[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fde-XCBg0qqPx8NIomy79t50RzCUqpQ2HywPfyZavH_Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":141,"fingerprints":483},"blog-toplist","Blog Toplist","1.0.6","amaniaah","https:\u002F\u002Fprofiles.wordpress.org\u002Famaniaah\u002F","\u003Cp>\u003Cstrong>What is Blog Toplist?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Member of your website can add their web or blog to be listing at your blog with alexa, technorati and pagerank rangking.\u003C\u002Fp>\n\u003Cp>Automatic get title and descriptions for web\u002Fblog.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Current version.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>At this moment, only alexa ranking to be add for web\u002Fblog.\u003C\u002Fp>\n","Listing another blog site from your site with alexa,technorati and pagerank ranking.",10,3161,0,"2011-11-24T05:41:00.000Z","3.2.1","3.2","",[19,20,21,22,23],"alexa","blog","pagerank","technorati","toplist","http:\u002F\u002Fwww.iklan-promosi-percuma.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-toplist.1.0.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T16:28:35.897Z",[36,59,76,94,120],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":31,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"page-rank-stats-for-alexa-google","Page Rank Stats for Alexa Google","1.0","ximrx","https:\u002F\u002Fprofiles.wordpress.org\u002Fximrx\u002F","\u003Cp>Page Rank Stats for Alexa Google plugin lets you show real time Alexa rank or Google page rank of any website\u002Fwebpage in a widget. You can select a display style and set website for which you want to show statistics and live ranking will show where ever you will place the widget. If you are facing any trouble installing this plugin or you need any customization you can \u003Ca href=\"http:\u002F\u002Fheartytools.com\u002Fcontact\" rel=\"nofollow ugc\">contact\u003C\u002Fa> our web development team.\u003C\u002Fp>\n\u003Cp>Alexa’s traffic estimates and ranks are based on the browsing behavior of people in our global data panel which is a sample of all internet users.\u003C\u002Fp>\n\u003Cp>Alexa’s Traffic Ranks are based on the traffic data provided by users in Alexa’s global data panel over a rolling 3 month period. Traffic Ranks are updated daily. A site’s ranking is based on a combined measure of Unique Visitors and Pageviews. Unique Visitors are determined by the number of unique Alexa users who visit a site on a given day. Pageviews are the total number of Alexa user URL requests for a site. However, multiple requests for the same URL on the same day by the same user are counted as a single Pageview. The site with the highest combination of unique visitors and pageviews is ranked #1.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Widget provide options to show statistics of default website or you can show stats of any other website.\u003C\u002Fli>\n\u003Cli>Widget adapts to the site’s active theme.\u003C\u002Fli>\n\u003Cli>Widget provides different display styles to choose from.\u003C\u002Fli>\n\u003Cli>Plugin allows you to place multiple widgets anywhere on your website as supported by theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For more information\u003C\u002Fh4>\n\u003Cp>To find more about page ranks, Alexa statistics and about this plugin, visit \u003Ca href=\"https:\u002F\u002Fheartytools.com\u002Fpost\u002Falexa-and-google-page-rank-plugin-for-websites\u002F\" rel=\"nofollow ugc\">Alexa Rank WordPress Plugin\u003C\u002Fa> page. This plugin is developed by \u003Ca href=\"https:\u002F\u002Fheartytools.com\u002Fweb-developer\" rel=\"nofollow ugc\">Hearty Tools\u003C\u002Fa>\u003C\u002Fp>\n","Show Alexa Page Rank and\u002For Google PageRank of your website or any other webpage.",70,15406,100,"2022-03-15T07:38:00.000Z","5.9.13","3.0.1","5.4",[52,53,54,55,56],"alexa-page-rank","alexa-pagerank","google-page-rank","google-pagerank","web-statistics","https:\u002F\u002Fheartytools.com\u002Fguide\u002Falexa-and-google-page-rank-plugin-for-websites\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpage-rank-stats-for-alexa-google.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":68,"requires_at_least":69,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":75},"rankingbadge","RankingBadge","0.5","grobekelle","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrobekelle\u002F","\u003Cp>RankingBadge displays ranking information from major sources such as Google (PageRank), Alexa (Alexa traffic Rank) and Technorati in the sidebar of your blog.\u003C\u002Fp>\n\u003Cp>Check out more \u003Ca href=\"http:\u002F\u002Fwww.grobekelle.de\u002Fwordpress-plugins\" title=\"Wordpress Plugins\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> brought to you by \u003Ca href=\"http:\u002F\u002Fwww.grobekelle.de\" title=\"Grobekelle\" rel=\"nofollow ugc\">Grobekelle\u003C\u002Fa>.\u003C\u002Fp>\n","RankingBadge displays ranking information from major sources such as Google (PageRank), Alexa (Alexa traffic Rank) and Technorati in the sidebar of yo &hellip;",5933,"2.7","2.5",[19,71,21,72],"badge","stats","http:\u002F\u002Fwww.grobekelle.de\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frankingbadge.0.5.zip","2026-03-15T14:44:11.924Z",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":13,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":92,"download_link":93,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"viper-proof","ViperProof","1.1","viperchill","https:\u002F\u002Fprofiles.wordpress.org\u002Fviperchill\u002F","\u003Cp>ViperProof allows you to show various aspects of social proof on your website, which will help you to get more blog subscribers. It allows you to show the number of: Facebook Fans, Twitter Followers, Blog Posts, Blog Comments and Monthly site visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.viperchill.com\u002F\" rel=\"nofollow ugc\">ViperChill\u003C\u002Fa>, a blog on Viral Marketing, is the creator of this plugin. If you want to take your blog to the next level, you should read this post on \u003Ca href=\"http:\u002F\u002Fwww.viperchill.com\u002Fwordpress-seo\u002F\" rel=\"nofollow ugc\">WordPress SEO\u003C\u002Fa>.\u003C\u002Fp>\n","ViperProof allows you to show various aspects of social proof on your website, which will help you to get more blog subscribers.",4402,"2011-12-03T20:26:00.000Z","3.1.4","3.0",[19,89,21,90,91],"facebook","social-media","twitter","http:\u002F\u002Fwww.viperchill.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fviper-proof.1.2.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":118,"unpatched_count":13,"last_vuln_date":119,"fetched_at":28},"so-widgets-bundle","SiteOrigin Widgets Bundle","1.71.0","Greg - SiteOrigin","https:\u002F\u002Fprofiles.wordpress.org\u002Fgpriday\u002F","\u003Cp>The SiteOrigin Widgets Bundle gives you all the elements you need to build modern, responsive, and engaging website pages. Using the Widgets Bundle, you can quickly and effortlessly add buttons, sliders, heroes, maps, images, carousels, features, icons, and so much more.\u003C\u002Fp>\n\u003Cp>SiteOrigin Widgets are ready to be used \u003Cstrong>anywhere\u003C\u002Fstrong>, in \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fpage-builder\u002F\" rel=\"nofollow ugc\">Page Builder by SiteOrigin\u003C\u002Fa>, in the Block Editor or your theme’s widget areas. The Widgets Bundle is even compatible with other popular page-building plugins.\u003C\u002Fp>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F102103379\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Cp>Our collection is growing, and here are some of the powerful widgets included so far:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Accordion\u003C\u002Fstrong> Efficiently display content in expandable sections, maximizing space for improved organization.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anything Carousel\u003C\u002Fstrong> Display images, text, or any content in a highly customizable and responsive carousel slider.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Author Box\u003C\u002Fstrong> Display author information, including avatar, name, bio, and post links in a customizable box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blog\u003C\u002Fstrong> Showcase blog content in personalized list or grid layouts with flexible design and display settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button\u003C\u002Fstrong> Create a custom button with flexible styling, icon support, and click tracking functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button Grid\u003C\u002Fstrong> Add multiple buttons in one go, customize individually, and present them in a neat grid layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Form\u003C\u002Fstrong> Add a contact form with custom fields, design options, spam protection, and email notifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Call To Action\u003C\u002Fstrong> Prompt visitors to take action with a customizable title, subtitle, button, and design settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor\u003C\u002Fstrong> Insert and customize content with a rich text editor offering extensive formatting options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Features\u003C\u002Fstrong> Showcase features with icons, titles, text, and links in a customizable grid layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Maps\u003C\u002Fstrong> Embed a customizable Google Map with markers, directions, styling options, and interactive elements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Headline\u003C\u002Fstrong> Engage visitors with a prominent, stylish headline and optional divider and sub-headline to convey key messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hero Image\u003C\u002Fstrong> Build an impressive hero image section with custom content, buttons, background image, color, and video.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Icon\u003C\u002Fstrong> Display a customizable icon with color, size, alignment, and optional link settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image\u003C\u002Fstrong> Add a responsive image with custom dimensions, positioning, caption, link, and styling options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Grid\u003C\u002Fstrong> Showcase images in a responsive grid layout with custom size, spacing, alignment, and captions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Image Slider\u003C\u002Fstrong> Create a responsive slider with customizable image and video frames, navigation, and appearance settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Layout Slider\u003C\u002Fstrong> Design responsive slider frames with unique layouts, backgrounds, and content built with Page Builder.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lottie Player\u003C\u002Fstrong> Bring your content to life using interactive Lottie animations with personalized settings and links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Carousel\u003C\u002Fstrong> Display blog posts or custom post types in a responsive, customizable carousel layout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Price Table\u003C\u002Fstrong> Display pricing plans in a professional table format with custom columns, features, and design.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recent Posts\u003C\u002Fstrong> Drive traffic to your latest content with a visually appealing, fully customizable recent posts showcase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Masonry Layout\u003C\u002Fstrong> Display images in an attractive masonry grid with adjustable columns, gutters, and optional captions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Media Buttons\u003C\u002Fstrong> Add social media buttons to your site with personalized icons, colors, and design settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tabs\u003C\u002Fstrong> Create tabbed content panels with customizable titles, content, initial tab, and design settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomy\u003C\u002Fstrong> Automatically display the taxonomies of the current post with customizable labels, colors, and link settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Testimonials\u003C\u002Fstrong> Feature testimonials from satisfied customers with tailored layouts, images, text, colors, and mobile compatibility.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Video Player\u003C\u002Fstrong> Embed self-hosted or externally hosted videos with a customizable player, controls, and responsive sizing.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Ready to Be Used Anywhere\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Page Builder by SiteOrigin:\u003C\u002Fstrong> Insert widgets in Page Builder by SiteOrigin in either the Classic Editor or Page Builder Layout Block in the Block Editor.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block Editor:\u003C\u002Fstrong> The Widgets Bundle is 100% Block Editor compatible. Insert widgets using the SiteOrigin Widgets Block featuring a live widget search form.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme and Plugin Widget Areas:\u003C\u002Fstrong> Insert widgets in any theme or plugin widget area.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>In Other Popular Page Builder Plugins:\u003C\u002Fstrong> Insert widgets in Elementor or Beaver Builder.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Speed\u003C\u002Fh4>\n\u003Cp>We carefully built each widget for the best possible page size and load time. The Widgets Bundle is perfectly compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoptimize\u002F\" rel=\"ugc\">Autoptimize\u003C\u002Fa> and all other major performance plugins.\u003C\u002Fp>\n\u003Ch4>SEO Optimized\u003C\u002Fh4>\n\u003Cp>The Widgets Bundle uses modern SEO best practices and seamlessly integrates with all major SEO plugins.\u003C\u002Fp>\n\u003Ch4>Accessibility Ready\u003C\u002Fh4>\n\u003Cp>The Widgets Bundle is accessibility-ready. Tab through all form fields and settings, make changes without using a mouse.\u003C\u002Fp>\n\u003Ch4>Actively Developed\u003C\u002Fh4>\n\u003Cp>SiteOrigin has been creating magical tools for your WordPress website since 2011. We actively develop the Widgets Bundle with updates released several times a month, including new features and fixes as required. View our Widgets Bundle work on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsiteorigin\u002Fso-widgets-bundle\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Create Custom Widgets\u003C\u002Fh4>\n\u003Cp>Access a huge array of features and save time by developing custom widgets for your theme or plugin on the Widgets Bundle Framework. Read more in our extensive \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fdocs\u002Fwidgets-bundle\u002F\" rel=\"nofollow ugc\">developer documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fwidgets-bundle\u002Fgetting-started\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> is available on SiteOrigin.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Free support is available on the \u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fthread\u002F\" rel=\"nofollow ugc\">SiteOrigin support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>SiteOrigin Premium\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsiteorigin.com\u002Fdownloads\u002Fpremium\u002F\" rel=\"nofollow ugc\">SiteOrigin Premium\u003C\u002Fa> enhances the Widgets Bundle with a vast array of additional features and settings. Take your layouts to the next level with SiteOrigin Premium addons.\u003C\u002Fp>\n\u003Cp>SiteOrigin Premium includes access to our professional email support service, perfect for those times when you need fast and effective technical support. We’re standing by to assist you in any way we can.\u003C\u002Fp>\n","Essential elements for modern websites. Add buttons, sliders, heroes, maps, images, carousels, features, icons, more. Create dynamic pages easily.",400000,46570443,98,134,"2026-02-13T17:16:00.000Z","6.9.4","4.2","7.0.0",[111,20,112,113,114],"blocks","contact-form","slider","widgets","https:\u002F\u002Fsiteorigin.com\u002Fwidgets-bundle\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fso-widgets-bundle.1.71.0.zip",95,11,"2026-02-17 20:23:18",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":107,"requires_at_least":133,"requires_php":17,"tags":134,"homepage":138,"download_link":139,"security_score":46,"vuln_count":31,"unpatched_count":13,"last_vuln_date":140,"fetched_at":28},"metricool","Metricool","1.26","juan.pablo.tejela","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuanpablotejela\u002F","\u003Cp>This plugin allows you to connect your blog or web based on WordPress with Metricool. Metricool is a tool that provides metrics and analytics about your blog and your social profiles. Using Metricool you can schedule your tweets or your posts in Facebook.\u003C\u002Fp>\n\u003Cp>This plugin installs a Javascript tracking code in the footer of your public pages. This code registers the pages viewed by your visitors in Metricool. If you want to interrupt the conexion between your blog and Metricool, you can disable the plugin or remove the Metricool identifier configured in the plugin settings window.\u003C\u002Fp>\n\u003Cp>To use this plugin it is required to be a registered user of Metricool (http:\u002F\u002Fmetricool.com\u002F).\u003C\u002Fp>\n\u003Cp>You can follow us on Twitter: http:\u002F\u002Ftwitter.com\u002Fmetricool\u002F\u003C\u002Fp>\n","Metricool is the first tool designed to measure #Blog impact and #SocialMedia activity.",80000,780312,78,7,"2026-02-02T15:17:00.000Z","3.6",[135,20,121,136,137],"analytics","metrics","tracking","https:\u002F\u002Fmetricool.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetricool.zip","2022-12-20 00:00:00",{"attackSurface":142,"codeSignals":185,"taintFlows":283,"riskAssessment":467,"analyzedAt":482},{"hooks":143,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":184,"entryPointCount":31,"unprotectedCount":13},[144,150,154,158,162,166,170,174],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_menu","btl_menu_items","blog-toplist.php",219,{"type":145,"name":151,"callback":152,"file":148,"line":153},"wp_head","front_header",347,{"type":145,"name":155,"callback":156,"priority":31,"file":148,"line":157},"init","btl_widgets_init",363,{"type":145,"name":159,"callback":160,"file":148,"line":161},"admin_notices","blogtoplist_deactivate",398,{"type":145,"name":163,"callback":164,"priority":11,"file":148,"line":165},"contextual_help","btl_help",403,{"type":145,"name":167,"callback":168,"file":148,"line":169},"admin_print_scripts","btl_page_scripts",406,{"type":145,"name":171,"callback":172,"file":148,"line":173},"admin_print_styles","btl_page_styles",407,{"type":145,"name":159,"callback":175,"file":148,"line":176},"chk_db",410,[],[],[180],{"tag":181,"callback":182,"file":148,"line":183},"bloglist","bloglist_show",344,[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":222,"fileOperations":223,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":282},[],{"prepared":13,"raw":188,"locations":189},14,[190,193,195,198,200,203,206,209,211,213,215,217,218,220],{"file":148,"line":191,"context":192},178,"$wpdb->get_results() with variable interpolation",{"file":148,"line":194,"context":192},290,{"file":148,"line":196,"context":197},292,"$wpdb->get_row() with variable interpolation",{"file":148,"line":199,"context":192},300,{"file":148,"line":201,"context":202},370,"$wpdb->get_var() with variable interpolation",{"file":204,"line":205,"context":192},"function.php",67,{"file":204,"line":207,"context":208},119,"$wpdb->query() with variable interpolation",{"file":204,"line":210,"context":197},131,{"file":204,"line":212,"context":208},140,{"file":204,"line":214,"context":197},193,{"file":204,"line":216,"context":208},218,{"file":204,"line":157,"context":192},{"file":204,"line":219,"context":208},367,{"file":204,"line":221,"context":208},371,{"escaped":223,"rawEcho":224,"locations":225},2,31,[226,230,232,233,235,237,239,241,243,245,247,248,250,252,254,255,257,258,260,262,263,265,266,267,268,270,272,274,276,278,280],{"file":227,"line":228,"context":229},"blog-show.php",6,"raw output",{"file":148,"line":231,"context":229},69,{"file":148,"line":44,"context":229},{"file":148,"line":234,"context":229},71,{"file":148,"line":236,"context":229},72,{"file":148,"line":238,"context":229},73,{"file":148,"line":240,"context":229},74,{"file":148,"line":242,"context":229},238,{"file":148,"line":244,"context":229},262,{"file":148,"line":246,"context":229},266,{"file":148,"line":246,"context":229},{"file":148,"line":249,"context":229},270,{"file":148,"line":251,"context":229},350,{"file":204,"line":253,"context":229},21,{"file":204,"line":253,"context":229},{"file":204,"line":256,"context":229},24,{"file":204,"line":256,"context":229},{"file":204,"line":259,"context":229},25,{"file":204,"line":261,"context":229},27,{"file":204,"line":261,"context":229},{"file":204,"line":264,"context":229},28,{"file":204,"line":32,"context":229},{"file":204,"line":32,"context":229},{"file":204,"line":224,"context":229},{"file":204,"line":269,"context":229},54,{"file":204,"line":271,"context":229},55,{"file":204,"line":273,"context":229},57,{"file":204,"line":275,"context":229},59,{"file":204,"line":277,"context":229},254,{"file":204,"line":279,"context":229},256,{"file":204,"line":281,"context":229},258,[],[284,301,312,326,366,378,409,418,435],{"entryPoint":285,"graph":286,"unsanitizedCount":31,"severity":300},"btl_list_page (blog-toplist.php:222)",{"nodes":287,"edges":297},[288,292],{"id":289,"type":290,"label":291,"file":148,"line":242},"n0","source","$_REQUEST['page']",{"id":293,"type":294,"label":295,"file":148,"line":242,"wp_function":296},"n1","sink","echo() [XSS]","echo",[298],{"from":289,"to":293,"sanitized":299},false,"medium",{"entryPoint":302,"graph":303,"unsanitizedCount":31,"severity":311},"\u003Cblog-show> (blog-show.php:0)",{"nodes":304,"edges":309},[305,308],{"id":289,"type":290,"label":306,"file":227,"line":307},"$_GET",4,{"id":293,"type":294,"label":295,"file":227,"line":228,"wp_function":296},[310],{"from":289,"to":293,"sanitized":299},"low",{"entryPoint":313,"graph":314,"unsanitizedCount":325,"severity":311},"btl_config (function.php:264)",{"nodes":315,"edges":323},[316,319],{"id":289,"type":290,"label":317,"file":204,"line":318},"$_POST (x3)",267,{"id":293,"type":294,"label":320,"file":204,"line":321,"wp_function":322},"update_option() [Settings Manipulation]",268,"update_option",[324],{"from":289,"to":293,"sanitized":299},3,{"entryPoint":327,"graph":328,"unsanitizedCount":325,"severity":365},"process_bulk_action (blog-toplist.php:145)",{"nodes":329,"edges":358},[330,333,336,340,343,346,350,353,356],{"id":289,"type":290,"label":331,"file":148,"line":332},"$_GET['blog']",149,{"id":293,"type":334,"label":335,"file":148,"line":332},"transform","→ btl_delete()",{"id":337,"type":294,"label":338,"file":204,"line":207,"wp_function":339},"n2","query() [SQLi]","query",{"id":341,"type":290,"label":331,"file":148,"line":342},"n3",152,{"id":344,"type":334,"label":345,"file":148,"line":342},"n4","→ btl_edit()",{"id":347,"type":294,"label":348,"file":204,"line":210,"wp_function":349},"n5","get_row() [SQLi]","get_row",{"id":351,"type":290,"label":331,"file":148,"line":352},"n6",155,{"id":354,"type":334,"label":355,"file":148,"line":352},"n7","→ btl_update()",{"id":357,"type":294,"label":338,"file":204,"line":216,"wp_function":339},"n8",[359,360,361,362,363,364],{"from":289,"to":293,"sanitized":299},{"from":293,"to":337,"sanitized":299},{"from":341,"to":344,"sanitized":299},{"from":344,"to":347,"sanitized":299},{"from":351,"to":354,"sanitized":299},{"from":354,"to":357,"sanitized":299},"high",{"entryPoint":367,"graph":368,"unsanitizedCount":31,"severity":365},"bloglist_show (blog-toplist.php:284)",{"nodes":369,"edges":376},[370,373],{"id":289,"type":290,"label":371,"file":148,"line":372},"$_POST",298,{"id":293,"type":294,"label":374,"file":148,"line":199,"wp_function":375},"get_results() [SQLi]","get_results",[377],{"from":289,"to":293,"sanitized":299},{"entryPoint":379,"graph":380,"unsanitizedCount":408,"severity":365},"\u003Cblog-toplist> (blog-toplist.php:0)",{"nodes":381,"edges":399},[382,383,384,385,386,387,388,389,390,391,393,395,397],{"id":289,"type":290,"label":291,"file":148,"line":242},{"id":293,"type":294,"label":295,"file":148,"line":242,"wp_function":296},{"id":337,"type":290,"label":371,"file":148,"line":372},{"id":341,"type":294,"label":374,"file":148,"line":199,"wp_function":375},{"id":344,"type":290,"label":331,"file":148,"line":332},{"id":347,"type":334,"label":335,"file":148,"line":332},{"id":351,"type":294,"label":338,"file":204,"line":207,"wp_function":339},{"id":354,"type":290,"label":331,"file":148,"line":342},{"id":357,"type":334,"label":345,"file":148,"line":342},{"id":392,"type":294,"label":348,"file":204,"line":210,"wp_function":349},"n9",{"id":394,"type":290,"label":331,"file":148,"line":352},"n10",{"id":396,"type":334,"label":355,"file":148,"line":352},"n11",{"id":398,"type":294,"label":338,"file":204,"line":216,"wp_function":339},"n12",[400,401,402,403,404,405,406,407],{"from":289,"to":293,"sanitized":299},{"from":337,"to":341,"sanitized":299},{"from":344,"to":347,"sanitized":299},{"from":347,"to":351,"sanitized":299},{"from":354,"to":357,"sanitized":299},{"from":357,"to":392,"sanitized":299},{"from":394,"to":396,"sanitized":299},{"from":396,"to":398,"sanitized":299},5,{"entryPoint":410,"graph":411,"unsanitizedCount":31,"severity":365},"btl_edit (function.php:128)",{"nodes":412,"edges":416},[413,415],{"id":289,"type":290,"label":371,"file":204,"line":414},138,{"id":293,"type":294,"label":338,"file":204,"line":212,"wp_function":339},[417],{"from":289,"to":293,"sanitized":299},{"entryPoint":419,"graph":420,"unsanitizedCount":223,"severity":365},"btl_settings (function.php:315)",{"nodes":421,"edges":430},[422,424,426,427,428,429],{"id":289,"type":290,"label":306,"file":204,"line":423},329,{"id":293,"type":334,"label":425,"file":204,"line":423},"→ btl_postbox()",{"id":337,"type":294,"label":295,"file":204,"line":281,"wp_function":296},{"id":341,"type":290,"label":306,"file":204,"line":423},{"id":344,"type":334,"label":345,"file":204,"line":423},{"id":347,"type":294,"label":348,"file":204,"line":210,"wp_function":349},[431,432,433,434],{"from":289,"to":293,"sanitized":299},{"from":293,"to":337,"sanitized":299},{"from":341,"to":344,"sanitized":299},{"from":344,"to":347,"sanitized":299},{"entryPoint":436,"graph":437,"unsanitizedCount":11,"severity":365},"\u003Cfunction> (function.php:0)",{"nodes":438,"edges":458},[439,441,442,443,447,448,449,450,451,452,453,454,455,456],{"id":289,"type":290,"label":440,"file":204,"line":414},"$_POST (x2)",{"id":293,"type":294,"label":338,"file":204,"line":212,"wp_function":339},{"id":337,"type":290,"label":371,"file":204,"line":414},{"id":341,"type":294,"label":444,"file":204,"line":445,"wp_function":446},"file_get_contents() [SSRF\u002FLFI]",198,"file_get_contents",{"id":344,"type":290,"label":440,"file":204,"line":414},{"id":347,"type":294,"label":295,"file":204,"line":279,"wp_function":296},{"id":351,"type":290,"label":317,"file":204,"line":318},{"id":354,"type":294,"label":320,"file":204,"line":321,"wp_function":322},{"id":357,"type":290,"label":306,"file":204,"line":423},{"id":392,"type":334,"label":425,"file":204,"line":423},{"id":394,"type":294,"label":295,"file":204,"line":281,"wp_function":296},{"id":396,"type":290,"label":306,"file":204,"line":423},{"id":398,"type":334,"label":345,"file":204,"line":423},{"id":457,"type":294,"label":348,"file":204,"line":210,"wp_function":349},"n13",[459,460,461,462,463,464,465,466],{"from":289,"to":293,"sanitized":299},{"from":337,"to":341,"sanitized":299},{"from":344,"to":347,"sanitized":299},{"from":351,"to":354,"sanitized":299},{"from":357,"to":392,"sanitized":299},{"from":392,"to":394,"sanitized":299},{"from":396,"to":398,"sanitized":299},{"from":398,"to":457,"sanitized":299},{"summary":468,"deductions":469},"The blog-toplist plugin version 1.0.6 exhibits a concerning security posture despite a clean vulnerability history.  The static analysis reveals a significant lack of fundamental security practices. All SQL queries are executed without prepared statements, a major risk that could lead to SQL injection vulnerabilities. Furthermore, only a very small percentage of output is properly escaped, suggesting a high likelihood of cross-site scripting (XSS) flaws.  The taint analysis highlights 6 high-severity flows with unsanitized paths, which, combined with the lack of proper output escaping and capability checks, strongly indicates potential for severe security breaches.\n\nWhile the plugin has no recorded CVEs, this is not a guarantee of safety. The identified code signals, particularly the unescaped output and raw SQL queries, are classic precursors to vulnerabilities. The absence of nonce checks and capability checks on its single shortcode entry point is also a significant oversight. The plugin's limited attack surface (one shortcode) is a positive, but it is entirely unprotected. Therefore, despite the clean historical record, the current static analysis points to substantial risks that require immediate attention and remediation.",[470,472,475,478,480],{"reason":471,"points":11},"All SQL queries lack prepared statements",{"reason":473,"points":474},"Very low percentage of output is properly escaped",8,{"reason":476,"points":477},"6 high severity taint flows with unsanitized paths",12,{"reason":479,"points":408},"No nonce checks on entry points",{"reason":481,"points":408},"No capability checks on entry points","2026-03-17T00:46:27.474Z",{"wat":484,"direct":496},{"assetPaths":485,"generatorPatterns":490,"scriptPaths":491,"versionParams":492},[486,487,488,489],"\u002Fwp-content\u002Fplugins\u002Fblog-toplist\u002Fcss\u002Fbtl-style.css","\u002Fwp-content\u002Fplugins\u002Fblog-toplist\u002Fcss\u002Fbtl-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fblog-toplist\u002Fjs\u002Fbtl-script.js","\u002Fwp-content\u002Fplugins\u002Fblog-toplist\u002Fimages\u002Fblog16.png",[],[488],[493,494,495],"blog-toplist\u002Fcss\u002Fbtl-style.css?ver=","blog-toplist\u002Fcss\u002Fbtl-admin-style.css?ver=","blog-toplist\u002Fjs\u002Fbtl-script.js?ver=",{"cssClasses":497,"htmlComments":500,"htmlAttributes":507,"restEndpoints":508,"jsGlobals":509,"shortcodeOutput":510},[498,499],"btl-wrap","btl-ranking",[501,502,503,504,505,506],"\u003C!-- Blog Toplist -->","\u003C!-- Widget Blog Toplist -->","\u003C!-- Start Blog Toplist Widget -->","\u003C!-- End Blog Toplist Widget -->","\u003C!-- Start Blog Toplist Table -->","\u003C!-- End Blog Toplist Table -->",[],[],[],[511,512],"[blogtoplist]","[blogtoplist type=\"ranking\"]"]