[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB4B4qC57MbLvWryaGotZbCGO_5Ag14ms9iR_RXd-NIA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":118,"fingerprints":172},"auto-tooltip","auto tooltip","3.1","abdolmajed baloch","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonadicom\u002F","\u003Cp>easy adding very good tooltip on your blog.\u003Cbr \u002F>\nhttp:\u002F\u002Fyonadi.com\u003Cbr \u002F>\nhttp:\u002F\u002Firan98.org\u002F\u003C\u002Fp>\n\u003Cp>add tooltip on your blog.\u003C\u002Fp>\n\u003Cp>use your wanted style if you dont like this style or color\u003C\u002Fp>\n","easy adding very good tooltip on your blog. http:\u002F\u002Fyonadi.com http:\u002F\u002Firan98.org\u002F",10,12491,0,"","3.1.4","2.0.2",[18,19,20,21],"ajax","javascript","link","links","http:\u002F\u002Fwww.yonadi.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-tooltip.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"yonadicom",1,30,94,"2026-04-04T13:06:17.629Z",[35,51,71,89,105],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":45,"requires_at_least":16,"requires_php":14,"tags":46,"homepage":47,"download_link":48,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":50},"ajax-slide","AJAX Slide","2.21","Julian Widya Perdana","https:\u002F\u002Fprofiles.wordpress.org\u002Fjulianwp\u002F","\u003Cp>Gives sliding animation on your page whenever you are going to go to another link using AJAX.\u003C\u002Fp>\n\u003Cp>It works just like Page Slide animation on Microsoft Power Point. So you will see fading animations before you were redirected to desired URL.\u003C\u002Fp>\n","Gives sliding animation on your page whenever you are going to go to another link using AJAX.",7964,"2009-12-22T23:54:00.000Z","2.8.2",[18,19,20,21],"http:\u002F\u002Fmr.hokya.com\u002Fajax-slide","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-slide.zip",85,"2026-03-15T15:16:48.613Z",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":24,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":14,"tags":65,"homepage":69,"download_link":70,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":50},"turbolinks","Turbolinks","1.0.0","justnorris","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustnorris\u002F","\u003Cp>Instead of reloading the full page every time a user navigates your site, enable Turbolinks! Turbolinks will reload only the necessary parts of the site and even pull in additional JavaScipt and CSS.\u003C\u002Fp>\n\u003Cp>The concept of Turbolinks has been around for a very long time, but it has never been so easy to implement as it is today! Just install the plugin – and that’s it – you\\’re done!\u003C\u002Fp>\n\u003Cp>Because this plugin is going to prevent full page reloads, you may experience some compatibility issues with other themes or plugins. After installing the plugin, \u003Cstrong>I highly recommend that you test your site thoroughly\u003C\u002Fstrong> and make sure if everything works.\u003C\u002Fp>\n\u003Cp>If something is broken – you’ll probably have to fix it on your own, most probably with JavaScript. Have a look at the Turbolinks project documentation for more info: https:\u002F\u002Fgithub.com\u002Fturbolinks\u002Fturbolinks\u003C\u002Fp>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cp>The absolutely first release.\u003C\u002Fp>\n","Easily speed up your site by making all your links into Turbolinks.",50,4400,4,"2017-05-23T09:46:00.000Z","4.7.32","4.6",[18,66,67,68,52],"cache","pjax","speed","https:\u002F\u002Fjustnorris.com\u002Fturbolinks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturbolinks.1.0.0.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":13,"num_ratings":13,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":14,"tags":84,"homepage":87,"download_link":88,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":50},"wp-multicollinks","WP-MulticolLinks","1.0.2","mg12","https:\u002F\u002Fprofiles.wordpress.org\u002Fmg12\u002F","\u003Cp>Show the links with multiple columns layout in the sidebar.\u003Cbr \u002F>\nYou can limit the number of links, switch it between one-column and multiple-column layouts in the sidebar. and you can sort the links or random, use the ‘Show all’ button.\u003C\u002Fp>\n\u003Cp>在侧边栏显示以多栏的布局显示友情链接。\u003Cbr \u002F>\n你可以限制显示链接的数量，在单栏和多栏之间随意切换。并且可以对链接进行排序或随机排列。还可以使用“显示全部”的按钮。\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Languages:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>US English (default)\u003C\u002Fli>\n\u003Cli>简体中文\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Demo:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.neoease.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.neoease.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Show the links in multiple columns.",20,12851,"2009-01-08T16:44:00.000Z","2.7","2.2",[18,21,85,86],"sidebar","widget","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-multicollinks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-multicollinks.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":82,"requires_at_least":98,"requires_php":14,"tags":99,"homepage":103,"download_link":104,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"accesible-blank","Accesible _blank","1.1","ceslava","https:\u002F\u002Fprofiles.wordpress.org\u002Fceslava\u002F","\u003Cp>English:\u003C\u002Fp>\n\u003Cp>See a live demo at the official webpage | Demo y página oficial:\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fceslava.com\u002Fblog\u002Fplugins-wordpress\u002Faccesible-_blank\u002F\" title=\"Accesible _blank plugin page\" rel=\"nofollow ugc\">ceslava.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin searches the text for links outside of the domain of the blog and open them in a new window but in a accesible way. It adds the attribute rel=”external” and by javascript those external links are open in a new window.\u003C\u002Fp>\n\u003Cp>It stands for Web Content Accessibility Guidelines.\u003C\u002Fp>\n\u003Cp>Spanish:\u003C\u002Fp>\n\u003Cp>Demo y página oficial:\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fceslava.com\u002Fblog\u002Fplugins-wordpress\u002Faccesible-_blank\u002F\" title=\"Accesible _blank plugin page\" rel=\"nofollow ugc\">ceslava.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Está basado en el plugin para WordPress de Javi Moya External Links New Window que añade la funcionalidad de poder abrir enlaces externos en una nueva ventana. El problema es que no era accesible, ya que el atributo _blank no cumple los estándares W3C.\u003C\u002Fp>\n\u003Cp>Accesible _blank busca todos los enlaces fuera de tu dominio y les añade rel=”external”. Todos los enlaces que tengan el atributo external se abrirán en una nueva ventana. Es accesible porque el atributo _blank (deprecated) se añade por javascript y no en el XHTML.\u003C\u002Fp>\n\u003Cp>Para avisar a los usuarios se añade el atributo title a los enlaces externos con el texto “(se abre en nueva ventana)”, si title ya tiene contenido se añade a él.\u003C\u002Fp>\n\u003Cp>Cumple las Pautas de Accesibilidad al Contenido en la Web (WCAG).\u003C\u002Fp>\n","Open links in a new window but in a accesible way. Abre enlaces en una nueva ventana cumpliendo los estándares de accesibilidad.",3469,"1.5",[100,19,21,101,102],"accesible","seo","target","http:\u002F\u002Fceslava.com\u002Fblog\u002Fplugins-wordpress\u002Faccesible-_blank\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faccesible-blank.zip",{"slug":106,"name":107,"version":74,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":63,"requires_at_least":82,"requires_php":14,"tags":113,"homepage":14,"download_link":117,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":50},"brandreward","Brandreward","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandreward\u002F","\u003Cp>Brandreward offers you a quick and effortless way to partner with and earn commissions from over 30,000 global brands that you actually know and love. Connect to our powerful brand connection & tracking system with this simple plugin and discover just how easy it really is to earn from your content.\u003C\u002Fp>\n","Making money from blogging.",2148,"2017-01-18T05:51:00.000Z",[114,19,21,115,116],"affiliate","marketing","monetization","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbrandreward.1.0.2.zip",{"attackSurface":119,"codeSignals":141,"taintFlows":160,"riskAssessment":161,"analyzedAt":171},{"hooks":120,"ajaxHandlers":137,"restRoutes":138,"shortcodes":139,"cronEvents":140,"entryPointCount":13,"unprotectedCount":13},[121,127,131,134],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","wp_head","auto_tooltip","plugin.php",17,{"type":122,"name":128,"callback":129,"file":125,"line":130},"admin_menu","auto_tooltip_create_menu",22,{"type":122,"name":132,"callback":133,"file":125,"line":31},"admin_init","auto_tooltip_register_mysettings",{"type":122,"name":123,"callback":135,"file":125,"line":136},"addHeaderCode",32,[],[],[],[],{"dangerousFunctions":142,"sqlUsage":143,"outputEscaping":145,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":159},[],{"prepared":13,"raw":13,"locations":144},[],{"escaped":13,"rawEcho":146,"locations":147},5,[148,151,153,155,157],{"file":125,"line":149,"context":150},13,"raw output",{"file":125,"line":152,"context":150},39,{"file":125,"line":154,"context":150},64,{"file":125,"line":156,"context":150},104,{"file":125,"line":158,"context":150},108,[],[],{"summary":162,"deductions":163},"The \"auto-tooltip\" v3.1 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of AJAX handlers, REST API routes, shortcodes, cron events, and file operations significantly limits its attack surface.  Furthermore, the code signals indicate a lack of dangerous functions and all SQL queries utilize prepared statements, which are excellent security practices. The plugin also avoids external HTTP requests, which can be a common vector for attacks.\n\nHowever, a significant concern arises from the output escaping analysis, where 100% of the outputs are not properly escaped. This represents a critical vulnerability where untrusted data could be rendered directly to the user's browser, potentially leading to cross-site scripting (XSS) attacks.  The lack of nonce checks and capability checks, while not directly exploitable due to the absence of entry points, indicates a potential for future vulnerabilities if new entry points are introduced without proper security measures.\n\nThe vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, the lack of historical vulnerabilities coupled with the identified output escaping issue could indicate that the plugin hasn't been rigorously tested for certain types of vulnerabilities, or that the current code structure, while limited in its attack surface, has overlooked fundamental output sanitization practices.",[164,167,169],{"reason":165,"points":166},"All outputs are unescaped",8,{"reason":168,"points":146},"No nonce checks implemented",{"reason":170,"points":146},"No capability checks implemented","2026-03-16T23:12:00.773Z",{"wat":173,"direct":180},{"assetPaths":174,"generatorPatterns":176,"scriptPaths":177,"versionParams":179},[175],"\u002Fwp-content\u002Fplugins\u002Fauto-tooltip\u002Ftooltip.js",[],[178],"https:\u002F\u002Fajax.googleapis.com\u002Fajax\u002Flibs\u002Fjquery\u002F1.4.2\u002Fjquery.min.js",[],{"cssClasses":181,"htmlComments":183,"htmlAttributes":186,"restEndpoints":187,"jsGlobals":188,"shortcodeOutput":189},[182],"comment-author-",[184,185],"\u003C!-- Start auto tooltip -->","\u003C!-- Stop auto_tooltip -->",[],[],[],[]]