[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKsgboYdjyvIjxrSL1GqcuJg9OeCBkPHhRresbAg62CQ":3,"$fj-8cvfGugcPWXwSOQL7JXKAaR8Byqop18Xg1W79V-lg":325,"$flxPAntAJOAWEJKaqD3Chi3j-Zt6f_VJjBVPSdLd0Q0o":329},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":40,"analysis":145,"fingerprints":302},"announcements","Announcements","1.9.3","Tomas","https:\u002F\u002Fprofiles.wordpress.org\u002Fzhuyi\u002F","\u003Cp>Plugin Name: Announcements\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Ftooltips.org\u002Fproduct\u002Fannouncements\u002F\" rel=\"nofollow ugc\">Free Download\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftooltips.org\u002Fwordpress-tooltip-plugin\u002Fannouncements\u002F\" rel=\"nofollow ugc\">Announcements Document\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftooltips.org\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">404s Support\u003C\u002Fa>| \u003Ca href=\"https:\u002F\u002Ftooltips.org\u002Fforums\" rel=\"nofollow ugc\">Support Forums\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Announcements  is a simple & easy-to-use solution that help you to show \u002F edit \u002F add \u002F delete announcements in your admin area, if user logged in your admin area, they will see all announcements first,\u003Cbr \u002F>\nif logged in users do not accept your announcements, they can not open any menu or links in your wordpress back end, the only page they can view is your announcements in back end. This plugin can help you show TOS or Notes for any users when they logged in your back end\u003C\u002Fp>\n\u003Cp>In Announcements setting panel, you will add title, message in Announcement Message Editor, also there are options that allow users view an announcement and  do not need to access the  agreement, and still can open admin menu or links, all these announcements will be stored\u003Cbr \u002F>\nin Announcements menu, if users open announcements menu, they will find any messages \u002F notes you sent to them.\u003C\u002Fp>\n\u003Cp>Announcements setting panel, you can add \u002F edit \u002F delete any announcements very easy.\u003C\u002Fp>\n\u003Cp>More amazing features are being developed and any feature request is welcome.\u003C\u002Fp>\n\u003Cp>Feature request & Support URI: https:\u002F\u002Ftooltips.org\u002Fforums \u003C\u002Fp>\n\u003Ch3>Download\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fannouncements\u002F\u003C\u002Fp>\n","When users logged in admin area, they will see announcements first,  if users  did not accept announcements, they can not open any menu in back end.",10,5543,90,2,"2024-02-08T21:33:00.000Z","6.4.8","3.2","",[20,4,21,22,23],"announcement","dashboard","memo","note","https:\u002F\u002Ftooltips.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fannouncements.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"zhuyi",12,7210,88,526,71,"2026-05-19T20:59:45.741Z",[41,61,79,103,123],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":54,"tags":56,"homepage":58,"download_link":59,"security_score":51,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":60},"jamp-notes","JAMP Notes (Just Another Memo Plugin)","1.6.0","Andrea Porotti","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreaporotti\u002F","\u003Cp>Using this plugin you can attach notes to some elements in the WordPress dashboard, such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>posts\u003C\u002Fli>\n\u003Cli>pages\u003C\u002Fli>\n\u003Cli>custom post types from other plugins (except the notes from this plugin)\u003C\u002Fli>\n\u003Cli>users\u003C\u002Fli>\n\u003Cli>plugins\u003C\u002Fli>\n\u003Cli>dashboard sections\u003C\u002Fli>\n\u003Cli>the whole dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It can be helpfull if you manage a site with other people or just to take notes for yourself.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>manage notes like the standard posts by opening the Notes page from the admin menu.\u003C\u002Fli>\n\u003Cli>while editing a note, use the meta box on the right to set note properties (position, color,…)\u003C\u002Fli>\n\u003Cli>manage section and global notes from the admin bar.\u003C\u002Fli>\n\u003Cli>manage item notes (eg. posts and pages) from the custom column in the admin pages.\u003C\u002Fli>\n\u003Cli>get notes details by hovering the mouse on the “Info” links or clicking on the “I” icons.\u003C\u002Fli>\n\u003Cli>add text, images and links in the note content.\u003C\u002Fli>\n\u003Cli>deleted notes go to the trash, so they can be restored.\u003C\u002Fli>\n\u003Cli>automatically discovers custom post types added by other plugins (eg. events, books…).\u003C\u002Fli>\n\u003Cli>creates a list of the dashboard sections based on the admin menu items.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Configuration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Settings for the plugin are available on the \u003Cem>Settings\u003C\u002Fem> -> \u003Cem>JAMP Notes\u003C\u002Fem> page.\u003C\u002Fp>\n\u003Cp>Please note:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>by default the plugin data is kept after uninstall. You can choose to delete notes and settings enabling the data removal option.\u003C\u002Fli>\n\u003Cli>after activation, the plugin enables notes for all the existing public post types. If you then install other plugins which create new post types, you have to manually enable them in the JAMP settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Permissions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The notes are currently available only for the users with the “Administrator” role.\u003Cbr \u002F>\nEach Administrator can manage all notes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you find any errors or compatibility issues with other plugins, please let me know in the support forum. Thanks!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies and it does not connect to any third-party services.\u003C\u002Fp>\n","This plugin allows you to attach notes to some WordPress elements like posts, pages, dashboard sections and more.",400,4673,100,7,"2026-04-12T21:04:00.000Z","7.0","6.0",[21,22,23,57],"notes","https:\u002F\u002Fgithub.com\u002Fandreaporotti\u002Fjust-another-memo-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjamp-notes.1.6.0.zip","2026-04-16T10:56:18.058Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":27,"downloaded":69,"rating":27,"num_ratings":27,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":18,"download_link":78,"security_score":51,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"blocdash-backend-dashboard-toolkit","Blocdash – Backend Dashboard Toolkit","1.0.1","Digitaldive","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitaldive\u002F","\u003Cp>Blocdash is a modular dashboard framework for WordPress block themes. Enable only the features you need and control access by role. It includes frontend login\u002Fregister\u002Fprofile forms, an announcements feed with likes and replies, and optional Google OAuth login.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin can connect to Google services when the optional Google Login and\u002For One Tap features are enabled.\u003C\u002Fp>\n\u003Cp>Service: Google OAuth \u002F Google Identity Services (One Tap)\u003Cbr \u002F>\nWhat it is used for: Allow users to authenticate with their Google account on the front-end login flow.\u003Cbr \u002F>\nWhat data is sent and when:\u003Cbr \u002F>\n– When a user initiates Google Login or One Tap, their browser loads Google’s Identity Services script and is directed to Google for authentication.\u003Cbr \u002F>\n– The site sends the OAuth authorization code, client ID, and client secret to Google’s token endpoint to obtain an access token.\u003Cbr \u002F>\n– The access token is then sent to Google’s userinfo endpoint to retrieve the user’s profile details (such as email address, name, and Google user ID) required to sign them in or create a WordPress account.\u003C\u002Fp>\n\u003Cp>Terms of service: https:\u002F\u002Fpolicies.google.com\u002Fterms\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>If Google Login or One Tap is enabled, the plugin sends requests to Google OAuth endpoints to authenticate users. No other external services are contacted by default.\u003C\u002Fp>\n","Blocdash provides a modular frontend dashboard with announcements, login\u002Fregister\u002Fprofile forms, and optional Google login for block themes.",150,"2026-02-01T16:32:00.000Z","6.9.4","5.8","7.4",[4,75,21,76,77],"block","login","register","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblocdash-backend-dashboard-toolkit.1.0.1.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":27,"last_vuln_date":102,"fetched_at":60},"wp-dashboard-notes","WP Dashboard Notes","1.0.13","Jeroen Sormani","https:\u002F\u002Fprofiles.wordpress.org\u002Fsormano\u002F","\u003Cp>Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Colored notes\u003C\u002Fli>\n\u003Cli>List notes or regular notes\u003C\u002Fli>\n\u003Cli>Public or private notes\u003C\u002Fli>\n\u003Cli>Edit on dashboard\u003C\u002Fli>\n\u003Cli>Add as many notes as you like\u003C\u002Fli>\n\u003Cli>Drag & drop list items\u003C\u002Fli>\n\u003Cli>No save button needed!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Feature requests, ratings and donations are welcome and appreciated!\u003C\u002Fstrong>\u003C\u002Fp>\n","Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user  …",20000,249722,92,109,"2026-04-08T12:28:00.000Z","6.8.5","4.0",[95,96,23,57,97],"admin-note","dashboard-notes","to-do-list","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-dashboard-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dashboard-notes.1.0.13.zip",98,3,"2024-08-09 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":89,"num_ratings":34,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":118,"download_link":119,"security_score":120,"vuln_count":121,"unpatched_count":121,"last_vuln_date":122,"fetched_at":60},"dashboard-notepad","Dashboard Notepad","1.42","Stephanie Leary","https:\u002F\u002Fprofiles.wordpress.org\u002Fsillybean\u002F","\u003Cp>This dashboard widget provides a simple notepad. The widget settings allow you to choose which roles can edit the notes, and which roles can merely read them. Version 1.30 also adds support for custom roles and integrates with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmembers\u002F\" rel=\"ugc\">Members plugin\u003C\u002Fa> for role settings.\u003C\u002Fp>\n\u003Cp>You can display the contents of your notepad using a template tag and\u002For shortcode. The widget permissions apply to these tags as well: only users with permission to read the notes will see the notes on the front end. You can use \u003Ccode>div#dashboard-notes\u003C\u002Fcode> in your theme’s CSS file to style the notes.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Belorussian (be_BY) by \u003Ca href=\"http:\u002F\u002Ffatcow.com\" rel=\"nofollow ugc\">FatCow\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Bulgarian (bg_BG) by \u003Ca href=\"http:\u002F\u002Fwww.siteground.com\u002F\" rel=\"nofollow ugc\">SiteGround\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) by Axel Vanderhaeghen\u003C\u002Fli>\n\u003Cli>German (de_DE) by Guido Kerkewitz\u003C\u002Fli>\n\u003Cli>Italian (it_IT) translation by Francesco Bevivino\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO) by Web Hosting Geeks (\u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002F\" rel=\"nofollow ugc\">Web\u003Cbr \u002F>\nGeek Sciense\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Swedish (se_SV) by \u003Ca href=\"http:\u002F\u002Fwww.rabatt.se\" rel=\"nofollow ugc\">Rabatt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Ukranian (uk_UA) by \u003Ca href=\"http:\u002F\u002Fgetvoip.com\u002Fblog\" rel=\"nofollow ugc\">Michael Yunat\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>If you would like to send me a translation, please write to me through \u003Ca href=\"http:\u002F\u002Fsillybean.net\u002Fabout\u002Fcontact\u002F\" rel=\"nofollow ugc\">my contact page\u003C\u002Fa>. Let me know which plugin you’ve translated and how you would like to be credited. I will write you back so you can attach the files in your reply.\u003C\u002Fp>\n","The very simplest of notepads for your Dashboard.",10000,92903,"2017-11-28T13:39:00.000Z","4.1.42","2.8",[21,57,117],"widget","http:\u002F\u002Fsillybean.net\u002Fcode\u002Fwordpress\u002Fdashboard-notepad\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-notepad.1.42.zip",63,1,"2025-09-22 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":51,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":143,"vuln_count":14,"unpatched_count":27,"last_vuln_date":144,"fetched_at":60},"plugin-notes-plus","Plugin Notes Plus","1.2.10","jamiebergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamiebergen\u002F","\u003Cp>Have you ever returned to a site that you built a while back and asked, “Why did I install this plugin?” This plugin provides an extra column on the Plugins page that enables you to add, edit, or delete notes about the plugins you have installed on a particular site. These notes are intended to provide documentation regarding why a particular plugin was installed and how or where it’s being used.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add as many or as few notes as you need for each plugin.\u003C\u002Fli>\n\u003Cli>Edit or delete notes as desired.\u003C\u002Fli>\n\u003Cli>Select an icon to go with each note to quickly convey what type of content it contains (e.g., info, warning, link, etc.)\u003C\u002Fli>\n\u003Cli>Format notes using basic HTML tags if desired.\u003C\u002Fli>\n\u003Cli>Any links included in the note will be automatically converted to \u003Ccode>target=\"_blank\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Notes are added and updated via Ajax, avoiding slow page reloads.\u003C\u002Fli>\n\u003Cli>Notes also display on the WordPress Updates page for any plugins that need to be updated.\u003C\u002Fli>\n\u003Cli>A filter is provided if you would like to display notes beneath the plugin description instead of in a separate column.\u003C\u002Fli>\n\u003Cli>A filter is available to selectively hide or display plugin notes in the admin.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a column to the Plugins page where you can add, edit, or delete notes about a plugin.",9000,75661,61,"2025-03-20T00:08:00.000Z","6.7.5","6.2","5.6",[22,139,140],"plugin-notes","plugins","https:\u002F\u002Fgithub.com\u002Fjamiebergen\u002Fplugin-notes-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-notes-plus.1.2.10.zip",91,"2024-08-16 00:00:00",{"attackSurface":146,"codeSignals":169,"taintFlows":220,"riskAssessment":295,"analyzedAt":301},{"hooks":147,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":27,"unprotectedCount":27},[148,154,157,160],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","wp_enqueue_scripts","tomas_announcementLoaderScripts","announcement.php",35,{"type":149,"name":155,"callback":156,"file":152,"line":69},"admin_menu","tomas_announcementInsertMenu",{"type":149,"name":155,"callback":158,"file":152,"line":159},"tomas_announcementMenu",151,{"type":149,"name":161,"callback":162,"file":163,"line":164},"wp_head","tomas_frontendAnnouncementTop","frontendannouncementload.php",21,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":174,"fileOperations":27,"externalRequests":27,"nonceChecks":218,"capabilityChecks":121,"bundledLibraries":219},[],{"prepared":172,"raw":27,"locations":173},31,[],{"escaped":175,"rawEcho":176,"locations":177},22,18,[178,181,184,186,188,190,192,194,196,198,200,202,204,207,209,211,213,216],{"file":152,"line":179,"context":180},158,"raw output",{"file":182,"line":183,"context":180},"frontend.php",167,{"file":182,"line":185,"context":180},168,{"file":182,"line":187,"context":180},172,{"file":182,"line":189,"context":180},173,{"file":182,"line":191,"context":180},174,{"file":182,"line":193,"context":180},184,{"file":182,"line":195,"context":180},185,{"file":182,"line":197,"context":180},190,{"file":182,"line":199,"context":180},191,{"file":182,"line":201,"context":180},192,{"file":163,"line":203,"context":180},14,{"file":205,"line":206,"context":180},"frontendannouncementsettings.php",39,{"file":205,"line":208,"context":180},55,{"file":205,"line":210,"context":180},69,{"file":205,"line":212,"context":180},77,{"file":214,"line":215,"context":180},"serverend.php",205,{"file":214,"line":217,"context":180},324,5,[],[221,239,251,259],{"entryPoint":222,"graph":223,"unsanitizedCount":27,"severity":238},"\u003Cfrontend> (frontend.php:0)",{"nodes":224,"edges":235},[225,230],{"id":226,"type":227,"label":228,"file":182,"line":229},"n0","source","$_POST",27,{"id":231,"type":232,"label":233,"file":182,"line":172,"wp_function":234},"n1","sink","query() [SQLi]","query",[236],{"from":226,"to":231,"sanitized":237},true,"low",{"entryPoint":240,"graph":241,"unsanitizedCount":27,"severity":238},"tomas_webFrontendAnnouncementSettingsPanel (frontendannouncementsettings.php:8)",{"nodes":242,"edges":249},[243,245],{"id":226,"type":227,"label":228,"file":205,"line":244},19,{"id":231,"type":232,"label":246,"file":205,"line":247,"wp_function":248},"update_option() [Settings Manipulation]",26,"update_option",[250],{"from":226,"to":231,"sanitized":237},{"entryPoint":252,"graph":253,"unsanitizedCount":27,"severity":238},"\u003Cfrontendannouncementsettings> (frontendannouncementsettings.php:0)",{"nodes":254,"edges":257},[255,256],{"id":226,"type":227,"label":228,"file":205,"line":244},{"id":231,"type":232,"label":246,"file":205,"line":247,"wp_function":248},[258],{"from":226,"to":231,"sanitized":237},{"entryPoint":260,"graph":261,"unsanitizedCount":27,"severity":238},"\u003Cserverend> (serverend.php:0)",{"nodes":262,"edges":290},[263,265,269,273,276,278,282,285],{"id":226,"type":227,"label":228,"file":214,"line":264},49,{"id":231,"type":232,"label":266,"file":214,"line":267,"wp_function":268},"get_var() [SQLi]",75,"get_var",{"id":270,"type":227,"label":271,"file":214,"line":272},"n2","$_POST (x4)",53,{"id":274,"type":232,"label":233,"file":214,"line":275,"wp_function":234},"n3",102,{"id":277,"type":227,"label":228,"file":214,"line":193},"n4",{"id":279,"type":232,"label":280,"file":214,"line":197,"wp_function":281},"n5","get_row() [SQLi]","get_row",{"id":283,"type":227,"label":284,"file":214,"line":193},"n6","$_POST (x3)",{"id":286,"type":232,"label":287,"file":214,"line":288,"wp_function":289},"n7","echo() [XSS]",197,"echo",[291,292,293,294],{"from":226,"to":231,"sanitized":237},{"from":270,"to":274,"sanitized":237},{"from":277,"to":279,"sanitized":237},{"from":283,"to":286,"sanitized":237},{"summary":296,"deductions":297},"The \"announcements\" plugin v1.9.3 demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history suggest a commitment to security by the developers.  Furthermore, the code analysis shows positive signs such as 100% of SQL queries using prepared statements and the presence of nonce and capability checks, which are crucial for protecting against common WordPress attacks.\n\nHowever, there are areas for improvement. A significant portion of output (45%) is not properly escaped, which presents a potential risk for Cross-Site Scripting (XSS) vulnerabilities. While the attack surface appears minimal with no direct entry points detected, this unescaped output could be leveraged if an attacker finds a way to inject malicious code through other means or by manipulating plugin settings in a way not immediately apparent from the static analysis. The limited scope of taint analysis (4 flows) also means that deeper, more complex vulnerabilities might not have been uncovered.\n\nIn conclusion, the plugin is built on solid security foundations with good practices in place for database interactions and user authorization. The primary concern lies with the insufficient output escaping, which warrants attention to prevent potential XSS exploits. Addressing this would further solidify the plugin's security and bring it closer to a best-in-class security profile.",[298],{"reason":299,"points":300},"Insufficient output escaping",15,"2026-04-16T11:52:58.200Z",{"wat":303,"direct":309},{"assetPaths":304,"generatorPatterns":306,"scriptPaths":307,"versionParams":308},[305],"\u002Fwp-content\u002Fplugins\u002Fannouncements\u002Fasset\u002Fjs\u002Fscroll-up-bar.js",[],[305],[],{"cssClasses":310,"htmlComments":313,"htmlAttributes":315,"restEndpoints":321,"jsGlobals":322,"shortcodeOutput":324},[311,312],"updated","fade",[314],"Copyright 2016 - 2024 Tomas Zhu\n This program comes with ABSOLUTELY NO WARRANTY;\n https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-3.0.html\n https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fquick-guide-gplv3.html\n ",[316,317,318,319,320],"id=\"topbar\"","id=\"message\"","id=\"tomas_webFrontendAnnouncementForm\"","name=\"tomas_webFrontendAnnouncementForm\"","id=\"tomas_announcement_table\"",[],[323],"jQuery",[],{"error":237,"url":326,"statusCode":327,"statusMessage":328,"message":328},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fannouncements\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":330},[]]