[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flZmAzpuSOsmBlpwc-TDwTNTLUQbWlZX5pSy-DFjDFAk":3,"$fu5_iKlEU6iIDdRbTVWXYHd9wEKRcSsdNX1a--89GZSQ":194,"$fYHbvjL3qptobXl2QRigpQJ53xFO58iaAfPc9F7Ph8bY":199},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":129,"fingerprints":168},"bangla-comment","Bangla Comment","1.0","marium.akter","https:\u002F\u002Fprofiles.wordpress.org\u002Fmariumakter\u002F","\u003Cp>Bangla Typing Scripts for wordpress. This Java Script based add-ons will let your visitors type in Bangla without using any 3rd party tool or keyboard manager along with in your “new post page” you will get option to write post in bangla. These add-ons are very flexible and easy to install to any site and 100% workable with Mozilla FireFox (1.0 or higher), Apple Safari, Microsoft Internet Explorer (5 or higher) and any Gecko engine based web browser.\u003C\u002Fp>\n\u003Cp>Supported Layout: Phonetic, Probhat\u003C\u002Fp>\n","Bangla Typing Scripts for wordpress. This Java Script based add-ons will let your visitors type in Bangla without using any 3rd party tool or keyboard …",10,1760,0,"2015-06-19T15:25:00.000Z","4.1.42","2.9","",[19,20,21],"bangla","comment","keyboard","http:\u002F\u002Fmariumakter.site40.net\u002Fplugins\u002Fbangla-comment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbangla-comment.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mariumakter",1,30,84,"2026-05-20T08:42:36.278Z",[36,51,68,85,103],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":10,"active_installs":11,"downloaded":43,"rating":44,"num_ratings":31,"last_updated":45,"tested_up_to":15,"requires_at_least":39,"requires_php":17,"tags":46,"homepage":49,"download_link":50,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"banglkb","BanglKB","3.3","lavluda","https:\u002F\u002Fprofiles.wordpress.org\u002Flavluda\u002F","\u003Cp>Bangla Typing Scripts for wordpress. This Java Script based add-ons will let your visitors type in Bangla without using any 3rd party tool or keyboard manager along with in your “new post page” you will get option to write post in bangla. These add-ons are very flexible and easy to install to any site and 100% workable with Mozilla FireFox (1.0 or higher), Apple Safari, Microsoft Internet Explorer (5 or higher) and any Gecko engine based web browser.\u003C\u002Fp>\n\u003Cp>for live example: visit http:\u002F\u002Fwww.lavluda.com\u003C\u002Fp>\n\u003Cp>Supported Layout: Phonetic, Probhat\u003C\u002Fp>\n",11647,100,"2015-04-10T10:43:00.000Z",[19,47,20,21,48],"bengali","phonetic","http:\u002F\u002Fekushey.org\u002F?page\u002Fweb_input_manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbanglkb.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":11,"downloaded":59,"rating":13,"num_ratings":13,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":17,"tags":63,"homepage":65,"download_link":66,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":67},"virtual-bangla-keyboard","Virtual Bangla Keyboard","0.5","arifnezami","https:\u002F\u002Fprofiles.wordpress.org\u002Farifnezami\u002F","\u003Cp>This plugin will add a Virtual Bangla Keyboard in your post’s comment form. It will help comment writers to write comments in bangla. The Virtual Keyboard layout is developed by Sabuj Kundu of Amader Projukti. Some java script code is used from Hasin Hayder’s phonetic parser script to insert character at the cursor’s current position. And finally customized and gets WP plugin’s shape by Arif Nezami.\u003C\u002Fp>\n","This Plugin will add a Virtual bangla Keyboard in post's comment form.",5809,"2010-02-08T17:55:00.000Z","2.9.2","2.0.2",[19,47,64,21],"comments","http:\u002F\u002Fwww.wpart.tk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirtual-bangla-keyboard.0.5.zip","2026-03-15T15:16:48.613Z",{"slug":69,"name":70,"version":71,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":11,"downloaded":76,"rating":44,"num_ratings":31,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":17,"tags":80,"homepage":17,"download_link":84,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"loderi-virtual-keayboard","Loderi Virtual Keyboard","1.2","jj1981ua","https:\u002F\u002Fprofiles.wordpress.org\u002Fjj1981ua\u002F","\u003Cp>If your site visitors type in it’s national language and there is even a small chance that your visitors do not have the\u003Cbr \u002F>\nrequired keyboard layout – use this plugin to integrate virtual keyboard from Loderi.com. When using our keyboards your\u003Cbr \u002F>\nvisitors can type everything they need for your website or blog.\u003C\u002Fp>\n\u003Cp>230 layouts in all languages of the world: Akan, Albanian, Arabic, Armenian, Azeri (Azərbaycan), Bambara, Bemba, Bengali, Blackfoot, Bosnian, Bulgarian, Chechen, Cherokee, Chichewa, Chinese, Croatian, Czech, Danish, Dari, Devanagari, Dinka, Divehi, Duala, Dutch (Nederlands), Dzongkha, English, Estonian, Ethiopic, Ewondo, Faeroese, Farsi-Persian, Finnish (suomi), French, Fulfulde, Ga, Gaelic, Gbe (British), Georgian, German, Greek, Gujarati, Hausa, Hebrew, Hindi, Hungarian, Icelandic, Igbo (Ndị Igbọ), Irish (Gaeilge), Italian, Japanese, Kannada, Kazakh, Khmer, Kikuyu, Kirundi, Korean, Krio, Kru, Kurdish, Kyrgyz, Lakhota, Lao, Latvian, Lingala, Lithuanian, Luganda, Luo, Luxembourgish, Macedonian, Malayalam, Maltese, Mande, Maori, Marathi, Mongolian, Multilingual, Nepali, Norwegian, Oromo, Pashto, Polish, Portuguese, Romanian, Russian, Sanskrit, Serbian, seSotho, Shona, Slovak, Slovenian, Somali, Spanish, Swahili, Swedish, Syriac, Tagalog, Tajik, Tamil, Tatar, Telugu, Thai, Tswana, Turkish, Turkmen, Uighur, Ukrainian, Urdu, Uzbek, Vietnamese, Wolof, Xhosa, Yoruba, Zulu.\u003C\u002Fp>\n","If your site visitors type in it's national language and there is even a small chance that your visitors do not have the",3749,"2015-08-21T23:08:00.000Z","4.2.39","3.0.1",[64,81,21,82,83],"input","unicode","virtual","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floderi-virtual-keayboard.1.3.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":94,"requires_at_least":95,"requires_php":17,"tags":96,"homepage":100,"download_link":101,"security_score":44,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":102},"multilang-comment","Multilang Comment","1.1","bharat dangar","https:\u002F\u002Fprofiles.wordpress.org\u002Fbharat-dangar\u002F","\u003Cp>Plugin add feature for allow users for comments in multilanguage,like Hindi,English.\u003C\u002Fp>\n\u003Cp>User able to comment in Hindi and English using google indic keyboard.\u003C\u002Fp>\n","Plugin add feature for allow users for comments in multilanguage,like Hindi,English.",1520,"4.7.32","4.1",[20,97,98,99],"google-indic-keyboard","language","multi-language","https:\u002F\u002Fplus.google.com\u002F+BharatDangarphpdeveloper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultilang-comment.1.1.zip","2026-03-15T10:48:56.248Z",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":26},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,387141886,94,1176,"2025-11-12T16:31:00.000Z","6.9.4","5.8","7.2",[120,121,64,122,123],"anti-spam","antispam","contact-form","spam","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,2,"2015-10-13 00:00:00",{"attackSurface":130,"codeSignals":150,"taintFlows":160,"riskAssessment":161,"analyzedAt":167},{"hooks":131,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":13,"unprotectedCount":13},[132,137,141],{"type":133,"name":134,"callback":135,"file":136,"line":11},"action","init","wp_banglakb_loadjs","bangla.php",{"type":133,"name":138,"callback":139,"file":136,"line":140},"admin_footer","wp_banglakb",21,{"type":142,"name":143,"callback":144,"file":136,"line":145},"filter","comment_form","wp_banglakb_comments",28,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":159},[],{"prepared":13,"raw":13,"locations":153},[],{"escaped":13,"rawEcho":31,"locations":155},[156],{"file":136,"line":157,"context":158},37,"raw output",[],[],{"summary":162,"deductions":163},"Based on the provided static analysis, the \"bangla-comment\" v1.0 plugin exhibits a generally strong security posture in terms of its attack surface and fundamental coding practices. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events, particularly those unprotected by authentication or permission checks, significantly reduces the potential avenues for external exploitation. Furthermore, the complete utilization of prepared statements for SQL queries is a positive sign, mitigating the risk of SQL injection vulnerabilities.  The lack of known CVEs and a clean vulnerability history further reinforces this impression of a secure plugin.\n\nHowever, a critical concern arises from the output escaping analysis. With 100% of outputs not being properly escaped, this plugin presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is rendered on the front-end or back-end without proper escaping could be manipulated to execute malicious JavaScript. This is a significant weakness that overshadows the otherwise robust security measures in place. While the plugin has avoided common pitfalls and has a clean historical record, the unescaped output represents a tangible and present danger to the security of any WordPress site using it.",[164],{"reason":165,"points":166},"All outputs are unescaped",8,"2026-04-16T12:58:44.852Z",{"wat":169,"direct":178},{"assetPaths":170,"generatorPatterns":175,"scriptPaths":176,"versionParams":177},[171,172,173,174],"\u002Fwp-content\u002Fplugins\u002Fbangla-comment\u002Fjs\u002Fengine.js","\u002Fwp-content\u002Fplugins\u002Fbangla-comment\u002Fjs\u002Fdriver.phonetic.js","\u002Fwp-content\u002Fplugins\u002Fbangla-comment\u002Fjs\u002Fdriver.probhat.js","\u002Fwp-content\u002Fplugins\u002Fbangla-comment\u002Fjs\u002Fbanglakb.js",[],[171,172,173,174],[],{"cssClasses":179,"htmlComments":181,"htmlAttributes":182,"restEndpoints":186,"jsGlobals":187,"shortcodeOutput":192},[180],"comment-form-comment",[],[183,184,185],"onclick=\"banglakb_public_comment(phonetic);\"","onclick=\"banglakb_public_comment(probhat);\"","onclick='banglakb_toggle();'",[],[188,189,190,48,191],"banglakb_addpostbuttons","banglakb_public_comment","banglakb_toggle","probhat",[193],"\u003Cp class=\"comment-form-comment\">\u003Cinput type='button' value='phonetic' onclick=\"banglakb_public_comment(phonetic);\">\u003C\u002Finput>\n    \u003Cinput type='button' value='probhat' onclick=\"banglakb_public_comment(probhat);\">\u003C\u002Finput>\n    \u003Cinput type='button' value='english' onclick='banglakb_toggle();'>\u003C\u002Finput>\n    \u003C\u002Fp>",{"error":195,"url":196,"statusCode":197,"statusMessage":198,"message":198},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbangla-comment\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":200},[]]