[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7WIs__Lnv_OK9OyJ7lJAeggJNvJNiq5sDgwvKpC3tJc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":53,"analysis":149,"fingerprints":266},"bns-twitter-follow-button","BNS Twitter Follow Button","0.3.8","Edward Caissie","https:\u002F\u002Fprofiles.wordpress.org\u002Fcais\u002F","\u003Cp>A widget to allow you to set the parameters of the Twitter Follow Button found here: https:\u002F\u002Ftwitter.com\u002Fabout\u002Fresources\u002Ffollowbutton. This widget also creates a shortcode that can be used in posts and pages. Also to note, each instance of the shortcode or widget can use a different Twitter name so you can have multiple Twitter accounts listed on your website. Includes support of languages for the Follow Button using the two letter ISO-639-1 language code for English (en), French (fr), German (de), Italian (it), Spanish (es), Korean (ko) and Japanese (ja).\u003Cbr \u002F>\n* Copyright 2011-2015, Edward Caissie (email : edward.caissie@gmail.com)\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\n  it under the terms of the GNU General Public License version 2,\u003Cbr \u002F>\n  as published by the Free Software Foundation.\u003C\u002Fp>\n\u003Cp>You may NOT assume that you can use any other version of the GPL.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\n  but WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\n  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\n  GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\n  along with this program; if not, write to the Free Software\u003Cbr \u002F>\n  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\u003C\u002Fp>\n\u003Cp>The license for this software can also likely be found here:\u003Cbr \u002F>\n  http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n","Displays a Twitter Follow Button; and, includes shortcode functionality.",10,4340,0,"2016-04-10T18:04:00.000Z","4.5.33","3.6","",[19,20,21,22],"shortcode","social","twitter","widget","http:\u002F\u002Fbuynowshop.com\u002Fplugins\u002Fbns-tfbutton","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbns-twitter-follow-button.0.3.8.zip",63,1,"2025-05-12 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-47578","bns-twitter-follow-button-authenticated-contributor-stored-cross-site-scripting","BNS Twitter Follow Button \u003C= 0.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting","The BNS Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 0.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.3.8","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-14 20:11:39",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdcd59ae6-4e5a-4efb-9abb-43c482e41b16?source=api-prod",{"slug":45,"display_name":46,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"cais","tacticais",18,2170,88,30,86,"2026-04-04T05:58:08.816Z",[54,75,96,115,131],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"juiz-last-tweet-widget","Juiz Last Tweet Widget","1.3.8","Geoffrey","https:\u002F\u002Fprofiles.wordpress.org\u002Fcreativejuiz\u002F","\u003Cp>Add a widget to your sidebar to show your latest tweet(s) with style and without JavaScript! Retweet, Favorite and Reply links are available.\u003C\u002Fp>\n\u003Cp>This sidebar’s widget offer you the possibility to show your last tweet(s) (THE last by default) in your WordPress web site.\u003Cbr \u002F>\nThe advantage of this plugin is the absence of JavaScript script to load tweets from twitter : a very good point for your page speed.\u003Cbr \u002F>\nAnother advantage is the possibility to use a cache system with an adjustable period.\u003Cbr \u002F>\nYou also can show your avatar, action links (Favorite, Reply, Retweet), activate a slideshow of latest tweets, and customize the CSS.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In admin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to install.\u003C\u002Fli>\n\u003Cli>Panel for easy configuration (Appearance -> Widgets).\u003C\u002Fli>\n\u003Cli>Show or hide your avatar\u003C\u002Fli>\n\u003Cli>Default CSS can be disabled or customized\u003C\u002Fli>\n\u003Cli>Unlimited customization (colors of the widget, several default styles, etc.)\u003C\u002Fli>\n\u003Cli>Adjustable period for cache system\u003C\u002Fli>\n\u003Cli>Can active the action links\u003C\u002Fli>\n\u003Cli>Can active an auto slideshow script and chose delay between two tweets\u003C\u002Fli>\n\u003Cli>Shortcode to insert the widget where you want\u003C\u002Fli>\n\u003Cli>Included: Tutorial to create a Twitter plugin (needed for API 1.1)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Smart default style (CSS) and compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsocial-subscribers-counter\u002F\" rel=\"ugc\">Social Subscribers Counter\u003C\u002Fa> styles\u003C\u002Fli>\n\u003Cli>Flat styles with customizable colors\u003C\u002Fli>\n\u003Cli>Display link (with special CSS classes) for hastags, users, and web link (\u003Ccode>nofollow\u003C\u002Fcode> links)\u003C\u002Fli>\n\u003Cli>Display twitter’s user link and statut’s link\u003C\u002Fli>\n\u003Cli>Display source (web, Tweetdeck, etc.) when it’s possible\u003C\u002Fli>\n\u003Cli>In option: Show action links like Retweet, Reply and Fav\u003C\u002Fli>\n\u003Cli>In option: little slideshow of one tweet in a list of tweets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For developpers, numerous hooks are available, template function is available (see FAQ for more info) 😉\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spannish\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Turkish (thanks to \u003Ca href=\"http:\u002F\u002Fhakanertr.wordpress.com\u002F\" title=\"His website\" rel=\"nofollow ugc\">Hakaner\u003C\u002Fa>!)\u003C\u002Fli>\n\u003Cli>Nowegian (thanks to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fnilsel\" title=\"His WordPress profile\" rel=\"ugc\">Nilsel\u003C\u002Fa>!)\u003C\u002Fli>\n\u003Cli>Italian (thanks to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fsuperciccio14\" title=\"His WordPress profile\" rel=\"ugc\">superciccio14\u003C\u002Fa>!)\u003C\u002Fli>\n\u003Cli>Portuguese (Brazilian) (thanks to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Ftrindademeier\" title=\"His WordPress profile\" rel=\"ugc\">trindademeier\u003C\u002Fa>!)\u003C\u002Fli>\n\u003Cli>Dutch (thanks to \u003Ca href=\"http:\u002F\u002Fwww.directic.nl\" title=\"His Web site\" rel=\"nofollow ugc\">Jan Willem Wilmsen\u003C\u002Fa>!)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Thanks to \u003Ca href=\"http:\u002F\u002Fscreenfeed.fr\" rel=\"nofollow ugc\">Greg\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Ftweetpress.fr\u002F\" rel=\"nofollow ugc\">Julien\u003C\u002Fa> for your advices in some parts of this plugin 😉\u003C\u002Fp>\n\u003Ch3>Informations\u003C\u002Fh3>\n\u003Cp>Another plugin :\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjuiz-social-post-sharer\u002F\" title=\"WordPress Social Networks Buttons\" rel=\"ugc\">Juiz Social Post Sharer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You like it ? You can donate or \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?hashtags=CreativeJuiz&original_referer=http%3A%2F%2Fwordpress.org%2Fextend%2Fplugins%2Fjuiz-last-tweet-widget%2F&related=geoffrey_crofte&source=WordPress&text=I%20use%20Juiz-Last-Tweet%20Plugin%20for%20WordPress.%20It's%20usefull!!&url=http%3A%2F%2Fwww.creativejuiz.fr%2Fblog%2Fwordpress%2Fwordpress-plugin-afficher-derniers-tweets-widget&via=geoffrey_crofte\" title=\"Tweet a little word\" rel=\"nofollow ugc\">tweet\u003C\u002Fa> for this plugin.\u003Cbr \u002F>\nThank you !\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=P39NJPCWVXGDY&lc=FR&item_name=Juiz%20Last%20Tweet%20Widget%20%2d%20WordPress%20Plugin&currency_code=EUR&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHostedGuest\" title=\"Donate to this WordPress plugin\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Full documentation in the plugin folder ! (documentation.html)\u003Cbr \u002F>\nOr here: \u003Ca href=\"http:\u002F\u002Fcreativejuiz.fr\u002Fblog\u002Fdoc\u002Fjuiz-last-tweet-widget-documentation.html\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Add a widget to your sidebar to show your latest tweet(s) with style and without JavaScript! Retweet, Favorite and Reply links are available.",600,104303,84,26,"2024-11-28T16:08:00.000Z","6.7.5","3.0.1",[70,71,20,21,22],"last","sidebar","https:\u002F\u002Fwww.creativejuiz.fr\u002Fblog\u002Fwordpress\u002Fwordpress-plugin-afficher-derniers-tweets-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjuiz-last-tweet-widget.zip",92,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":74,"num_ratings":85,"last_updated":86,"tested_up_to":15,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":93,"download_link":94,"security_score":95,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"metro-style-social-widget","Metro Style Social Widget","1.0.2","Manivannan M","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanivannan-m\u002F","\u003Cp>A light weight wordpress widget that displays Metro Style social network icons in Sidebar and links to your social network profiles.\u003C\u002Fp>\n\u003Cp>Add button option will display the Like \u002F Follow button on the Social icons so that your users can immediately Like \u002F Follow your page or profile without leaving your site.\u003C\u002Fp>\n\u003Cp>Since every one use Facebook and Twitter, we made them as default and other network as optional.\u003C\u002Fp>\n\u003Ch4>Update\u003C\u002Fh4>\n\u003Cp>Color Picker added, Now you can set any color to any icons in the widget.\u003C\u002Fp>\n\u003Cp>On Users request Google+ and RSS Feed are now optional.\u003C\u002Fp>\n\u003Cp>If needed you can display Google+, Linkedin, Youtube, RSS Feed and Pinterest else choose don’t show option in widget settings.\u003C\u002Fp>\n\u003Cp>Responsive design, Plugin will automatically fit within your siderbar width else you can specify width for the widget.\u003C\u002Fp>\n\u003Ch4>Next Release will Include the Below Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli> User side configuration \u002F customization in Widget admin page\u003C\u002Fli>\n\u003Cli> More Styles \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support \u002F Contact\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.aidful.com\u002Fmetro-style-social-widget-wordpress\" title=\"More info about Metro Style Social Widget plugin\" rel=\"nofollow ugc\">More Info \u002F DEMO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.aidful.com\" title=\"Contact at Aidful.com\" rel=\"nofollow ugc\">Developer Blog: Aidful.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Sponsors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.specificfeeds.com\u002F\" title=\"Donated 30 USD\" rel=\"nofollow ugc\">SpecificFeeds\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you like this plug-in, please don’t forget to rate this plugin.\u003C\u002Fp>\n","Metro Style Social Network Widget",300,56781,22,"2016-08-02T08:32:00.000Z","2.5",[89,90,91,92,21],"facebook","google","metro-social-widget","specificfeeds","http:\u002F\u002Fwww.aidful.com\u002Fmetro-style-social-widget-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetro-style-social-widget.1.0.2.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":74,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":113,"download_link":114,"security_score":95,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"social-media-badge-widget","Social Media Badge Widget","2.7.0","StressFree Sites","https:\u002F\u002Fprofiles.wordpress.org\u002Fstressfree-sites\u002F","\u003Cp>This plugin creates a widget which easily displays the social badges from the leading social media websites (Twitter, Facebook, Google+, LinkedIn, You Tube, Pinterest and Flickr) in a clear and elegant way.\u003C\u002Fp>\n\u003Cp>It displays the information in an accordion, so only one section is open at a time, which ensures your website does not become cluttered visually.\u003C\u002Fp>\n\u003Cp>The plugin includes a plugin admin page where it is possible to customise everything from the social media channel to the visual styling of the accordion.\u003C\u002Fp>\n\u003Ch3>Plugin features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Widget content displays in a jQuery accordion.\u003C\u002Fli>\n\u003Cli>Display Twitter, Facebook, Google+, LinkedI, You Tube, Pinterest, Flickr\u003C\u002Fli>\n\u003Cli>Customise the Twitter widget for different colour schemes and to show replies.\u003C\u002Fli>\n\u003Cli>Customise the Facebook widget for different colour schemes, show news stream and show fans faces.\u003C\u002Fli>\n\u003Cli>Change the colour of the accordion, gray, blue, red, green and black.\u003C\u002Fli>\n\u003Cli>Two different icons sets: colour and grey.\u003C\u002Fli>\n\u003Cli>Select accordion section to open on page load.\u003C\u002Fli>\n\u003Cli>Ability to make the accordion all collapsible and load with all section closed.\u003C\u002Fli>\n\u003Cli>Choose which accordion section to display on each widget.\u003C\u002Fli>\n\u003Cli>Skeleton styling to enable easy custom styling.\u003C\u002Fli>\n\u003Cli>Ability to manually load jQuery to increase compatability.\u003C\u002Fli>\n\u003Cli>Troubleshooting section to ensure any problems are resolved quickly.\u003C\u002Fli>\n\u003Cli>Support requests answered in less and 24 hours on average.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Like this plugin?\u003C\u002Fh3>\n\u003Cp>You maybe interested in our \u003Ca href=\"http:\u002F\u002Fsocialprofilesandcontactdetailswordpressplugin.com\u002F\" rel=\"nofollow ugc\">premium plugin\u003C\u002Fa> to enable more features.\u003C\u002Fp>\n\u003Cp>Otherwise, please have a look at our other plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbusiness-contact-widget\u002F\" rel=\"ugc\">Business Contact Widget\u003C\u002Fa> which displays all your contact details in a clear and elegant way.\u003C\u002Fp>\n","This plugin creates a widget which easily displays the social badges from the leading social media websites in a clear an elegant way.",200,54660,5,"2015-09-17T23:00:00.000Z","4.3.34","3.0.0",[111,89,112,21,22],"badge","social-media","http:\u002F\u002Fstressfreesites.co.uk\u002Fplugins\u002Fsocial-media-badge-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-media-badge-widget.2.7.0.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":13,"num_ratings":13,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":129,"download_link":130,"security_score":95,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"social-icons-widget","Social Icons Widget","0.1a","Curtiss Grymala","https:\u002F\u002Fprofiles.wordpress.org\u002Fcgrymala\u002F","\u003Cp>Adds an available widget to list various social media profiles. The following social media sites are included by default:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>Google+\u003C\u002Fli>\n\u003Cli>FriendFeed\u003C\u002Fli>\n\u003Cli>Flickr\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin also includes a filter hook allowing you to extend the available services.\u003C\u002Fp>\n\u003Cp>By default, this plugin outputs an unordered list (ul) with a class of \u003Ccode>social-icons-list\u003C\u002Fcode>. Each service is output as a list item (li) with the service name used as the HTML class attribute. Filters are available to allow you to change those HTML elements.\u003C\u002Fp>\n","A developer-friendly plugin that allows you to add a widget with links to various social media profiles.",100,19301,"2011-08-26T19:53:00.000Z","3.2.1","3.1",[89,112,21,22],"http:\u002F\u002Fplugins.ten-321.com\u002Fsocial-icons-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-icons-widget.0.1.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":68,"requires_php":17,"tags":145,"homepage":147,"download_link":148,"security_score":95,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"round-social-media-buttons","Round Social Media Buttons","1.0","solomon_s_scott","https:\u002F\u002Fprofiles.wordpress.org\u002Fsolomon_s_scott\u002F","\u003Cp>This plugin creates a responsive widget that displays up to eight different social media websites. (Not all 8 are required)\u003C\u002Fp>\n\u003Col>\n\u003Cli>Facebook\u003C\u002Fli>\n\u003Cli>Twitter\u003C\u002Fli>\n\u003Cli>Google+\u003C\u002Fli>\n\u003Cli>YouTube\u003C\u002Fli>\n\u003Cli>LinkedIn\u003C\u002Fli>\n\u003Cli>Instagram\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Tumblr\u003C\u002Fli>\n\u003C\u002Fol>\n","Provides a responsive social media widget that displays up to eight different social media websites.",90,9114,74,3,"2014-04-17T23:05:00.000Z","3.9.40",[89,146,112,21,22],"linkedin","http:\u002F\u002Fsolomonscott.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fround-social-media-buttons.zip",{"attackSurface":150,"codeSignals":165,"taintFlows":251,"riskAssessment":252,"analyzedAt":265},{"hooks":151,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":164,"entryPointCount":26,"unprotectedCount":13},[152],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","widgets_init","load_bns_tfbutton_widget","bns-tfbutton.php",82,[],[],[161],{"tag":162,"callback":163,"file":156,"line":49},"bns_tfbutton","bns_tfbutton_shortcode",[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":250},[],{"prepared":13,"raw":13,"locations":168},[],{"escaped":13,"rawEcho":170,"locations":171},39,[172,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,248],{"file":156,"line":173,"context":174},134,"raw output",{"file":156,"line":176,"context":174},139,{"file":156,"line":178,"context":174},146,{"file":156,"line":180,"context":174},149,{"file":156,"line":182,"context":174},150,{"file":156,"line":184,"context":174},153,{"file":156,"line":186,"context":174},159,{"file":156,"line":188,"context":174},226,{"file":156,"line":190,"context":174},228,{"file":156,"line":192,"context":174},229,{"file":156,"line":194,"context":174},230,{"file":156,"line":196,"context":174},235,{"file":156,"line":198,"context":174},237,{"file":156,"line":200,"context":174},238,{"file":156,"line":202,"context":174},239,{"file":156,"line":204,"context":174},245,{"file":156,"line":206,"context":174},246,{"file":156,"line":208,"context":174},248,{"file":156,"line":210,"context":174},253,{"file":156,"line":212,"context":174},255,{"file":156,"line":214,"context":174},256,{"file":156,"line":216,"context":174},257,{"file":156,"line":218,"context":174},263,{"file":156,"line":220,"context":174},264,{"file":156,"line":222,"context":174},266,{"file":156,"line":224,"context":174},271,{"file":156,"line":226,"context":174},273,{"file":156,"line":228,"context":174},274,{"file":156,"line":230,"context":174},275,{"file":156,"line":232,"context":174},281,{"file":156,"line":234,"context":174},282,{"file":156,"line":236,"context":174},284,{"file":156,"line":238,"context":174},289,{"file":156,"line":240,"context":174},291,{"file":156,"line":242,"context":174},292,{"file":156,"line":244,"context":174},293,{"file":156,"line":246,"context":174},299,{"file":156,"line":83,"context":174},{"file":156,"line":249,"context":174},301,[],[],{"summary":253,"deductions":254},"The \"bns-twitter-follow-button\" plugin exhibits a mixed security posture. While it demonstrates good practices by not making external HTTP requests and using prepared statements for all SQL queries, it has significant security concerns. The lack of any output escaping on 39 identified outputs is a critical vulnerability, creating a high risk of Cross-Site Scripting (XSS) attacks. Furthermore, the absence of nonce and capability checks on all entry points means that any of its functionalities could be exploited without proper authentication or authorization. The plugin's vulnerability history is also a major red flag, with one unpatched medium severity CVE for XSS. This, combined with the static analysis findings, indicates a pattern of insecure coding practices, particularly concerning input handling and output sanitization. The sole shortcode presents a potential, albeit limited, attack surface that is not adequately protected.",[255,258,261,263],{"reason":256,"points":257},"Unpatched CVE",15,{"reason":259,"points":260},"No output escaping",20,{"reason":262,"points":11},"No nonce checks",{"reason":264,"points":11},"No capability checks","2026-03-17T00:20:51.782Z",{"wat":267,"direct":277},{"assetPaths":268,"generatorPatterns":271,"scriptPaths":272,"versionParams":274},[269,270],"\u002Fwp-content\u002Fplugins\u002Fbns-twitter-follow-button\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fbns-twitter-follow-button\u002Fjs\u002Fwidget.js",[],[273],"\u002F\u002Fplatform.twitter.com\u002Fwidgets.js",[275,276],"\u002Fwp-content\u002Fplugins\u002Fbns-twitter-follow-button\u002Fcss\u002Fstyle.css?ver=","\u002Fwp-content\u002Fplugins\u002Fbns-twitter-follow-button\u002Fjs\u002Fwidget.js?ver=",{"cssClasses":278,"htmlComments":281,"htmlAttributes":282,"restEndpoints":290,"jsGlobals":291,"shortcodeOutput":293},[279,280],"bns-tfbutton","twitter-follow-button",[],[283,284,285,286,287,288,289],"data-show-count","data-button","data-text-color","data-link-color","data-width","data-align","data-lang",[],[292],"widgets",[294],"[bns_tfbutton]"]