[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbFfb7UIDQVHeMGik_FzgDr_YIaYujPIwPi2jNuq_-bc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":108,"fingerprints":187},"add-users-sidebar-widget","Add Users Sidebar Widget","1.0.3","ctltwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fctltwp\u002F","\u003Cp>Creates a sidebar widget that allows site users to add themselves to a blog based on predefined conditions. Based heavily on the sidebar add users widget by DSader\u003Cbr \u002F>\nThe security error from 1.0.1 was finally fixed, and now everything\u003Cbr \u002F>\nshould be ok. However, should you experience any more problems with the\u003Cbr \u002F>\nplugin, don’t hesitate to contact us (using the plugin webpage) as soon\u003Cbr \u002F>\nas possible.\u003C\u002Fp>\n","wordpress MU Requires at least: 2.6 Tested up to: 2.8 Stable tag: 1.0.3 Creates a sidebar widget that allows site users to add themselves to a blog b &hellip;",10,8448,0,"2009-12-03T04:16:00.000Z","",[17,18,19,20,21],"add-user","blog","sidebar","user","widget","http:\u002F\u002Fblogs.ubc.ca\u002Fsupport\u002Fplugins\u002Fadd-user-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-users-sidebar-widget.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},15,5800,84,34,77,"2026-04-04T14:42:06.706Z",[36,56,74,89,99],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":15,"tags":51,"homepage":54,"download_link":55,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"rss-blogroll","RSS Blogroll","0.4","pantsonhead","https:\u002F\u002Fprofiles.wordpress.org\u002Fpantsonhead\u002F","\u003Cp>I don’t really like Blogrolls, I think they’re often not much more than glorified link dumps. I don’t like how they give you nothing more than the Blog title, and unless that title really grabs your attention, you’re never gonna click it. I don’t like how they are often just a static list, commonly out of date, that you learn to ignore after the first 4 page views. In their current format, they just appear to be a great waste of space.\u003C\u002Fp>\n\u003Cp>This is why I decided to create the RSS Blogroll plugin. RSS Blogroll allows you to link to your favourite blogs via the latest items from their RSS\u002FAtom feed. Article titles are much more attention grabbing and will deliver much higher quality traffic. We all hate clicking through to abandoned blogs – displaying article publication dates also lets readers know these are up to date and active sites.\u003C\u002Fp>\n\u003Cp>Many of us want to direct some of our traffic to related sites. RSS Blogroll will create deeplinks to the target sites, which are much more useful for SEO than homepage links. Overall it’s a win-win situation with a better browsing experience for users and the linked sites getting more visitors who are actually interested in their content.\u003C\u002Fp>\n","Sidebar widget that links to recent entries from RSS\u002FAtom feeds.",100,13947,46,3,"2015-08-02T05:10:00.000Z","4.2.39","2.8",[52,53,19,21],"blogroll","rss","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frss-blogroll\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frss-blogroll.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":47,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":15,"tags":70,"homepage":15,"download_link":73,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"user-role-widget-areas","User Role Widget Areas","1.4","Rob Smelik","https:\u002F\u002Fprofiles.wordpress.org\u002Frob-smelik\u002F","\u003Ch3>Description\u003C\u002Fh3>\n\u003Cp>This plugin allows you to selectively display content in your themes active widget areas based on the user roles (Administrator, Editor, Author, Contributor or Subscriber) of logged in users. It also comes with two user status based widget areas for displaying content to all logged in users or all logged out users. All user role and status based widget areas can be displayed in any existing sidebar or widget area within your theme.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>5 User role based widget areas, one for each of the standard WordPress user roles.\u003C\u002Fli>\n\u003Cli>2 User status based widget areas, one for logged in users and one for logged out users.\u003C\u002Fli>\n\u003Cli>2 Widgets for displaying your new widget areas on the front end (public site).\u003C\u002Fli>\n\u003Cli>Additional shortcodes for displaying your user role and user status based widget areas.\u003C\u002Fli>\n\u003Cli>The ability to hard code the script into your theme that displays the widget areas on the front end.\u003C\u002Fli>\n\u003Cli>Uses standard WordPress \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FRoles_and_Capabilities\" rel=\"nofollow ugc\">Roles and Capabilities\u003C\u002Fa> functions.\u003C\u002Fli>\n\u003Cli>Well documented, lightweight code that is built for speed (the plugin itself is only 11kb).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Rate The Plugin\u003C\u002Fh3>\n\u003Cp>If you like this plugin and find it useful please take a moment to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fuser-role-widget-areas#postform\" rel=\"ugc\">rate it\u003C\u002Fa>. Thanks!\u003C\u002Fp>\n","Description",20,4824,74,"2015-10-24T20:28:00.000Z","4.3.34","3.9",[71,19,20,21,72],"role","widget-area","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-role-widget-areas.zip",{"slug":75,"name":76,"version":77,"author":15,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":13,"num_ratings":13,"last_updated":82,"tested_up_to":50,"requires_at_least":83,"requires_php":15,"tags":84,"homepage":87,"download_link":88,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"blogintroduction-wordpress-widget","blogintroduction","0.3.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimhbel\u002F","\u003Cp>This is a widget that brings up a little preview of a site into the sidebar. If you want to use this in a widget-less \u002F static sidebar, give \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fblogintroduction-wordpress-plugin\u002F\" title=\"blogintroduction-wordpress-plugin\" rel=\"ugc\">blogintroduction-wordpress-plugin\u003C\u002Fa> a chance. The link is chosen by random out of the links in the WordPress link-manager. You can specify a single link-category or use all categories for the random-link-base.\u003C\u002Fp>\n\u003Cp>You can also decide to show invisible\u002Fprivate links. This is for the case you want to show links as a preview you don’t want to show in the linkroll.\u003C\u002Fp>\n\u003Cp>If you want and if there is a description for the link done in the link-description-field it would be shown.\u003C\u002Fp>\n\u003Cp>A refreshing via AJAX could be enabled with a specific time (in seconds) when the next thumbnail would be loaded.\u003C\u002Fp>\n\u003Cp>This widget uses the \u003Ca href=\"http:\u002F\u002Fwww.websnapr.com\u002F\" title=\"Website Thumbnais For Your Site\" rel=\"nofollow ugc\">websnapr\u003C\u002Fa>-Service for generating the thumbnail-images. Keep their \u003Ca href=\"http:\u002F\u002Fwww.websnapr.com\u002Fterms\u002F\" title=\"General Terms and Conditions for Websnapr\" rel=\"nofollow ugc\">term of use\u003C\u002Fa> in mind. You should get an API-Key for free from there to use this widget and get more then 80 snapshots per hour, with key it would be about 340 per hour (250.000 a month).\u003C\u002Fp>\n\u003Cp>Since Version 0.3.0 you could also use the image-link stored in the link-manager for containing the link to the preview-image. If no link is given the widget would use websnapr as fall back.\u003C\u002Fp>\n\u003Cp>If you want to translate the plugin, feel free to do it! Since Version 0.2.0 the Output is fully internationalized.\u003C\u002Fp>\n\u003Cp>To see the widget working in a production-environment, visit the \u003Ca href=\"http:\u002F\u002Fblog.huebel-online.de\u002F\" title=\"Blog of Kim Huebel\" rel=\"nofollow ugc\">author’s blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you want to leave a feedback, feel free to do this on the \u003Ca href=\"http:\u002F\u002Fblog.huebel-online.de\u002Fblogintroduction-wordpress-widget\u002F\" title=\"Home of blogintroduction-wordpress-widget - Blog of Kim Huebel\" rel=\"nofollow ugc\">plugin’s homepage\u003C\u002Fa> of the author’s blog. Though the pages are in german, comments in english are wellcome, too.\u003C\u002Fp>\n","Shows a thumbnail of a blogroll\u002Flinkroll-entry by random",3786,"2009-05-23T18:16:00.000Z","2.1",[18,85,19,86,21],"introduction","thumbnail","http:\u002F\u002Fblog.huebel-online.de\u002Fblogintroduction-wordpress-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblogintroduction-wordpress-widget.0.3.0.zip",{"slug":90,"name":91,"version":92,"author":60,"author_profile":61,"description":93,"short_description":63,"active_installs":11,"downloaded":94,"rating":13,"num_ratings":13,"last_updated":95,"tested_up_to":68,"requires_at_least":69,"requires_php":15,"tags":96,"homepage":15,"download_link":98,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"urwa-for-bbpress","URWA for bbPress","1.0","\u003Ch3>Description\u003C\u002Fh3>\n\u003Cp>User Role Widget Areas for bbPress allows you to selectively display content in your themes active widget areas based on standard bbPress user roles (bbPress Keymaster, bbPress Moderator, bbPress Participant, bbPress Spectator) of logged in users. All user role widget areas can be displayed in \u003Cstrong>any\u003C\u002Fstrong> existing sidebar or widget area within your theme.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>4 User role based widget areas, one for each of the standard bbPress user roles.\u003C\u002Fli>\n\u003Cli>1 display widget for displaying your new widget areas on the front end (public site).\u003C\u002Fli>\n\u003Cli>An additional shortcode for displaying your user role and user status based widget areas.\u003C\u002Fli>\n\u003Cli>The ability to hard code the script into your theme that displays the widget areas on the front end.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Information\u003C\u002Fh3>\n\u003Cp>This plugin is designed to work with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbbpress\u002F\" rel=\"ugc\">bbPress\u003C\u002Fa>, a popular, full-featured forum plugin for WordPress. Therefore, bbPress needs to be installed and activated for the plugin to work.\u003C\u002Fp>\n\u003Ch3>Rate The Plugin\u003C\u002Fh3>\n\u003Cp>If you like this plugin and find it useful please take a moment to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Furwa-for-bbpress#postform\" rel=\"ugc\">rate it\u003C\u002Fa>. Thanks!\u003C\u002Fp>\n",1548,"2015-10-30T03:58:00.000Z",[97,19,20,21,72],"bbpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furwa-for-bbpress.zip",{"slug":100,"name":101,"version":92,"author":60,"author_profile":61,"description":102,"short_description":63,"active_installs":11,"downloaded":103,"rating":13,"num_ratings":13,"last_updated":104,"tested_up_to":68,"requires_at_least":69,"requires_php":15,"tags":105,"homepage":15,"download_link":107,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"urwa-for-dokan","URWA for Dokan","\u003Ch3>Description\u003C\u002Fh3>\n\u003Cp>User Role Widget Areas for Dokan allows you to selectively display content in your themes active widget areas based on  Dokan user roles (Dokan Administrator, Dokan Seller, Dokan Customer) of logged in users. All user role widget areas can be displayed in \u003Cstrong>any\u003C\u002Fstrong> existing sidebar or widget area within your theme.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>3 User role based widget areas, one for each of the standard Dokan user roles.\u003C\u002Fli>\n\u003Cli>1 display widget for displaying your new widget areas on the front end (public site).\u003C\u002Fli>\n\u003Cli>Additional shortcodes for displaying your user role and user status based widget areas.\u003C\u002Fli>\n\u003Cli>The ability to hard code the script into your theme that displays the widget areas on the front end.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Information\u003C\u002Fh3>\n\u003Cp>Dokan \u003Cstrong>requires WooCommerce\u003C\u002Fstrong> and is built upon the existing WooCommerce \u003Cstrong>Shop Manager\u003C\u002Fstrong> role to provide a front-end vendor marketplace solution. Therefore, widgets placed in the User – Dokan Seller widget area are also visible to users that have been assigned the WooCommerce Shop Manager role. This functionality is needed for the Dokan Seller to also manage his or her products.\u003C\u002Fp>\n\u003Ch3>Dokan Compatibility\u003C\u002Fh3>\n\u003Cp>This plugin is designed to work with both the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdokan-lite\u002F\" rel=\"ugc\">Lite Version\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwedevs.com\u002Fproducts\u002Fplugins\u002Fdokan\u002F\" rel=\"nofollow ugc\">Full Version\u003C\u002Fa> of the Dokan Multivendor plugin.\u003C\u002Fp>\n\u003Ch3>Rate The Plugin\u003C\u002Fh3>\n\u003Cp>If you like this plugin and find it useful please take a moment to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Furwa-for-dokan#postform\" rel=\"ugc\">rate it\u003C\u002Fa>. Thanks!\u003C\u002Fp>\n",2262,"2015-10-29T23:56:00.000Z",[106,19,20,21,72],"dokan","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furwa-for-dokan.zip",{"attackSurface":109,"codeSignals":121,"taintFlows":154,"riskAssessment":180,"analyzedAt":186},{"hooks":110,"ajaxHandlers":117,"restRoutes":118,"shortcodes":119,"cronEvents":120,"entryPointCount":13,"unprotectedCount":13},[111],{"type":112,"name":113,"callback":114,"file":115,"line":116},"action","widgets_init","add_user_widget_init","add-users-sidebar-widget.php",202,[],[],[],[],{"dangerousFunctions":122,"sqlUsage":123,"outputEscaping":125,"fileOperations":13,"externalRequests":13,"nonceChecks":152,"capabilityChecks":13,"bundledLibraries":153},[],{"prepared":13,"raw":13,"locations":124},[],{"escaped":13,"rawEcho":126,"locations":127},12,[128,131,133,134,136,138,140,142,144,146,148,150],{"file":115,"line":129,"context":130},58,"raw output",{"file":115,"line":132,"context":130},71,{"file":115,"line":66,"context":130},{"file":115,"line":135,"context":130},76,{"file":115,"line":137,"context":130},89,{"file":115,"line":139,"context":130},120,{"file":115,"line":141,"context":130},124,{"file":115,"line":143,"context":130},163,{"file":115,"line":145,"context":130},164,{"file":115,"line":147,"context":130},177,{"file":115,"line":149,"context":130},178,{"file":115,"line":151,"context":130},180,2,[],[155,172],{"entryPoint":156,"graph":157,"unsanitizedCount":13,"severity":171},"add_the_user (add-users-sidebar-widget.php:33)",{"nodes":158,"edges":168},[159,163],{"id":160,"type":161,"label":162,"file":115,"line":135},"n0","source","$_SERVER['REQUEST_URI']",{"id":164,"type":165,"label":166,"file":115,"line":135,"wp_function":167},"n1","sink","echo() [XSS]","echo",[169],{"from":160,"to":164,"sanitized":170},true,"low",{"entryPoint":173,"graph":174,"unsanitizedCount":13,"severity":171},"\u003Cadd-users-sidebar-widget> (add-users-sidebar-widget.php:0)",{"nodes":175,"edges":178},[176,177],{"id":160,"type":161,"label":162,"file":115,"line":135},{"id":164,"type":165,"label":166,"file":115,"line":135,"wp_function":167},[179],{"from":160,"to":164,"sanitized":170},{"summary":181,"deductions":182},"The \"add-users-sidebar-widget\" plugin v1.0.3 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs and zero recorded vulnerabilities in its history is a positive indicator of its development and maintenance. Furthermore, the analysis shows a complete lack of direct SQL injection risks due to the exclusive use of prepared statements. The plugin also avoids common attack vectors such as AJAX handlers, REST API routes, shortcodes, and cron events that often serve as entry points for attackers. \n\nHowever, a significant concern arises from the complete lack of output escaping. With 12 total outputs and 0% properly escaped, this represents a critical weakness. This means any data displayed by the widget, if it originates from user input or other untrusted sources, is vulnerable to cross-site scripting (XSS) attacks. While the taint analysis found no unsanitized paths, this is likely due to the limited attack surface identified and doesn't mitigate the risk of XSS in the existing output points. The presence of two nonce checks is a good practice, but the absence of capability checks on any potential, albeit undiscovered, entry points is a potential oversight that could be exploited if new vulnerabilities are introduced. \n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the unescaped output is a serious flaw that significantly elevates the risk. This particular weakness demands immediate attention to prevent potential XSS exploits, which could compromise user sessions and data. The overall security is decent, but this single unaddressed issue significantly tarnishes its reputation.",[183],{"reason":184,"points":185},"Output not properly escaped",8,"2026-03-17T01:40:41.518Z",{"wat":188,"direct":193},{"assetPaths":189,"generatorPatterns":190,"scriptPaths":191,"versionParams":192},[],[],[],[],{"cssClasses":194,"htmlComments":196,"htmlAttributes":199,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":214},[195],"sidebar_adduser",[197,198],"\u003C!-- The form that the user clicks on if they want to be added to the blog-->","\u003C!-- Here is our little form segment. Notice that we don't need a complete form. This will be embedded into the existing form.-->",[200,201,202,203,204,205,206,207,208,209,210],"name=\"sidebar_adduser\"","id=\"sidebar_adduser\"","name=\"user_password\"","name=\"adduser-nonce\"","id=\"sidebar_addusersub\"","name=\"sidebar_adduser-submit\"","name=\"sidebar_adduser-title\"","name=\"sidebar_adduser-button\"","name=\"privilege\"","name=\"sidebar_adduser-error\"","name=\"use_password\"",[],[213],"window.add_the_user",[]]