[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3mbELXgpcCSkV_eaHwfSswEXAGU-8aoCc-31EGMlsgM":3,"$fN9KxV3tOmB2VCS1FpgKR2-NQ5ifyA_0xVa8AntHCDK8":214},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":136,"fingerprints":197},"book-cover","BookCover","1.2","iwongu","https:\u002F\u002Fprofiles.wordpress.org\u002Fiwongu\u002F","\u003Cp>This plugin display the book cover image from ISBN. It has 3 pre-configured book store whose images are used. The first is for Korean book (89), the second\u003Cbr \u002F>\nfor Japan (4), and the others. You can change or add new book store URI in the plugin configuration screen. And you can reset to default setting at anytime.\u003C\u002Fp>\n\u003Cp>This plugin includes sidebar widget for book cover display, also.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>First of all, you should know the book’s ISBN. Usually, it is on the back of the book near by bar-code.\u003C\u002Fli>\n\u003Cli>Then add the bookcover markup to your post like the following.\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>[bookcover:1932394613]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>[bookcover:1932394613(Ajax In Action)] \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>It is converted to  markup. So you can control the style in your css file. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Preview\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fideathinking.com\u002Fblog-v2\u002F?p=72\" rel=\"nofollow ugc\">BookCover plugin test page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Col>\n\u003Cli>There are ISBNs that ended with ‘x’ not a number. In that cases, you should take care of the case sensitivity of the ‘x’, because some book store use\u003Cbr \u002F>\nthe lower case ‘x’ for their image file name, and some the upper case. So, try one, and if it fail try another.\u003C\u002Fli>\n\u003Cli>There is no validation check on plugin configuration page. So you can submit with empty country code and empty URI. It makes default URI for other\u003Cbr \u002F>\ncountry code null.\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin display the book cover image from ISBN.",10,3717,0,"2007-09-07T13:55:00.000Z","2.2","2.0","",[4,19,20],"formatting","post","http:\u002F\u002Fideathinking.com\u002Fwiki\u002Findex.php\u002FWordPress:BookCoverPlugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbook-cover.1.2.zip",85,null,"2026-04-06T09:54:40.288Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},3,40,30,84,"2026-04-07T10:05:29.374Z",[34,55,77,98,117],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":53,"download_link":54,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"advanced-excerpt","Advanced Excerpt","4.4.1","WPKube","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkube\u002F","\u003Cp>This plugin adds several improvements to WordPress’ default way of creating excerpts.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Keeps HTML markup in the excerpt (and you get to choose which tags are included)\u003C\u002Fli>\n\u003Cli>Trims the excerpt to a given length using either character count or word count\u003C\u002Fli>\n\u003Cli>Only the ‘real’ text is counted (HTML is ignored but kept)\u003C\u002Fli>\n\u003Cli>Customizes the excerpt length and the ellipsis character that are used\u003C\u002Fli>\n\u003Cli>Completes the last word or sentence in an excerpt (no weird cuts)\u003C\u002Fli>\n\u003Cli>Adds a \u003Cem>read-more\u003C\u002Fem> link to the text\u003C\u002Fli>\n\u003Cli>Ignores custom excerpts and use the generated one instead\u003C\u002Fli>\n\u003Cli>Theme developers can use \u003Ccode>the_advanced_excerpt()\u003C\u002Fcode> for even more control (see the FAQ)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Most of the above features are optional and\u002For can be customized by the user or theme developer.\u003C\u002Fp>\n\u003Cp>Banner image credit – \u003Ca href=\"https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fchillihead\u002F\" rel=\"nofollow ugc\">chillihead\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Original plugin author – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fbasvd\" rel=\"nofollow ugc\">basvd\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Useful Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwhat-is-wordpress\u002F\" rel=\"friend nofollow ugc\">What is WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-themes\" rel=\"friend nofollow ugc\">Fee Themes\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-plugins\u002F\" rel=\"friend nofollow ugc\">plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Control the appearance of WordPress post excerpts",80000,1543886,86,101,"2024-01-19T20:32:00.000Z","6.4.8","3.2",[50,51,19,20,52],"content","excerpt","post-excerpt","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-excerpt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-excerpt.4.4.1.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":44,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"raw-html","Raw HTML","1.6.4","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>Lets you disable automatic formatting like smart quotes and automatic paragraph creation, and use raw HTML\u002FJS\u002FCSS code in your posts without WordPress messing it up.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With this plugin, you can wrap any part of your post in [raw]…[\u002Fraw] tags to prevent WordPress from converting newlines to HTML paragraphs, replacing apostrophes with typographic quotes and so on. This is very useful if you need to add a CSS block or JavaScript to your post.\u003C\u002Fp>\n\u003Cp>RawHTML will also add new checkboxes to the “Edit Post” screen that let you disable certain WP filters on a per-post basis. This way you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable wptexturize (the function that creates smart quotes and other typographic characters).\u003C\u002Fli>\n\u003Cli>Disable automatic paragraph creation.\u003C\u002Fli>\n\u003Cli>Disable image smilies. \u003C\u002Fli>\n\u003Cli>Disable convert_chars (the function that converts ampersands to HTML entities and “fixes” some Unicode characters).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The free version only supports editing posts in the Text tab (called “HTML” in older WordPress versions). \u003Ca href=\"http:\u002F\u002Frawhtmlpro.com\u002F?utm_source=wordpress.org&utm_medium=readme_link&utm_campaign=RawHTML%20free\" rel=\"nofollow ugc\">Get the Pro version\u003C\u002Fa> if you want to be able to switch between Text and the Visual editor without WordPress messing up your content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatibility\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin doesn’t fully support the Gutenberg editor. As of WordPress 5.0, some Raw HTML features will only work if you use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To prevent a part of your post or page from being filtered by WordPress, switch to the Text\u002FHTML editor and wrap it in \u003Ccode>[raw]...[\u002Fraw]\u003C\u002Fcode> or \u003Ccode>\u003C!--raw-->...\u003C!--\u002Fraw-->\u003C\u002Fcode> tags. These two versions work exactly the same, except that the latter won’t be visible to your visitors even if you deactivate Raw HTML.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example :\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[raw]\nThis \n\nis \n\na \"test\"!\n[\u002Fraw]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In this case, the tags will prevent WordPress from inserting paragraph breaks between “This”, “is” and “a “test””, as well as ensure that the double quotes arround “test” are not converted to typographic (curly) quotes.\u003C\u002Fp>\n\u003Cp>To avoid problems, only edit posts that contain your custom code in Text\u002FHTML mode. If you’d like to be able to also use the Visual editor, \u003Ca href=\"http:\u002F\u002Frawhtmlpro.com\u002F?utm_source=wordpress.org&utm_medium=readme_link&utm_campaign=RawHTML%20free\" rel=\"nofollow ugc\">get the Pro version\u003C\u002Fa>. It will make the code betwen [raw] tags appear as a read-only placeholder when viewed in Visual mode, ensuring WordPress doesn’t change it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Combining shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, shortcodes that are inside [raw] tags will not work. They will just show up as plain text. To enable shortcodes, add the \u003Ccode>shortcodes=1\u003C\u002Fcode> attribute to the tag:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[raw shortcodes=1]This [shortcode] will be run.[\u002Fraw]\n\n[raw]This [shortcode] won't work.[\u002Fraw]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Preserving \u003Ccode>[raw]\u003C\u002Fcode> code in excerpts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, the plugin will automatically remove any code that’s inside \u003Ccode>[raw]...[\u002Fraw]\u003C\u002Fcode> tags from post excerpts. You can prevent that by adding the following line to \u003Ccode>wp-config.php\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('RAW_HTML_KEEP_RAW_IN_EXCERPTS', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will ensure that the plugin doesn’t strip \u003Ccode>[raw]\u003C\u002Fcode> blocks from automatically generated excerpts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Some features of Raw HTML will only work for users who have the “unfiltered_html” capability. In a normal WordPress install that includes the Editor and Administrator roles. In a Multisite install, only the Super Admin has this capability by default.\u003C\u002Fp>\n","Lets you use raw HTML or any other code in your posts. You can also disable smart quotes and other automatic formatting on a per-post basis.",10000,587033,33,"2024-11-11T15:00:00.000Z","6.7.5","2.8",[70,19,71,72,73],"css","html","javascript","posts","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2007\u002F12\u002F13\u002Fraw-html-in-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraw-html.1.6.4.zip",92,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":63,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"toggle-wpautop","Toggle wpautop","1.3.0","Jonathan Desrosiers","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesrosj\u002F","\u003Cp>\u003Cstrong>Note: This plugin does not support the block editor but should continue to work without issue when using it with custom post types and the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor Plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Before WordPress displays a post’s content, the content gets passed through multiple filters to ensure that it safely appears how you enter it within the editor.\u003C\u002Fp>\n\u003Cp>One of these filters is \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa>, which replaces double line breaks with \u003Ccode>\u003Cp>\u003C\u002Fcode> tags, and single line breaks with \u003Ccode>\u003Cbr \u002F>\u003C\u002Fcode> tags. However, this filter sometimes causes issues when you are inputting a lot of HTML markup in the post editor.\u003C\u002Fp>\n\u003Cp>This plugin displays a checkbox in the publish meta box of the post edit screen that disables the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa> filter for that post.\u003C\u002Fp>\n\u003Cp>Also adds a ‘wpautop’, or ‘no-wpautop’ class to the post_class filter to help with CSS styling.\u003C\u002Fp>\n","Easily disable the default wpautop filter on a post by post basis.",108347,98,32,"2021-04-07T13:35:00.000Z","5.7.15","3.0","5.6",[93,51,19,94,95],"editor","post-content","wpautop","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoggle-wpautop","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoggle-wpautop.1.3.0.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":28,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":17,"tags":112,"homepage":115,"download_link":116,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wp-russian-typograph","WP Typograph Lite","2.3.5","marapper","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarapper\u002F","\u003Cp>Рекомендуется для большинства блогов на русском языке.\u003C\u002Fp>\n\u003Cp>Плагин \u003Ca href=\"http:\u002F\u002Fiskariot.ru\u002Fwordpress\u002Ftypo\u002F#typo-light\" rel=\"nofollow ugc\">WP Typograph Lite\u003C\u002Fa> предназначен для автоматического форматирования текста в соответствии с правилами русской типографики. Обрабатывает все основные блоки – заголовки, тексты постов и страниц, комментарии. Форматирование происходит при отображении страницы, без изменения исходного текста постов.\u003C\u002Fp>\n\u003Cp>\u003Cem>Желательно использовать плагин с включенным кешированием WordPress\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Основная функциональность\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Правильные кавычки («елочки и вложенные „лапки“»).\u003C\u002Fli>\n\u003Cli>Длинное тире между словами — не отрывая от предыдущего слова.\u003C\u002Fli>\n\u003Cli>— Черта, — в диалогах.\u003C\u002Fli>\n\u003Cli>Интервальные тире в датах и периодах (13 ноября—25 декабря).\u003C\u002Fli>\n\u003Cli>Минус между цифрами 0–9.\u003C\u002Fli>\n\u003Cli>Многоточие — тремя точками…\u003C\u002Fli>\n\u003Cli>Убирает точку в конце заголовка поста.\u003C\u002Fli>\n\u003Cli>В тегах \u003Ccode>, \u003Cpre> и \u003Cscript> (и некоторых других) текст не изменяет.\u003C\u002Fli>\n\u003Cli>В теге \u003Ccode> автоматически заменяет \u003C на \u003C, исправляет кавычки на машинописные для корректного копирования-вставки.\u003C\u002Fli>\n\u003Cli>Заменяет функцию фильтрации HTML (wpautop), исправляет ошибки визуального редактора со вставкой тегов.\u003C\u002Fli>\n\u003Cli>Форматирует некоторые спецсимволы, такие как ½, ©, ™ и др.\u003C\u002Fli>\n\u003Cli>Делает ссылки в комментариях кликабельными (с http и www), автоматически сокращая якорь в длинных ссылках.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-typograph-full\u002F\" rel=\"ugc\">Полная версия\u003C\u002Fa> позволяет управлять неразрывными конструкциями и автоматическими исправлениями, обладает гибкими настройками.\u003C\u002Fp>\n","Russian typography for Wordpress. Lite version.",1000,43067,100,"2017-11-28T18:11:00.000Z","2.7.1","2.0.2",[19,20,73,113,114],"text","typograph","http:\u002F\u002Fiskariot.ru\u002Fwordpress\u002Ftypo\u002F#typo-light","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-russian-typograph.2.3.5.zip",{"slug":118,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":76,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":17,"tags":130,"homepage":134,"download_link":135,"security_score":108,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wpuntexturize","2.3","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>By default, WordPress converts single and double quotation marks into their curly alternatives. This plugin prevents that from happening, so you can enjoy your quotation marks in their non-curly glory. If your content happens to already have curly quotation marks in it, then this plugin can optionally also convert them to their non-curly alternatives.\u003C\u002Fp>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> Despite the unfortunately misleading name, this plugin is NOT the antithesis of WordPress’s \u003Ccode>wptexturize()\u003C\u002Fcode> function. This ONLY prevents WordPress from making HTML entity code substitutions of single and double quotation marks with their curly alternatives and does NOT prevent \u003Ccode>wptexturize()\u003C\u002Fcode> from making any other character and string substitutions. See the FAQ for details on the filters processed by the plugin.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fwpuntexturize\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpuntexturize\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fwpuntexturize\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>Developer documentation can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fwpuntexturize\u002Fblob\u002Fmaster\u002FDEVELOPER-DOCS.md\" rel=\"nofollow ugc\">DEVELOPER-DOCS.md\u003C\u002Fa>. That documentation covers the numerous hooks provided by the plugin. Those hooks are listed below to provide an overview of what’s available.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>c2c_wpuntexturize\u003C\u002Fcode> : An alternative approach to safely invoke \u003Ccode>c2c_wpuntexturize()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site. This only applies if you use the function directly, which is not typical usage for most users.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wpuntexturize_filters\u003C\u002Fcode> : customize what filters to hook to be filtered with wpuntexturize. See the Description section for a complete list of all filters that are filtered by default.\u003C\u002Fli>\n\u003Cli>\u003Ccode>c2c_wpuntexturize_replacements\u003C\u002Fcode> : Customize the character replacements handled by the plugin.\u003C\u002Fli>\n\u003Cli>\u003Ccode>c2c_wpuntexturize_convert_curly_quotes\u003C\u002Fcode> : Enable conversion of preexisting curly quotes into their non-curly alternatives.\u003C\u002Fli>\n\u003C\u002Ful>\n","Prevent WordPress from converting single and double quotation marks into their curly alternatives.",800,25596,12,"2025-04-08T22:17:00.000Z","6.8.5","5.5",[19,20,131,132,133],"quotes","substitutions","wptexturize","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fwpuntexturize\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpuntexturize.2.3.zip",{"attackSurface":137,"codeSignals":161,"taintFlows":184,"riskAssessment":185,"analyzedAt":196},{"hooks":138,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[139,145,149,153],{"type":140,"name":141,"callback":142,"file":143,"line":144},"filter","the_content","ideathinking_bookcover","bookcover.php",76,{"type":146,"name":147,"callback":148,"file":143,"line":31},"action","admin_menu","ideathinking_bookcover_config_page",{"type":146,"name":150,"callback":151,"file":143,"line":152},"admin_head","ideathinking_bookcover_admin_css",204,{"type":146,"name":154,"callback":155,"file":143,"line":156},"plugins_loaded","ideathinking_bookcover_widget_init",261,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":183},[],{"prepared":13,"raw":13,"locations":164},[],{"escaped":13,"rawEcho":166,"locations":167},7,[168,171,173,175,177,179,181],{"file":143,"line":169,"context":170},136,"raw output",{"file":143,"line":172,"context":170},220,{"file":143,"line":174,"context":170},221,{"file":143,"line":176,"context":170},226,{"file":143,"line":178,"context":170},228,{"file":143,"line":180,"context":170},245,{"file":143,"line":182,"context":170},246,[],[],{"summary":186,"deductions":187},"The \"book-cover\" plugin v1.2 presents a mixed security picture. On the positive side, there are no identified CVEs in its history and no dangerous functions, SQL queries without prepared statements, file operations, external HTTP requests, or bundled libraries were detected. This suggests a potentially clean codebase in these areas. However, a significant concern arises from the complete lack of output escaping. With 7 total outputs, 0% being properly escaped means that any data rendered by the plugin is vulnerable to cross-site scripting (XSS) attacks. Furthermore, the absence of nonce checks and capability checks, despite having no explicit entry points like AJAX, REST API, or shortcodes, is noteworthy. While the current attack surface is zero, this lack of built-in security checks for potential future additions or unforeseen entry points is a weakness. The taint analysis also yielded no critical or high severity issues, which is a good sign, but the lack of analysis flows limits this conclusion.\n\nIn conclusion, the plugin's strength lies in its absence of known vulnerabilities and adherence to secure coding practices regarding SQL and external requests. Nevertheless, the critical vulnerability of unescaped output poses an immediate and significant risk. The lack of authorization checks, though not currently exploitable due to the zero attack surface, represents a latent risk that could become critical if the plugin evolves to include user-facing functionalities. Addressing the output escaping is paramount.",[188,191,194],{"reason":189,"points":190},"No output escaping",20,{"reason":192,"points":193},"No nonce checks",5,{"reason":195,"points":193},"No capability checks","2026-03-17T00:30:34.408Z",{"wat":198,"direct":203},{"assetPaths":199,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[],[],[],[],{"cssClasses":204,"htmlComments":206,"htmlAttributes":207,"restEndpoints":210,"jsGlobals":211,"shortcodeOutput":212},[205],"bookcover",[],[208,209],"id=\"bookcover\"","class=\"bookcover\"",[],[],[213],"\u003Cimg class=\"bookcover\"",{"slug":4,"current_version":6,"total_versions":215,"versions":216},1,[217],{"version":6,"download_url":22,"svn_tag_url":218,"released_at":24,"has_diff":219,"diff_files_changed":220,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":221,"is_current":222},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbook-cover\u002Ftags\u002F1.2\u002F",false,[],[],true]