[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6bHEgQ8fEM4lOir-XHkXRvQwxN7JiJ-OVQBpDJVHHBA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":136,"fingerprints":422},"bwp-recent-comments","Better WordPress Recent Comments","1.2.2","Khang Minh","https:\u002F\u002Fprofiles.wordpress.org\u002Foddoneout\u002F","\u003Cp>This plugin displays recent comment lists at assigned locations. It does not add any significant load to your website. The comment list is updated on the fly when a visitor adds a comment or when you moderate one. No additional queries are needed for end-users.\u003C\u002Fp>\n\u003Cp>A recent comment list, in my opinion, can help stimulate discussion and exploration of your blog tremendously. Now for the past few months I have been using a plugin called Get Recent Comments; though this plugin is configurable and indeed popular, the code is somehow messy and no support for custom post type is found. The worst thing is Get Recent Comment doesn’t seem to be updated anymore, so I decide to write another recent comment plugin which is more lightweight and makes use of some nice features provided by WordPress 3.0.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Powerup your recent comment list today!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Group comments by post (inspired by the classic Get Recent Comments plugin).\u003C\u002Fli>\n\u003Cli>AJAX navigation for any recent comment list you want!\u003C\u002Fli>\n\u003Cli>Has the options to show comment only, trackback only, or show both (separately or all together)\u003C\u002Fli>\n\u003Cli>Get comments from a specific post, using either ID or post name (slug).\u003C\u002Fli>\n\u003Cli>Possibility to add different comment lists with different settings on one page\u003C\u002Fli>\n\u003Cli>You can show comments on a separate page, with pagination and custom template!\u003C\u002Fli>\n\u003Cli>You can sort comment lists descendingly or ascendingly\u003C\u002Fli>\n\u003Cli>Supports custom post type\u003C\u002Fli>\n\u003Cli>Supports Gravatar\u003C\u002Fli>\n\u003Cli>Supports smiley\u003C\u002Fli>\n\u003Cli>Widget-ready\u003C\u002Fli>\n\u003Cli>Template functions ready\u003C\u002Fli>\n\u003Cli>Generate Zero SQL query for end-users\u003C\u002Fli>\n\u003Cli>Possibility to trim post title to a certain number of words.\u003C\u002Fli>\n\u003Cli>Possibility to trim comment to a specific number of words\u003C\u002Fli>\n\u003Cli>Possibility to split long words into smaller chunks\u003C\u002Fli>\n\u003Cli>WordPress Multi-site compatible (not tested with WPMU)\u003C\u002Fli>\n\u003Cli>And more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get in touch\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>I’m available at \u003Ca href=\"http:\u002F\u002Fbetterwp.net\" rel=\"nofollow ugc\">BetterWP.net\u003C\u002Fa> and you can also follow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002F0dd0ne0ut\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out \u003Ca href=\"http:\u002F\u002Ffeeds.feedburner.com\u002FBetterWPnet\" rel=\"nofollow ugc\">latest WordPress Tips and Ideas\u003C\u002Fa> from BetterWP.net.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>French 1.1.0 (fr_FR) – Thanks to \u003Ca href=\"http:\u002F\u002Fmaitremo.fr\" rel=\"nofollow ugc\">Ma�tre M�\u003C\u002Fa>!\u003C\u002Fli>\n\u003Cli>Russian 1.1.0 (ru_RU) – Thanks to Konstantin (kg69design)!\u003C\u002Fli>\n\u003Cli>Ukrainian 1.1.0 (ua_UA) – Thanks to Konstantin (kg69design)!\u003C\u002Fli>\n\u003Cli>Portuguese 1.2.1 (pt_PT) – Thanks to Marcus (http:\u002F\u002Fwww.maniadecelular.com.br)!\u003C\u002Fli>\n\u003Cli>Spanish 1.2.1 (es_ES) – Thanks to Jordi!\u003C\u002Fli>\n\u003Cli>Polish 1.2.1 (pl_PL) – Thanks to Jarek!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-tips\u002Fcreate-pot-file-using-poedit\u002F\" rel=\"nofollow ugc\">help translate\u003C\u002Fa> this plugin!\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-recent-comments\u002F\" rel=\"nofollow ugc\">Plugin’s Official Page\u003C\u002Fa> for more information!\u003C\u002Fp>\n","This plugin displays recent comment lists at assigned locations, with comprehensive support for widgets.",600,55904,90,15,"2017-11-28T21:47:00.000Z","3.7.41","2.8","",[20,21,22,23],"comments","recent-comments","recent-comments-widgets","wordpress-recent-comments","http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbwp-recent-comments.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"oddoneout",4,9130,30,84,"2026-04-04T00:53:14.635Z",[39,62,79,100,118],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"comments-widget-plus","Recent Comments Widget Plus","1.3","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatrya\u002F","\u003Cp>This plugin will enable a custom and advanced \u003Cstrong>recent comments widget\u003C\u002Fstrong>. Allows you to display a list of the most recent comments with avatar and excerpt, you can also choose which to show newer comments first or older comments first and choose comments from any post type.\u003C\u002Fp>\n\u003Ch4>Support this project\u003C\u002Fh4>\n\u003Cp>If you are enjoying this plugin. I would appreciate a cup of coffee to help me keep coding and supporting the project! \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fsatrya\" rel=\"nofollow ugc\">Support & donate\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display avatar with customizable size.\u003C\u002Fli>\n\u003Cli>Display comment excerpt with customizable length.\u003C\u002Fli>\n\u003Cli>Exclude pingback & trackback\u003C\u002Fli>\n\u003Cli>Post type option.\u003C\u002Fli>\n\u003Cli>Offset option.\u003C\u002Fli>\n\u003Cli>Option to choose the comments order.\u003C\u002Fli>\n\u003Cli>Allows you to set title url.\u003C\u002Fli>\n\u003Cli>Custom CSS class.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcomments-widget-plus\u002F\" rel=\"nofollow ugc\">Translate to your language\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Contribute or submit issues on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsatrya\u002Fcomments-widget-plus\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides custom recent comments widget with extra features such as display avatar, comment excerpt and much more!",2000,49264,94,20,"2022-10-26T16:06:00.000Z","6.1.10","5.8","7.2",[56,57,21,58,59],"avatar","excerpt","recent-comments-widget","widget","https:\u002F\u002Fidenovasi.com\u002Fprojects\u002Fcomments-widget-plus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-widget-plus.1.3.zip",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":27,"num_ratings":27,"last_updated":72,"tested_up_to":73,"requires_at_least":17,"requires_php":18,"tags":74,"homepage":77,"download_link":78,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"customized-recent-comments","Customized Recent Comments","1.2","blueinstyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fblueinstyle\u002F","\u003Cp>Options include showing comments from specific categories, or excluding categories.\u003C\u002Fp>\n\u003Cp>Exclude users from comment list by email address.\u003C\u002Fp>\n\u003Cp>Uses a template to display comments exactly the way you want.\u003C\u002Fp>\n\u003Cp>Limit amount of words or characters to display in each comment.\u003C\u002Fp>\n\u003Cp>Include user’s Gravatar or Facebook avatar in comment list.\u003C\u002Fp>\n\u003Cp>Create unlimited comment lists each with their own unique settings and options.\u003C\u002Fp>\n\u003Cp>Support and Feature requests are on my forums at http:\u002F\u002Fjustmyecho.com\u002Fforums\u002F\u003C\u002Fp>\n","Display recent comments on your blog with complete control over the layout and format of comments.",100,13274,"2011-04-07T07:23:00.000Z","3.1.4",[75,21,76],"plugins","widgets","http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Fcustomized-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomized-recent-comments.1.2.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":70,"downloaded":87,"rating":49,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":97,"download_link":98,"security_score":99,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"polygon-recent-comments-with-avatar","Polygon Recent Comments With Avatar","1.0.4","polyxgo","https:\u002F\u002Fprofiles.wordpress.org\u002Fsanddesert88\u002F","\u003Cp>Display recent comments in the sidebar with user avatar\u002FGravatar support, styles, information, and an active scrollbar for handling numerous comments.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpolygon-recent-comments-with-avatar\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwikipoly.com\u002Fen\u002Fpoly-comments\u002F\" rel=\"nofollow ugc\">Support and request additional features as needed\u003C\u002Fa>\u003C\u002Fp>\n","Polygon Recent Comments With Avatar: Recent comments with avatar support, including Gravatar, date, username, user link, and scrollbar.",5262,6,"2024-05-24T22:52:00.000Z","6.5.8","4.1",[93,94,21,95,96],"display-recent-comments","recent-comment-with-author-gravatar","recent-comments-information","recent-comments-with-avatar","https:\u002F\u002Fpolyxgo.vn","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpolygon-recent-comments-with-avatar.1.0.4.zip",92,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":70,"downloaded":108,"rating":13,"num_ratings":88,"last_updated":109,"tested_up_to":110,"requires_at_least":17,"requires_php":18,"tags":111,"homepage":116,"download_link":117,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"recent-comments-widget-with-comment-excerpts","Recent Comments Widget with Comment Excerpts","1.0.1","Corey Salzano","https:\u002F\u002Fprofiles.wordpress.org\u002Fsalzano\u002F","\u003Cp>This plugin replaces the default recent comments widget so it behaves differently. Instead of the format “username on post title,” the widget will display “username said comment excerpt.”\u003C\u002Fp>\n\u003Cp>All development happens on Github at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcsalzano\u002Frecent-comments-widget-with-comment-excerpts\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fcsalzano\u002Frecent-comments-widget-with-comment-excerpts\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Contact me by posting a message in the forums or \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fbreakfastcodes\" rel=\"nofollow ugc\">@breakfastcodes\u003C\u002Fa> on twitter.\u003C\u002Fp>\n","Changes the behavior of the built-in Recent Comments widget to display comment excerpts instead of post titles",14527,"2023-11-28T14:44:00.000Z","6.4.8",[112,113,114,115,21],"comment-excerpts","latest-comments","newest-comments","recent-comment-excerpts","https:\u002F\u002Fgithub.com\u002Fcsalzano\u002Frecent-comments-widget-with-comment-excerpts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-comments-widget-with-comment-excerpts.1.0.1.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":70,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":134,"download_link":135,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"advanced-comments-widget","Advanced Comments Widget","1.1.2","darrinb","https:\u002F\u002Fprofiles.wordpress.org\u002Fdbmartin\u002F","\u003Cp>This recent comments widget provides advanced widget features for displaying comment author avatars \u003Cem>and\u003C\u002Fem> an excerpt of their comment.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select which post types to show comments for.  (You can choose either all types, or a specific type.)\u003C\u002Fli>\n\u003Cli>Exclude pingbacks and trackbacks.\u003C\u002Fli>\n\u003Cli>Set the number of comments to show.\u003C\u002Fli>\n\u003Cli>Set the order for displaying the comments.\u003C\u002Fli>\n\u003Cli>Show comment author avatar.\u003C\u002Fli>\n\u003Cli>Set \u003Cem>and preview\u003C\u002Fem> avatar size.\u003C\u002Fli>\n\u003Cli>Show an excerpt of the comment.\u003C\u002Fli>\n\u003Cli>Determine the length of the excerpt.\u003C\u002Fli>\n\u003Cli>Select the comment list format to match your site’s markup.  Choose from: \u003Ccode>ol\u003C\u002Fcode>, \u003Ccode>ul\u003C\u002Fcode>, or \u003Ccode>div\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Select the comment format. Choose between \u003Ccode>html5\u003C\u002Fcode> or \u003Ccode>xhtml\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Create multiple comment lists with different settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Developer Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This widget was built not only with end-users in mind, but also plugin developers.  Almost every aspect of this widget is extensible through filters and action hooks.  You can even add your own form fields to the widget form!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Need to remove a field from the widget form?  Not a problem!  Every field is passed through its own filter for easy customization.\u003C\u002Fli>\n\u003Cli>Need to modify the output of the widget?  Easy!  The output is passed through numerous filters, allowing you to customize the comment list to meet your project’s requirements.\u003C\u002Fli>\n\u003Cli>For a full list of action hooks and filters, please see the plugin documentation: http:\u002F\u002Fdarrinb.com\u002Fplugins\u002Fadvanced-comments-widget\u003C\u002Fli>\n\u003C\u002Ful>\n","A highly customizable recent comments widget with avatars and excerpts.",70,3853,3,"2016-04-16T14:58:00.000Z","4.5.33","4.4",[133,20,21,59],"comment-widget","http:\u002F\u002Fdarrinb.com\u002Fplugins\u002Fadvanced-comments-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-comments-widget.1.1.2.zip",{"attackSurface":137,"codeSignals":233,"taintFlows":344,"riskAssessment":411,"analyzedAt":421},{"hooks":138,"ajaxHandlers":225,"restRoutes":226,"shortcodes":227,"cronEvents":232,"entryPointCount":143,"unprotectedCount":27},[139,146,151,154,158,163,167,172,176,179,184,188,191,194,197,200,203,206,210,213,217,221],{"type":140,"name":141,"callback":142,"priority":143,"file":144,"line":145},"action","admin_menu","bwp_rc_init_admin",1,"bwp-recent-comments.php",19,{"type":140,"name":147,"callback":148,"file":149,"line":150},"admin_notices","warn_required_versions","includes\\class-bwp-framework.php",168,{"type":140,"name":152,"callback":148,"file":149,"line":153},"network_admin_notices",169,{"type":140,"name":155,"callback":156,"file":149,"line":157},"init","enqueue_media",274,{"type":159,"name":160,"callback":161,"file":149,"line":162},"filter","bwp-admin-form-icon","add_icon",285,{"type":159,"name":164,"callback":165,"file":149,"line":166},"bwp-admin-plugin-version","show_version",286,{"type":140,"name":168,"callback":169,"priority":170,"file":149,"line":171},"bwp_option_action_before_form","show_donation",12,287,{"type":159,"name":173,"callback":173,"priority":174,"file":149,"line":175},"plugin_action_links",10,405,{"type":140,"name":168,"callback":177,"file":149,"line":178},"show_notices",455,{"type":140,"name":180,"callback":181,"priority":174,"file":182,"line":183},"comment_post","comment_before_add","includes\\class-bwp-recent-comments.php",208,{"type":140,"name":185,"callback":186,"file":182,"line":187},"edit_comment","clear_recent_comment_cache",210,{"type":140,"name":189,"callback":186,"file":182,"line":190},"delete_comment",211,{"type":140,"name":192,"callback":186,"file":182,"line":193},"delete_post",212,{"type":140,"name":195,"callback":186,"file":182,"line":196},"switch_theme",213,{"type":140,"name":198,"callback":186,"file":182,"line":199},"wp_set_comment_status",214,{"type":140,"name":201,"callback":186,"file":182,"line":202},"bwp_rc_access_options",215,{"type":140,"name":204,"callback":186,"file":182,"line":205},"bwp_rc_form_loaded",216,{"type":159,"name":207,"callback":208,"file":182,"line":209},"query_vars","insert_query_vars",218,{"type":140,"name":155,"callback":211,"file":182,"line":212},"handle_ajax_request",227,{"type":140,"name":214,"callback":215,"file":182,"line":216},"widgets_init","bwp_recent_comment_register_widget",233,{"type":140,"name":218,"callback":219,"file":182,"line":220},"wp_head","front_print_js",270,{"type":159,"name":222,"callback":223,"file":182,"line":224},"bwp_option_submit_button","anonymous",566,[],[],[228],{"tag":229,"callback":230,"file":182,"line":231},"bwp-rc","parse_rc_shortcode",220,[],{"dangerousFunctions":234,"sqlUsage":238,"outputEscaping":244,"fileOperations":27,"externalRequests":27,"nonceChecks":342,"capabilityChecks":143,"bundledLibraries":343},[235],{"fn":236,"file":182,"line":224,"context":237},"create_function","add_filter('bwp_option_submit_button', create_function('', 'return \"\";'));",{"prepared":239,"raw":143,"locations":240},7,[241],{"file":182,"line":242,"context":243},1240,"$wpdb->get_results() with variable interpolation",{"escaped":145,"rawEcho":245,"locations":246},60,[247,251,253,255,257,259,261,262,263,265,266,267,268,270,272,274,277,279,281,283,284,285,287,288,289,291,292,293,295,297,298,300,301,303,304,305,307,309,310,312,313,314,316,318,319,321,322,323,325,326,327,329,330,331,333,334,335,337,338,340],{"file":248,"line":249,"context":250},"includes\\bwp-option-page\\includes\\class-bwp-option-page.php",371,"raw output",{"file":248,"line":252,"context":250},377,{"file":248,"line":254,"context":250},395,{"file":248,"line":256,"context":250},402,{"file":149,"line":258,"context":250},178,{"file":149,"line":260,"context":250},188,{"file":149,"line":260,"context":250},{"file":149,"line":260,"context":250},{"file":149,"line":264,"context":250},190,{"file":149,"line":264,"context":250},{"file":149,"line":190,"context":250},{"file":149,"line":231,"context":250},{"file":149,"line":269,"context":250},245,{"file":149,"line":271,"context":250},246,{"file":149,"line":273,"context":250},465,{"file":275,"line":276,"context":250},"includes\\class-bwp-rc-widget.php",25,{"file":275,"line":278,"context":250},27,{"file":275,"line":280,"context":250},38,{"file":275,"line":282,"context":250},103,{"file":275,"line":282,"context":250},{"file":275,"line":282,"context":250},{"file":275,"line":286,"context":250},104,{"file":275,"line":286,"context":250},{"file":275,"line":286,"context":250},{"file":275,"line":290,"context":250},106,{"file":275,"line":290,"context":250},{"file":275,"line":290,"context":250},{"file":275,"line":294,"context":250},111,{"file":275,"line":296,"context":250},112,{"file":275,"line":296,"context":250},{"file":275,"line":299,"context":250},115,{"file":275,"line":299,"context":250},{"file":275,"line":302,"context":250},120,{"file":275,"line":302,"context":250},{"file":275,"line":302,"context":250},{"file":275,"line":306,"context":250},123,{"file":275,"line":308,"context":250},124,{"file":275,"line":308,"context":250},{"file":275,"line":311,"context":250},131,{"file":275,"line":311,"context":250},{"file":275,"line":311,"context":250},{"file":275,"line":315,"context":250},134,{"file":275,"line":317,"context":250},135,{"file":275,"line":317,"context":250},{"file":275,"line":320,"context":250},141,{"file":275,"line":320,"context":250},{"file":275,"line":320,"context":250},{"file":275,"line":324,"context":250},142,{"file":275,"line":324,"context":250},{"file":275,"line":324,"context":250},{"file":275,"line":328,"context":250},145,{"file":275,"line":328,"context":250},{"file":275,"line":328,"context":250},{"file":275,"line":332,"context":250},148,{"file":275,"line":332,"context":250},{"file":275,"line":332,"context":250},{"file":182,"line":336,"context":250},253,{"file":182,"line":11,"context":250},{"file":182,"line":339,"context":250},1101,{"file":182,"line":341,"context":250},1379,2,[],[345,378],{"entryPoint":346,"graph":347,"unsanitizedCount":33,"severity":377},"build_option_pages (includes\\class-bwp-recent-comments.php:315)",{"nodes":348,"edges":371},[349,354,360,364,368],{"id":350,"type":351,"label":352,"file":182,"line":353},"n0","source","$_GET (x2)",321,{"id":355,"type":356,"label":357,"file":182,"line":358,"wp_function":359},"n1","sink","update_option() [Settings Manipulation]",589,"update_option",{"id":361,"type":351,"label":362,"file":182,"line":363},"n2","$_GET (x4)",419,{"id":365,"type":366,"label":367,"file":182,"line":363},"n3","transform","→ get_db_options()",{"id":369,"type":356,"label":357,"file":248,"line":370,"wp_function":359},"n4",113,[372,374,376],{"from":350,"to":355,"sanitized":373},true,{"from":361,"to":365,"sanitized":375},false,{"from":365,"to":369,"sanitized":375},"low",{"entryPoint":379,"graph":380,"unsanitizedCount":88,"severity":377},"\u003Cclass-bwp-recent-comments> (includes\\class-bwp-recent-comments.php:0)",{"nodes":381,"edges":404},[382,384,385,387,390,391,393,395,398,401],{"id":350,"type":351,"label":383,"file":182,"line":353},"$_GET (x3)",{"id":355,"type":356,"label":357,"file":182,"line":358,"wp_function":359},{"id":361,"type":351,"label":352,"file":182,"line":386},920,{"id":365,"type":356,"label":388,"file":182,"line":339,"wp_function":389},"echo() [XSS]","echo",{"id":369,"type":351,"label":362,"file":182,"line":363},{"id":392,"type":366,"label":367,"file":182,"line":363},"n5",{"id":394,"type":356,"label":357,"file":248,"line":370,"wp_function":359},"n6",{"id":396,"type":351,"label":352,"file":182,"line":397},"n7",1018,{"id":399,"type":366,"label":400,"file":182,"line":397},"n8","→ get_recent_comments()",{"id":402,"type":356,"label":357,"file":182,"line":403,"wp_function":359},"n9",1361,[405,406,407,408,409,410],{"from":350,"to":355,"sanitized":373},{"from":361,"to":365,"sanitized":373},{"from":369,"to":392,"sanitized":375},{"from":392,"to":394,"sanitized":375},{"from":396,"to":399,"sanitized":375},{"from":399,"to":402,"sanitized":375},{"summary":412,"deductions":413},"The bwp-recent-comments plugin version 1.2.2 exhibits a mixed security posture. On the positive side, it has a very small attack surface, with only one entry point identified (a shortcode) and no AJAX handlers, REST API routes, or cron events. Furthermore, the plugin has no recorded vulnerability history, which suggests a history of good security practices or a lack of targeted attacks.  However, the static analysis reveals significant concerns. The presence of the `create_function` function is a clear indicator of potential security risks, as it is highly discouraged due to its ability to execute arbitrary code.  Additionally, a substantial portion of output (76%) is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities, especially if the shortcode handles user-supplied data.  While the majority of SQL queries use prepared statements, the presence of any raw SQL could still be problematic if not carefully handled. The taint analysis showing two flows with unsanitized paths, despite having no critical or high severity findings, warrants attention as it indicates potential data leakage or manipulation possibilities.",[414,416,418],{"reason":415,"points":14},"Use of dangerous function create_function",{"reason":417,"points":174},"High percentage of unescaped output",{"reason":419,"points":420},"Flows with unsanitized paths found in taint analysis",8,"2026-03-16T19:27:36.242Z",{"wat":423,"direct":432},{"assetPaths":424,"generatorPatterns":427,"scriptPaths":428,"versionParams":429},[425,426],"\u002Fwp-content\u002Fplugins\u002Fbwp-recent-comments\u002Fbwp-recent-comments.css","\u002Fwp-content\u002Fplugins\u002Fbwp-recent-comments\u002Fjs\u002Fbwp-recent-comments.js",[],[426],[430,431],"bwp-recent-comments\u002Fbwp-recent-comments.css?ver=","bwp-recent-comments\u002Fjs\u002Fbwp-recent-comments.js?ver=",{"cssClasses":433,"htmlComments":438,"htmlAttributes":443,"restEndpoints":446,"jsGlobals":447,"shortcodeOutput":449},[434,435,436,437],"bwp-rc-widget","bwp_rc_widget","bwp-rc-no-avatar","bwp-rc-show-avatar",[439,440,441,442],"\u003C!-- BEGIN BWP Recent Comments -->","\u003C!-- END BWP Recent Comments -->","\u003C!-- BEGIN BWP Recent Comments Widget -->","\u003C!-- END BWP Recent Comments Widget -->",[444,445],"data-show-avatar","data-comment-count",[],[448],"bwp_rc_configs",[450],"[bwp_recent_comments"]