (strings, numbers, booleans). If you need to use complex variables, global state, or conditional logic that depends on many factors, create a custom function in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file and call it from Widget Logic:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Good approach (in functions.php):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`function is_special_page() {\nglobal $post;\n$special_ids = array(5, 10, 15);\n$conditions = some_complex_function();\n\nreturn is_page() && in_array($post->ID, $special_ids) && $conditions;\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>}`\u003C\u002Fp>\n\u003Cp>Then in Widget Logic field, simply use: \u003Ccode>is_special_page()\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Less ideal approach (in Widget Logic field):\u003C\u002Fstrong>\u003Cbr \u002F>\nAvoid putting complex logic directly in the Widget Logic field. Keep it simple and let your custom function handle the complexity. This keeps your widget settings clean and maintainable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Interaction with External Services\u003C\u002Fh4>\n\u003Cp>Widget Logic uses the external service to obtain up-to-date information about the results of football matches. \u003Ca href=\"https:\u002F\u002Fwidgetlogic.org\" rel=\"nofollow ugc\">widgetlogic.org\u003C\u002Fa> is a source of sports information, that provides a wide range of information about football, including various leagues, tournaments, and championships from around the world.\u003C\u002Fp>\n\u003Cp>The functioning of the \u003Ca href=\"https:\u002F\u002Fwidgetlogic.org\" rel=\"nofollow ugc\">widgetlogic.org\u003C\u002Fa> service is based on delivering real-time data about selected matches without the need to refresh the page. This means that data is automatically updated without requiring page reload. This approach ensures users quick and uninterrupted access to the latest sports data without the effort of manually updating information, allowing them to stay informed about ongoing events in real-time.\u003C\u002Fp>\n\u003Ch3>Writing Logic Code\u003C\u002Fh3>\n\u003Cp>The text in the ‘Widget logic’ field can be full PHP code and should return ‘true’ when you need the widget to appear. If there is no ‘return’ in the text, an implicit ‘return’ is added to the start and a ‘;’ is added on the end. (This is just to make single statements like is_home() more convenient.)\u003C\u002Fp>\n\u003Ch4>The Basics\u003C\u002Fh4>\n\u003Cp>Make good use of \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">WP’s own conditional tags\u003C\u002Fa>. You can vary and combine code using:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>!\u003C\u002Fcode> (NOT) to \u003Cstrong>reverse\u003C\u002Fstrong> the logic, eg \u003Ccode>!is_home()\u003C\u002Fcode> is TRUE when this is NOT the home page.\u003C\u002Fli>\n\u003Cli>\u003Ccode>||\u003C\u002Fcode> (OR) to \u003Cstrong>combine\u003C\u002Fstrong> conditions. \u003Ccode>X OR Y\u003C\u002Fcode> is TRUE when either X is true or Y is true.\u003C\u002Fli>\n\u003Cli>\u003Ccode>&&\u003C\u002Fcode> (AND) to make conditions \u003Cstrong>more specific\u003C\u002Fstrong>. \u003Ccode>X AND Y\u003C\u002Fcode> is TRUE when both X is true and Y is true.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are lots of great code examples on the WP forums, and on WP sites across the net. But the WP Codex is also full of good examples to adapt, such as \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fin_category#Testing_if_a_post_is_in_a_descendant_category\" rel=\"nofollow ugc\">Test if post is in a descendent category\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>is_home()\u003C\u002Fcode> — just the main blog page\u003C\u002Fli>\n\u003Cli>\u003Ccode>!is_page('about')\u003C\u002Fcode> — everywhere EXCEPT this specific WP ‘page’\u003C\u002Fli>\n\u003Cli>\u003Ccode>!is_user_logged_in()\u003C\u002Fcode> — shown when a user is not logged in\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_category(array(5,9,10,11))\u003C\u002Fcode> — category page of one of the given category IDs\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_single() && in_category('baked-goods')\u003C\u002Fcode> — single post that’s in the category with this slug\u003C\u002Fli>\n\u003Cli>\u003Ccode>current_user_can('level_10')\u003C\u002Fcode> — admin only widget\u003C\u002Fli>\n\u003Cli>\u003Ccode>strpos($_SERVER['HTTP_REFERER'], \"google.com\")!=false\u003C\u002Fcode> — widget to show when clicked through from a google search\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_category() && custom_function_to_check_the_category()\u003C\u002Fcode> — category page that’s a descendent of category 5\u003C\u002Fli>\n\u003Cli>\u003Ccode>custom_function_from_functions_php_to_check_the_page()\u003C\u002Fcode> — WP page that is a child of page 77\u003C\u002Fli>\n\u003Cli>\u003Ccode>custom_function_from_functions_php_to_check_the_page_child_of(13)\u003C\u002Fcode> — home page OR the page that’s a child of page 13\u003C\u002Fli>\n\u003C\u002Ful>\n","Widget Logic lets you control on which pages widgets appear using WP's conditional tags.",3242040,88,188,"2026-01-15T09:43:00.000Z","5.4",[151,152,153,22,24],"blocks","conditional-tags","gutenberg-widgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-logic.6.0.9.zip",95,"2025-06-09 00:00:00",{"slug":158,"name":159,"version":160,"author":161,"author_profile":162,"description":163,"short_description":164,"active_installs":165,"downloaded":166,"rating":167,"num_ratings":168,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":172,"tags":173,"homepage":177,"download_link":178,"security_score":67,"vuln_count":82,"unpatched_count":82,"last_vuln_date":38,"fetched_at":31},"q2w3-fixed-widget","Fixed Widget and Sticky Elements for WordPress","6.2.3","monetizemore","https:\u002F\u002Fprofiles.wordpress.org\u002Fmonetizemore\u002F","\u003Cp>Use Fixed Widget to create sticky widgets, sticky blocks, and other elements that stay in the visible screen area when a user scrolls the page up or down.\u003C\u002Fp>\n\u003Cp>Sticky widgets are more visible than unfixed widgets and therefore have a significantly higher click-through rate.\u003C\u002Fp>\n\u003Cp>That’s why this option is worthwhile for ads or other elements that visitors should interact with. Meanwhile, Google also allows the integration of \u003Ca href=\"https:\u002F\u002Fwpadvancedads.com\u002Fgoogle-adsense-sticky-ads\u002F\" rel=\"nofollow ugc\">sticky AdSense ads\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpadvancedads.com\u002Ffixed-widget-wordpress\u002F\" rel=\"nofollow ugc\">Manual and demo\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Fixed Widget is completely free of charge.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Sticky Widgets\u003C\u002Fstrong> Use the Fixed Widget option on any widget and blocks in the sidebar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sticky Elements\u003C\u002Fstrong> Choose any element on your site and make it sticky\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Margin Top\u003C\u002Fstrong> allows you to stop sticky elements to cover floating menu bars\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Margin Bottom\u003C\u002Fstrong> pushes sticky elements up before they reach a certain distance towards the bottom window\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop Elements\u003C\u002Fstrong> push sticky elements up when they are scrolling into view\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop Blocks\u003C\u002Fstrong> defines blocks in your sidebar that push fixed blocks out of the page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Minimum Screen Width\u003C\u002Fstrong> and \u003Cstrong>Minimum Screen Height\u003C\u002Fstrong> allow you to disable sticky behavior on small screens\u003C\u002Fli>\n\u003Cli>Written in plain JavaScript for better performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>Theme requirements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_head()\u003C\u002Fcode> and \u003Ccode>wp_footer()\u003C\u002Fcode> functions in \u003Ccode>header.php\u003C\u002Fcode> and \u003Ccode>footer.php\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>JavaScript errors could break sticky widgets\u003C\u002Fli>\n\u003C\u002Ful>\n","More attention and a higher ad performance with fixed sticky widgets.",90000,2292321,94,261,"2023-03-30T07:15:00.000Z","6.2.9","5.0","7.2",[174,175,22,176,24],"ads","fixed-widget","sticky-widget","https:\u002F\u002Fwpadvancedads.com\u002Ffixed-widget-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fq2w3-fixed-widget.6.2.3.zip",{"attackSurface":180,"codeSignals":199,"taintFlows":280,"riskAssessment":281,"analyzedAt":294},{"hooks":181,"ajaxHandlers":195,"restRoutes":196,"shortcodes":197,"cronEvents":198,"entryPointCount":82,"unprotectedCount":82},[182,188,191],{"type":183,"name":184,"callback":185,"file":186,"line":187},"action","admin_init","registerScripts","adwidget.php",15,{"type":183,"name":189,"callback":190,"file":186,"line":14},"widgets_init","registerWidgets",{"type":183,"name":192,"callback":193,"file":186,"line":194},"admin_menu","registerAdmin",17,[],[],[],[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":203,"fileOperations":82,"externalRequests":82,"nonceChecks":82,"capabilityChecks":82,"bundledLibraries":279},[],{"prepared":82,"raw":82,"locations":202},[],{"escaped":82,"rawEcho":204,"locations":205},42,[206,209,211,213,215,217,218,219,221,223,224,225,227,229,231,233,235,237,238,239,241,243,245,247,249,251,253,255,257,258,259,261,263,264,265,267,269,270,271,273,275,277],{"file":186,"line":207,"context":208},151,"raw output",{"file":186,"line":210,"context":208},153,{"file":186,"line":212,"context":208},155,{"file":186,"line":214,"context":208},213,{"file":186,"line":216,"context":208},214,{"file":186,"line":216,"context":208},{"file":186,"line":216,"context":208},{"file":186,"line":220,"context":208},217,{"file":186,"line":222,"context":208},218,{"file":186,"line":222,"context":208},{"file":186,"line":222,"context":208},{"file":186,"line":226,"context":208},221,{"file":186,"line":228,"context":208},248,{"file":186,"line":230,"context":208},250,{"file":186,"line":232,"context":208},252,{"file":186,"line":234,"context":208},308,{"file":186,"line":236,"context":208},309,{"file":186,"line":236,"context":208},{"file":186,"line":236,"context":208},{"file":186,"line":240,"context":208},311,{"file":186,"line":242,"context":208},365,{"file":186,"line":244,"context":208},375,{"file":186,"line":246,"context":208},376,{"file":186,"line":248,"context":208},380,{"file":186,"line":250,"context":208},383,{"file":186,"line":252,"context":208},458,{"file":186,"line":254,"context":208},460,{"file":186,"line":256,"context":208},463,{"file":186,"line":256,"context":208},{"file":186,"line":256,"context":208},{"file":186,"line":260,"context":208},466,{"file":186,"line":262,"context":208},467,{"file":186,"line":262,"context":208},{"file":186,"line":262,"context":208},{"file":186,"line":266,"context":208},470,{"file":186,"line":268,"context":208},471,{"file":186,"line":268,"context":208},{"file":186,"line":268,"context":208},{"file":186,"line":272,"context":208},474,{"file":186,"line":274,"context":208},475,{"file":186,"line":276,"context":208},478,{"file":186,"line":278,"context":208},479,[],[],{"summary":282,"deductions":283},"The static analysis of ad-widget v2.20.1 reveals a plugin with a seemingly minimal attack surface, reporting zero AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, it claims to use prepared statements for all SQL queries and avoids dangerous functions, file operations, and external HTTP requests.  However, a significant concern arises from the complete lack of output escaping, with 0% of 42 outputs being properly escaped. This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into web pages rendered by the plugin. The absence of nonce and capability checks also means that any interaction points, if they exist and were missed in the static analysis, could be susceptible to unauthorized actions.",[284,286,289,292],{"reason":285,"points":187},"0% properly escaped output",{"reason":287,"points":288},"1 unpatched critical CVE",18,{"reason":290,"points":291},"Missing nonce checks",7,{"reason":293,"points":291},"Missing capability checks","2026-03-16T18:27:55.175Z",{"wat":296,"direct":303},{"assetPaths":297,"generatorPatterns":299,"scriptPaths":300,"versionParams":301},[298],"\u002Fwp-content\u002Fplugins\u002Fad-widget\u002Fassets\u002Fwidgets.js",[],[298],[302],"ad-widget\u002Fassets\u002Fwidgets.js?ver=",{"cssClasses":304,"htmlComments":307,"htmlAttributes":308,"restEndpoints":312,"jsGlobals":313,"shortcodeOutput":314},[305,306],"AdWidget_HTMLWidget","AdWidget_ParkaveWidget",[],[309,310,311],"id=\"w_parkave_button\"","name=\"w_adcode\"","name=\"w_adv\"",[],[],[]]