[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyadr7rfTzVFrMhPVqyevGhxtDp4_JzgLdlecMfF00_E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":135,"fingerprints":390},"awesome-emoji-reactions","Awesome Emoji Reactions","1.0","peakplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeakplugins\u002F","\u003Cp>Awesome Emoji Reactions allows visitors to react to your content with emojis, making site interaction more engaging and fun. Perfect for blogs, news sites, and any content that benefits from quick emotional feedback.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable set of emoji reactions\u003C\u002Fli>\n\u003Cli>Guest reactions support\u003C\u002Fli>\n\u003Cli>Built-in caching for performance\u003C\u002Fli>\n\u003Cli>Gutenberg block integration\u003C\u002Fli>\n\u003Cli>Responsive design\u003C\u002Fli>\n\u003Cli>Clean and intuitive admin interface\u003C\u002Fli>\n\u003Cli>AJAX-powered reactions\u003C\u002Fli>\n\u003Cli>No page reload required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customization Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose available emojis\u003C\u002Fli>\n\u003Cli>Customize appearance\u003C\u002Fli>\n\u003Cli>Manage guest access\u003C\u002Fli>\n\u003Cli>Color schemes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Well-documented code\u003C\u002Fli>\n\u003Cli>Hooks and filters\u003C\u002Fli>\n\u003Cli>Custom templates support\u003C\u002Fli>\n\u003Cli>Cache integration\u003C\u002Fli>\n\u003Cli>Security best practices\u003C\u002Fli>\n\u003C\u002Ful>\n","Add emoji reactions to your WordPress posts to increase user engagement and get instant feedback from your audience.",10,573,0,"2025-01-15T11:31:00.000Z","6.7.5","6.0","7.4",[19,20,21,22,23],"emoji","emoji-feedback","post-reactions","reactions","social","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawesome-emoji-reactions.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,88,"2026-04-04T04:40:58.538Z",[36,54,78,93,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":41,"download_link":53,"security_score":44,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"instant-emoji-reactions","Instant Emoji Reactions","1.0.2","Usama Khalid","https:\u002F\u002Fprofiles.wordpress.org\u002Fusamakhalid14\u002F","\u003Cp>Add emoji reactions to posts and custom post types, allowing both logged-in and guest users to express their feelings. This plugin enables users to engage with your content using fun and expressive emojis such as Agree, Disagree, Angry, Love, and Laugh. Reactions are stored for each post, providing valuable feedback and interaction metrics. Perfect for blogs, forums, and community-driven websites!\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL-2.0+ License. You can freely use, modify, and distribute it under the terms of this license. See the full license at: https:\u002F\u002Fopensource.org\u002Flicenses\u002FGPL-2.0\u003C\u002Fp>\n","Add emoji reactions to posts and custom post types on your WordPress site, enabling both logged-in and guest users to express their feelings.",100,1428,"2025-12-15T06:44:00.000Z","6.9.4","5.0",[50,20,51,21,52],"ajax-reactions","emoji-reactions","reaction-buttons","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstant-emoji-reactions.1.0.2.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":33,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":31,"unpatched_count":13,"last_vuln_date":77,"fetched_at":28},"booster-extension","Booster Extension","1.2.2","themeinwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeinwp\u002F","\u003Cp>Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official WordPress repository that promises to provide the features that we offer, however if you install them all, there’s inconsistency in their backend and frontend styles and possible plugin conflicts. That’s why we’ve created Booster Extension, adding all the essentials components for every WordPress blog or magazine.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Social share with share count\u003C\u002Fstrong>\u003Cbr \u002F>\nSharing buttons increase traffic and engagement by helping readers share your posts and pages to their friends on social media. Booster Extension enables your website users to share the content over Facebook, Twitter, LinkedIn, Pinterest and Email. This is the Simplest and Smoothest Social Sharing plugin with an awesome visual appearance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Calculate and Display Read Time\u003C\u002Fstrong>\u003Cbr \u002F>\nDo you want to display estimated post reading time in your WordPress blog posts? Booster Extension let’s you easily add an estimated reading time to your WordPress posts. An estimated reading time encourages users to read a blog post instead of clicking away.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reaction Buttons and Feedback Emoji\u003C\u002Fstrong>\u003Cbr \u002F>\nBooster Extension helps you to collect user feedback using the most spoken language in the world: the emoji. Increase your audience engagement in a fun way for your users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Author Box with Social Profiles\u003C\u002Fstrong>\u003Cbr \u002F>\nBooster Extension adds a responsive author box at the end of your posts, showing the author name, author gravatar and author description. It also adds over 30 social profile fields on WordPress user profile screen, allowing to display the author social icons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like\u002FDislike Post\u003C\u002Fstrong>\u003Cbr \u002F>\nBooster Extension increases the interaction with the WordPress post by enabling likes and dislikes buttons along with the count. You can choose either Thumbs Up\u002FThumbs Down or Smiley\u002FFrown.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>License: GPLv2\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official Wor &hellip;",8000,182275,7,"2024-04-26T04:40:00.000Z","6.5.8","4.5","5.5",[70,21,71,72,73],"post-like-and-dislike","read-time","share-count","social-share","https:\u002F\u002Fwww.themeinwp.com\u002Fbooster-extension\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbooster-extension.1.2.2.zip",91,"2024-04-29 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":13,"num_ratings":13,"last_updated":87,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":88,"homepage":91,"download_link":92,"security_score":44,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"emojis-for-posts-and-pages","Emojis for Posts and Pages","1.1.1","Gunjan Jaswal","https:\u002F\u002Fprofiles.wordpress.org\u002Fgunjanjaswal\u002F","\u003Cp>Emojis for Posts and Pages allows your visitors to react to your content with colorful emoji reactions, similar to Facebook’s reaction system. This plugin adds a simple and intuitive reaction system to your posts, pages, or any custom post type.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add emoji reactions to posts, pages, or any custom post type\u003C\u002Fli>\n\u003Cli>Choose from a variety of colorful emoji reactions\u003C\u002Fli>\n\u003Cli>Track reaction counts and statistics\u003C\u002Fli>\n\u003Cli>Display reactions after content or as a floating element\u003C\u002Fli>\n\u003Cli>One reaction per IP address to prevent spam\u003C\u002Fli>\n\u003Cli>Mobile-friendly and responsive design\u003C\u002Fli>\n\u003Cli>Uses Google’s Noto Color Emoji font for consistent cross-platform display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visitors can click on an emoji to react to your content\u003C\u002Fli>\n\u003Cli>Each visitor can only react once per post (based on IP address)\u003C\u002Fli>\n\u003Cli>Visitors can change their reaction by clicking on a different emoji\u003C\u002Fli>\n\u003Cli>Reaction counts are displayed in real-time\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Increase engagement on your blog posts\u003C\u002Fli>\n\u003Cli>Get quick feedback on your content\u003C\u002Fli>\n\u003Cli>Add a fun interactive element to your website\u003C\u002Fli>\n\u003Cli>Understand which content resonates with your audience\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or share any data with external services.\u003C\u002Fp>\n\u003Cp>The following information is stored in your WordPress database:\u003Cbr \u002F>\n* IP addresses of users who react to posts (for preventing multiple reactions from the same user)\u003Cbr \u002F>\n* User IDs of logged-in users who react to posts\u003Cbr \u002F>\n* Reaction choices made by users\u003C\u002Fp>\n\u003Cp>This data is stored solely on your server and is not transmitted elsewhere.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin collects IP addresses to prevent multiple reactions from the same visitor. IP addresses are stored in your WordPress database and are not shared with any third parties.\u003C\u002Fp>\n\u003Cp>If a user is logged in, their user ID is also stored along with their reaction. This allows their reaction to persist across different devices.\u003C\u002Fp>\n\u003Cp>No personal information is collected or shared with external services.\u003C\u002Fp>\n","Add colorful emoji reactions to your WordPress posts and pages, similar to Facebook reactions.",346,"2025-12-05T09:36:00.000Z",[89,19,90,22,23],"comments","feedback","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femojis-for-posts-and-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femojis-for-posts-and-pages.1.1.1.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":111,"download_link":112,"security_score":113,"vuln_count":31,"unpatched_count":13,"last_vuln_date":114,"fetched_at":28},"da-reactions","Da Reactions","5.3.4","Daniele Alessandra","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielealessandra\u002F","\u003Cp>This plugin creates some reaction buttons that could be added to content and comments too.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>With this plugin you can:\u003Cbr \u002F>\n* Add reactions to \u003Cstrong>posts\u003C\u002Fstrong>, \u003Cstrong>pages\u003C\u002Fstrong> and \u003Cstrong>attachments\u003C\u002Fstrong>!\u003Cbr \u002F>\n* Add reactions to \u003Cstrong>comments\u003C\u002Fstrong>.\u003Cbr \u002F>\n* Add reactions to \u003Cstrong>single views\u003C\u002Fstrong> and \u003Cstrong>archives\u003C\u002Fstrong>.\u003Cbr \u002F>\n* Add Reactions to \u003Cstrong>topics\u003C\u002Fstrong> and \u003Cstrong>replies\u003C\u002Fstrong> in \u003Cstrong>BBPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cp>Highly customizable:\u003Cbr \u002F>\n* You can choose between 250 \u003Cstrong>included royalty free icons\u003C\u002Fstrong>.\u003Cbr \u002F>\n* You can customize \u003Cstrong>size and color\u003C\u002Fstrong> of every icon.\u003Cbr \u002F>\n* You can \u003Cem>sort\u003C\u002Fem>, \u003Cem>add\u003C\u002Fem>, \u003Cem>remove\u003C\u002Fem> and \u003Cem>edit\u003C\u002Fem> every single reaction.\u003Cbr \u002F>\n* Drag’n drop to order reactions globally.\u003Cbr \u002F>\n* Icon collection to choose your favourite reaction icons.\u003Cbr \u002F>\n* Color picker to customize every icon.\u003Cbr \u002F>\n* Choose your favourite blur effect between Blur, Desaturate ot Opacity.\u003Cbr \u002F>\n* Customize icons choosing effect amount percentage.\u003C\u002Fp>\n\u003Ch4>Widgets\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display most voted contents choosing one or all reactions.\u003C\u002Fli>\n\u003Cli>Display most voted comments choosing one or all reactions.\u003C\u002Fli>\n\u003Cli>Display most voted reaction near content title in widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with localization\u003C\u002Fli>\n\u003Cli>.pot file included\u003C\u002Fli>\n\u003Cli>WPML Ready\u003C\u002Fli>\n\u003Cli>Included sample .po and .mo files (italian translation)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add Reactions to \u003Cstrong>custom post types\u003C\u002Fstrong>, \u003Cstrong>WooCommerce Products\u003C\u002Fstrong> and \u003Cstrong>BuddyPress’ Activities, Groups and Profiles\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Enable or disable reactions for \u003Cstrong>registered user\u003C\u002Fstrong>, \u003Cstrong>unregistered\u003C\u002Fstrong> only, or even for specific user roles!\u003C\u002Fli>\n\u003Cli>Upload your own images to fully customize your visitors experience.\u003C\u002Fli>\n\u003Cli>Gutenberg block to add reactions everywhere into your contents.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin creates some reaction buttons that could be added to content and comments.",400,26351,96,16,"2025-07-07T23:05:00.000Z","6.8.5","6.7",[109,110,22,23],"engagement","interaction","https:\u002F\u002Fwww.da-reactions-plugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fda-reactions.5.3.4.zip",99,"2024-10-14 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":101,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":67,"requires_php":24,"tags":128,"homepage":132,"download_link":133,"security_score":134,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"react-and-share","React & Share – Customizable Reaction Buttons","3.6.1","Dekko","https:\u002F\u002Fprofiles.wordpress.org\u002Fdekkoteam\u002F","\u003Cp>This plugin enables WordPress users to integrate React & Share tools on their site easily.\u003Cbr \u002F>\nGet feedback with customizable reaction buttons that allow your readers to give feedback with one anonymous click — trusted by communications teams in companies and government sector.\u003C\u002Fp>\n","Get feedback and see what your readers think about your articles.",50649,68,13,"2023-01-13T14:06:00.000Z","6.1.10",[52,22,129,130,131],"share","share-buttons","social-media","http:\u002F\u002Freactandshare.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freact-and-share.3.6.1.zip",85,{"attackSurface":136,"codeSignals":233,"taintFlows":248,"riskAssessment":380,"analyzedAt":389},{"hooks":137,"ajaxHandlers":192,"restRoutes":217,"shortcodes":225,"cronEvents":230,"entryPointCount":231,"unprotectedCount":232},[138,144,148,152,156,159,161,162,165,168,170,175,179,182,185,188,190],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_enqueue_scripts","enqueue_admin_scripts","includes\\class-aer-admin.php",27,{"type":145,"name":146,"callback":147,"priority":11,"file":142,"line":32},"filter","wp_unslash_post_data","prevent_emoji_slashes",{"type":145,"name":149,"callback":150,"priority":11,"file":142,"line":151},"pre_update_option_aerppk_options","prevent_double_encoding",33,{"type":139,"name":153,"callback":154,"file":155,"line":32},"admin_menu","anonymous","includes\\class-aer-loader.php",{"type":139,"name":157,"callback":154,"file":155,"line":158},"admin_init",31,{"type":139,"name":140,"callback":154,"file":155,"line":160},32,{"type":139,"name":140,"callback":154,"file":155,"line":151},{"type":139,"name":163,"callback":154,"file":155,"line":164},"init",36,{"type":139,"name":166,"callback":154,"file":155,"line":167},"wp_enqueue_scripts",41,{"type":139,"name":166,"callback":154,"file":155,"line":169},42,{"type":139,"name":171,"callback":172,"priority":31,"file":173,"line":174},"plugins_loaded","closure","includes\\class-aer-reactions.php",43,{"type":145,"name":176,"callback":177,"file":173,"line":178},"auth_redirect_scheme","__return_false",51,{"type":145,"name":180,"callback":172,"file":173,"line":181},"user_has_cap",52,{"type":145,"name":183,"callback":177,"file":173,"line":184},"ajax_auth_required_for_add_reaction",65,{"type":139,"name":186,"callback":172,"file":173,"line":187},"rest_api_init",74,{"type":145,"name":176,"callback":177,"file":173,"line":189},89,{"type":145,"name":191,"callback":177,"file":173,"line":113},"nonce_user_logged_out",[193,198,201,203,206,208,211,213,215],{"action":194,"nopriv":195,"callback":194,"hasNonce":196,"hasCapCheck":196,"file":142,"line":197},"save_aerppk_options",false,true,24,{"action":199,"nopriv":195,"callback":154,"hasNonce":195,"hasCapCheck":195,"file":155,"line":200},"add_reaction",45,{"action":199,"nopriv":196,"callback":154,"hasNonce":195,"hasCapCheck":195,"file":155,"line":202},46,{"action":204,"nopriv":195,"callback":154,"hasNonce":195,"hasCapCheck":195,"file":155,"line":205},"remove_reaction",47,{"action":204,"nopriv":196,"callback":154,"hasNonce":195,"hasCapCheck":195,"file":155,"line":207},48,{"action":199,"nopriv":195,"callback":209,"hasNonce":196,"hasCapCheck":195,"file":173,"line":210},"handle_add_reaction",61,{"action":199,"nopriv":196,"callback":209,"hasNonce":196,"hasCapCheck":195,"file":173,"line":212},62,{"action":199,"nopriv":195,"callback":209,"hasNonce":196,"hasCapCheck":195,"file":173,"line":214},94,{"action":199,"nopriv":196,"callback":209,"hasNonce":196,"hasCapCheck":195,"file":173,"line":216},95,[218],{"namespace":219,"route":220,"methods":221,"callback":223,"permissionCallback":172,"file":173,"line":224},"aer\u002Fv1","\u002Freaction",[222],"POST","handle_guest_reaction",75,[226],{"tag":227,"callback":228,"file":155,"line":229},"aerppk_emoji_reactions","render_reactions",53,[],11,4,{"dangerousFunctions":234,"sqlUsage":235,"outputEscaping":237,"fileOperations":13,"externalRequests":13,"nonceChecks":246,"capabilityChecks":239,"bundledLibraries":247},[],{"prepared":104,"raw":13,"locations":236},[],{"escaped":238,"rawEcho":239,"locations":240},54,2,[241,244],{"file":142,"line":242,"context":243},181,"raw output",{"file":142,"line":245,"context":243},213,6,[],[249,298,315,325],{"entryPoint":250,"graph":251,"unsanitizedCount":13,"severity":297},"handle_add_reaction (includes\\class-aer-reactions.php:205)",{"nodes":252,"edges":290},[253,258,262,268,271,274,279,282,285],{"id":254,"type":255,"label":256,"file":173,"line":257},"n0","source","$_POST",240,{"id":259,"type":260,"label":261,"file":173,"line":257},"n1","transform","→ get_reaction()",{"id":263,"type":264,"label":265,"file":266,"line":143,"wp_function":267},"n2","sink","get_row() [SQLi]","includes\\trait-aer-db-operations.php","get_row",{"id":269,"type":255,"label":256,"file":173,"line":270},"n3",256,{"id":272,"type":260,"label":273,"file":173,"line":270},"n4","→ get_reactions_for_post()",{"id":275,"type":264,"label":276,"file":266,"line":277,"wp_function":278},"n5","get_results() [SQLi]",115,"get_results",{"id":280,"type":255,"label":256,"file":173,"line":281},"n6",257,{"id":283,"type":260,"label":284,"file":173,"line":281},"n7","→ get_user_reactions()",{"id":286,"type":264,"label":287,"file":266,"line":288,"wp_function":289},"n8","get_col() [SQLi]",150,"get_col",[291,292,293,294,295,296],{"from":254,"to":259,"sanitized":195},{"from":259,"to":263,"sanitized":196},{"from":269,"to":272,"sanitized":195},{"from":272,"to":275,"sanitized":196},{"from":280,"to":283,"sanitized":195},{"from":283,"to":286,"sanitized":196},"low",{"entryPoint":299,"graph":300,"unsanitizedCount":13,"severity":297},"handle_remove_reaction (includes\\class-aer-reactions.php:261)",{"nodes":301,"edges":310},[302,304,305,306,308,309],{"id":254,"type":255,"label":256,"file":173,"line":303},287,{"id":259,"type":260,"label":273,"file":173,"line":303},{"id":263,"type":264,"label":276,"file":266,"line":277,"wp_function":278},{"id":269,"type":255,"label":256,"file":173,"line":307},288,{"id":272,"type":260,"label":284,"file":173,"line":307},{"id":275,"type":264,"label":287,"file":266,"line":288,"wp_function":289},[311,312,313,314],{"from":254,"to":259,"sanitized":195},{"from":259,"to":263,"sanitized":196},{"from":269,"to":272,"sanitized":195},{"from":272,"to":275,"sanitized":196},{"entryPoint":316,"graph":317,"unsanitizedCount":13,"severity":297},"\u003Ctrait-aer-db-operations> (includes\\trait-aer-db-operations.php:0)",{"nodes":318,"edges":323},[319,322],{"id":254,"type":255,"label":320,"file":266,"line":321},"$_SERVER",130,{"id":259,"type":264,"label":287,"file":266,"line":288,"wp_function":289},[324],{"from":254,"to":259,"sanitized":196},{"entryPoint":326,"graph":327,"unsanitizedCount":31,"severity":379},"\u003Cclass-aer-reactions> (includes\\class-aer-reactions.php:0)",{"nodes":328,"edges":367},[329,332,334,335,337,338,342,343,344,345,348,350,352,354,356,358,361,364],{"id":254,"type":255,"label":330,"file":173,"line":331},"$_POST (x2)",279,{"id":259,"type":264,"label":276,"file":173,"line":333,"wp_function":278},320,{"id":263,"type":255,"label":256,"file":173,"line":331},{"id":269,"type":264,"label":287,"file":173,"line":336,"wp_function":289},364,{"id":272,"type":255,"label":330,"file":173,"line":331},{"id":275,"type":264,"label":339,"file":173,"line":340,"wp_function":341},"get_var() [SQLi]",445,"get_var",{"id":280,"type":255,"label":330,"file":173,"line":257},{"id":283,"type":260,"label":261,"file":173,"line":257},{"id":286,"type":264,"label":265,"file":266,"line":143,"wp_function":267},{"id":346,"type":255,"label":347,"file":173,"line":270},"n9","$_POST (x3)",{"id":349,"type":260,"label":273,"file":173,"line":270},"n10",{"id":351,"type":264,"label":276,"file":266,"line":277,"wp_function":278},"n11",{"id":353,"type":255,"label":347,"file":173,"line":281},"n12",{"id":355,"type":260,"label":284,"file":173,"line":281},"n13",{"id":357,"type":264,"label":287,"file":266,"line":288,"wp_function":289},"n14",{"id":359,"type":255,"label":256,"file":173,"line":360},"n15",615,{"id":362,"type":260,"label":363,"file":173,"line":360},"n16","→ get_user_reaction()",{"id":365,"type":264,"label":339,"file":173,"line":366,"wp_function":341},"n17",538,[368,369,370,371,372,373,374,375,376,377,378],{"from":254,"to":259,"sanitized":196},{"from":263,"to":269,"sanitized":196},{"from":272,"to":275,"sanitized":196},{"from":280,"to":283,"sanitized":195},{"from":283,"to":286,"sanitized":196},{"from":346,"to":349,"sanitized":195},{"from":349,"to":351,"sanitized":196},{"from":353,"to":355,"sanitized":195},{"from":355,"to":357,"sanitized":196},{"from":359,"to":362,"sanitized":195},{"from":362,"to":365,"sanitized":195},"high",{"summary":381,"deductions":382},"The \"awesome-emoji-reactions\" plugin v1.0 demonstrates a mixed security posture. While it excels in using prepared statements for all SQL queries and properly escaping the vast majority of its output, several concerning areas warrant attention. The presence of four AJAX handlers without authentication checks creates a significant attack surface that could be exploited by unauthenticated users to trigger plugin functionality. Additionally, the taint analysis revealed one flow with an unsanitized path, identified as high severity. This suggests a potential avenue for attackers to manipulate data or control plugin behavior through unexpected input. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, this alone does not negate the risks identified in the static analysis. The overall conclusion is that while the plugin has strong foundational security practices like secure database interactions and output sanitization, the unprotected entry points and the identified high-severity taint flow represent concrete security risks that need to be addressed.",[383,386],{"reason":384,"points":385},"Unprotected AJAX handlers",8,{"reason":387,"points":388},"High severity taint flow with unsanitized path",12,"2026-03-16T23:52:49.890Z",{"wat":391,"direct":404},{"assetPaths":392,"generatorPatterns":397,"scriptPaths":398,"versionParams":399},[393,394,395,396],"\u002Fwp-content\u002Fplugins\u002Fawesome-emoji-reactions\u002Fassets\u002Fcss\u002Faerppk-admin.css","\u002Fwp-content\u002Fplugins\u002Fawesome-emoji-reactions\u002Fassets\u002Fjs\u002Faerppk-admin.js","\u002Fwp-content\u002Fplugins\u002Fawesome-emoji-reactions\u002Fassets\u002Fjs\u002Faerppk-frontend.js","\u002Fwp-content\u002Fplugins\u002Fawesome-emoji-reactions\u002Fassets\u002Fcss\u002Faerppk-frontend.css",[],[394,395],[400,401,402,403],"awesome-emoji-reactions\u002Fassets\u002Fcss\u002Faerppk-admin.css?ver=","awesome-emoji-reactions\u002Fassets\u002Fjs\u002Faerppk-admin.js?ver=","awesome-emoji-reactions\u002Fassets\u002Fjs\u002Faerppk-frontend.js?ver=","awesome-emoji-reactions\u002Fassets\u002Fcss\u002Faerppk-frontend.css?ver=",{"cssClasses":405,"htmlComments":415,"htmlAttributes":420,"restEndpoints":427,"jsGlobals":428,"shortcodeOutput":430},[406,407,408,409,410,411,412,413,414],"aerppk-emoji-settings","aerppk-selected-emojis-wrapper","aerppk-selected-emojis","aerppk-emoji-tag","emoji-content","aerppk-remove-emoji","aerppk-no-emojis","aerppk-emoji-actions","aerppk-status-message",[416,417,418,419],"\u003C!-- Current selected emojis -->","\u003C!-- Hidden field for storing values -->","\u003C!-- Add button -->","\u003C!-- Status message -->",[421,422,423,424,425,426],"data-emoji","id=\"selected-emojis-container\"","id=\"enabled-emojis\"","id=\"add-emoji\"","id=\"aerppk-status-message\"","id=\"background_color\"",[],[429],"aerppk_ajax_object",[]]