[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQhGqMEuTofTioWirxeRfQ0qFpEcwqAbqKSD9jBuKR2I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":36,"fingerprints":144},"blogroll-dropdown","Blogroll Dropdown","1.0","drmen8x","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrmen8x\u002F","\u003Cp>Display links (blogroll) as dropdown select menu with multi option. Visit the \u003Ca href=\"http:\u002F\u002Fblog.casanova.vn\u002Fwordpress-blogroll-select-menu-dropdown-widget\u002F\" rel=\"nofollow ugc\">blogroll select menu dropdown widget\u003C\u002Fa> for more information about the plugin or comment it if you want to support. See more features below\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>The options page allows you to choose from a range of options including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>How many links to display\u003C\u002Fli>\n\u003Cli>Class css for your select box\u003C\u002Fli>\n\u003Cli>Orderby & Order\u003C\u002Fli>\n\u003Cli>Display links in list of categories (separated by comma) \u003C\u002Fli>\n\u003Cli>Include or exclude links\u003C\u002Fli>\n\u003Cli>Option open in new window or current window\u003C\u002Fli>\n\u003C\u002Ful>\n","Display links (blogroll) as dropdown select menu",40,5004,0,"2012-09-11T01:49:00.000Z","3.4.2","3.2","",[4,19,20,21,22],"blogroll-select-menu","jump-menu","links-dropdown","links-select","http:\u002F\u002Fblog.casanova.vn\u002Fwordpress-blogroll-select-menu-dropdown-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblogroll-dropdown.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,50,30,84,"2026-04-05T00:17:19.336Z",[],{"attackSurface":37,"codeSignals":49,"taintFlows":128,"riskAssessment":129,"analyzedAt":143},{"hooks":38,"ajaxHandlers":45,"restRoutes":46,"shortcodes":47,"cronEvents":48,"entryPointCount":13,"unprotectedCount":13},[39],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","widgets_init","anonymous","blogroll-dropdown.php",141,[],[],[],[],{"dangerousFunctions":50,"sqlUsage":54,"outputEscaping":56,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":127},[51],{"fn":52,"file":43,"line":44,"context":53},"create_function","add_action( 'widgets_init', create_function('', 'return register_widget(\"Blogroll_Dropdown\");') );",{"prepared":13,"raw":13,"locations":55},[],{"escaped":57,"rawEcho":58,"locations":59},16,35,[60,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,96,98,99,101,103,104,106,108,110,112,114,116,118,120,122,124,126],{"file":43,"line":61,"context":62},23,"raw output",{"file":43,"line":64,"context":62},25,{"file":43,"line":66,"context":62},26,{"file":43,"line":68,"context":62},27,{"file":43,"line":70,"context":62},43,{"file":43,"line":72,"context":62},56,{"file":43,"line":74,"context":62},58,{"file":43,"line":76,"context":62},59,{"file":43,"line":78,"context":62},64,{"file":43,"line":80,"context":62},66,{"file":43,"line":82,"context":62},67,{"file":43,"line":84,"context":62},71,{"file":43,"line":86,"context":62},73,{"file":43,"line":88,"context":62},74,{"file":43,"line":90,"context":62},78,{"file":43,"line":92,"context":62},80,{"file":43,"line":94,"context":62},81,{"file":43,"line":25,"context":62},{"file":43,"line":97,"context":62},87,{"file":43,"line":97,"context":62},{"file":43,"line":100,"context":62},99,{"file":43,"line":102,"context":62},101,{"file":43,"line":102,"context":62},{"file":43,"line":105,"context":62},108,{"file":43,"line":107,"context":62},110,{"file":43,"line":109,"context":62},111,{"file":43,"line":111,"context":62},116,{"file":43,"line":113,"context":62},118,{"file":43,"line":115,"context":62},119,{"file":43,"line":117,"context":62},124,{"file":43,"line":119,"context":62},126,{"file":43,"line":121,"context":62},127,{"file":43,"line":123,"context":62},130,{"file":43,"line":125,"context":62},132,{"file":43,"line":125,"context":62},[],[],{"summary":130,"deductions":131},"The blogroll-dropdown v1.0 plugin exhibits a mixed security posture. On the positive side, it has no known CVEs and demonstrates strong practices in its SQL query handling, exclusively using prepared statements. There are no file operations or external HTTP requests, and the attack surface from AJAX, REST API, shortcodes, and cron events is reported as zero, which is a significant strength.\n\nHowever, there are notable concerns. The presence of the `create_function` usage is a clear red flag, as this function is deprecated and can be a vector for code injection if not handled with extreme care, although no specific taint flows were identified. Furthermore, a significant portion of output is not properly escaped (only 31% are escaped), which presents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks on any potential entry points, combined with the unescaped output, significantly increases the risk of unauthorized actions and data compromise.\n\nThe lack of any recorded vulnerability history is a positive indicator, suggesting a history of responsible development. Nevertheless, the identified code signals, particularly the unescaped output and the use of a deprecated dangerous function, necessitate caution. While the plugin currently appears to have a low attack surface and no direct exploitable vulnerabilities flagged in taint analysis, the unescaped output is a severe weakness that could be easily exploited.",[132,135,138,141],{"reason":133,"points":134},"High percentage of unescaped output",15,{"reason":136,"points":137},"Usage of deprecated dangerous function (create_function)",10,{"reason":139,"points":140},"No nonce checks",5,{"reason":142,"points":140},"No capability checks","2026-03-16T22:17:09.046Z",{"wat":145,"direct":150},{"assetPaths":146,"generatorPatterns":147,"scriptPaths":148,"versionParams":149},[],[],[],[],{"cssClasses":151,"htmlComments":153,"htmlAttributes":154,"restEndpoints":155,"jsGlobals":156,"shortcodeOutput":157},[152],"blogroll_class",[],[],[],[],[158],"\u003Cselect class=\""]