[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsdwe-WdQIdIoZNaWevx0Vx03DNQulLDrsZ3zVTxAAY0":3,"$fUGcBe2SdcujL1nJudfjVsMOrDBc3UlWIBqM4ZIYuLkg":89,"$fTzuz99ShHs2Hm5ag-GrYRWpxmF9caYsivDfHm4G8Eo4":94},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":15,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":13,"unpatched_count":13,"last_vuln_date":21,"fetched_at":22,"discovery_status":23,"vulnerabilities":24,"developer":25,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":71},"archives-by-category-v20","Archives by Category","1.0","ljmacphee","https:\u002F\u002Fprofiles.wordpress.org\u002Fljmacphee\u002F","\u003Cp>This will create a list of all your posts.  They will be ordered alphabetically by category.  Category names will be anchor links so you\u003Cbr \u002F>\ncan easily link to them.  You can put this as a list in your side bar or you can create an Archives page, whichever you prefer.\u003C\u002Fp>\n\u003Cp>Version 1.0 works with WP prior to version 2.3\u003Cbr \u002F>\nVersion 2.2 prevents tags from showing up as a category in your list\u003Cbr \u002F>\nVersion 2.1 fixes errors when table prefix is not wp_\u003C\u002Fp>\n","This will create a list of all your posts.  They will be ordered alphabetically by category.  Category names will be anchor links so you",10,3755,0,"2007-10-17T18:57:00.000Z","","2.3.0",[],"http:\u002F\u002Fherselfswebtools.com\u002F2007\u002F10\u002Fhere-is-a-quick-way-to-print-a-list-of-all-your-posts-by-category-in-wordpress.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farchives-by-category-v20.zip",85,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},6,80,30,84,"2026-07-15T04:23:43.781Z",[],{"attackSurface":33,"codeSignals":48,"taintFlows":63,"riskAssessment":64,"analyzedAt":70},{"hooks":34,"ajaxHandlers":44,"restRoutes":45,"shortcodes":46,"cronEvents":47,"entryPointCount":13,"unprotectedCount":13},[35,41],{"type":36,"name":37,"callback":38,"file":39,"line":40},"filter","the_content","pc_generate_local","ArchivesByCategoryV1.0.php",81,{"type":36,"name":37,"callback":38,"file":42,"line":43},"ArchivesByCategoryV2.0.php",75,[],[],[],[],{"dangerousFunctions":49,"sqlUsage":50,"outputEscaping":60,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":62},[],{"prepared":13,"raw":51,"locations":52},3,[53,56,58],{"file":39,"line":54,"context":55},26,"$wpdb->get_results() with variable interpolation",{"file":39,"line":57,"context":55},63,{"file":42,"line":59,"context":55},27,{"escaped":13,"rawEcho":13,"locations":61},[],[],[],{"summary":65,"deductions":66},"The \"archives-by-category-v20\" plugin v1.0 presents a mixed security profile. On the positive side, the static analysis indicates a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Crucially, the code signals show that all identified output is properly escaped, and there are no dangerous functions, file operations, or external HTTP requests. The lack of known CVEs and past vulnerabilities is also a strong indicator of a generally secure development practice.\n\nHowever, a significant concern arises from the SQL queries. The analysis reveals three SQL queries, none of which utilize prepared statements. This means that if any user-controlled data is ever incorporated into these queries, the plugin would be vulnerable to SQL injection attacks. The absence of nonce and capability checks, while not directly exploitable due to the lack of other entry points, suggests a potential for future vulnerabilities if new entry points are introduced without proper security considerations. The taint analysis showing zero flows is good but may be limited by the scope of the analysis or the plugin's limited functionality.\n\nIn conclusion, while the plugin exhibits good practices in output escaping and has a clean vulnerability history, the unescaped SQL queries represent a critical potential security flaw. The plugin's strengths lie in its limited attack surface and proper output handling, but the reliance on raw SQL without prepared statements is a notable weakness that requires immediate attention.",[67],{"reason":68,"points":69},"Raw SQL queries without prepared statements",15,"2026-03-17T01:37:52.366Z",{"wat":72,"direct":77},{"assetPaths":73,"generatorPatterns":74,"scriptPaths":75,"versionParams":76},[],[],[],[],{"cssClasses":78,"htmlComments":79,"htmlAttributes":81,"restEndpoints":82,"jsGlobals":83,"shortcodeOutput":84},[],[80],"\u003C!-- archivesbycategory -->",[],[],[],[85,86,87,86,88],"\u003Cli>\u003Ch3>\u003Ca name=\"","\">","\u003C\u002Fa>\u003C\u002Fh3>\u003C\u002Fli>\u003Cli>\u003Ca href=\"","\u003C\u002Fa>\u003C\u002Fli>",{"error":90,"url":91,"statusCode":92,"statusMessage":93,"message":93},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Farchives-by-category-v20\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":95},[]]