[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBvtB0tyfd2G9WPfHSnJafV0kSDZoO2GxufTSpK71vwQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":129,"fingerprints":204},"byte-php-code","Byte's PHP Code Widget","0.4","ByteEnable","https:\u002F\u002Fprofiles.wordpress.org\u002Fbyteenable\u002F","\u003Cp>This is a widget plugin that allow’s you to mix PHP and html code with mobile\u003Cbr \u002F>\nsupport.  Two text area’s are provided.  The first is the standard “Title”.\u003Cbr \u002F>\nThe one named “Code:” can mix PHP and html.  Two checkboxes allow you to choose\u003Cbr \u002F>\nbefore and\u002For after posts.  No limit on the number of widgets.\u003C\u002Fp>\n\u003Cp>WordPress version 3.4 and higher has defined a function called wp_is_mobile().\u003Cbr \u002F>\nThis can be used inside your code mix to perform certain actions if the\u003Cbr \u002F>\nbrowser is mobile.  Mobile support is via wp_is_mobile() function which returns\u003Cbr \u002F>\ntrue if on a mobile browser.  See the WordPress API for more information.\u003C\u002Fp>\n\u003Cp>Dynamic title support means that you can name your widget using the title\u003Cbr \u002F>\nfield and not have it displayed in the output.  This is useful to give\u003Cbr \u002F>\nyour widgets meaningful names so you don’t lose track of what is going\u003Cbr \u002F>\non with your widgets.\u003C\u002Fp>\n\u003Cp>Two variables have been defined for use with Google Mobile Adsense:\u003C\u002Fp>\n\u003Cp>$myMobileAdsenseCode;\u003Cbr \u002F>\n$myMobileAdsenseSlot;\u003C\u002Fp>\n\u003Cp>This widget requires some knowledge of PHP and HTML coding.  Misuse could crash\u003Cbr \u002F>\nyour site or cause errors with Adsense.\u003C\u002Fp>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cp>Output:\u003Cbr \u002F>\n5\u003C\u002Fp>\n\u003Cp>To use Google mobile adsense include the following in the “Code:” area:\u003C\u002Fp>\n\u003Cp>The plugin will take care of the rest.  Another check is made to ensure\u003Cbr \u002F>\nthat wp_is_mobile is true inside the plugin and that the Google Adsense variable\u003Cbr \u002F>\nhas a value.\u003C\u002Fp>\n\u003Cp>You can combine both regular and mobile adsense.  Be careful.\u003C\u002Fp>\n\u003Cp>The following snippet will either show mobile or regular ads depending on the\u003Cbr \u002F>\nbrowswer used by the end-user.\u003C\u002Fp>\n\u003Cp>\u003C ?php\u003Cbr \u002F>\nif ( !wp_is_mobile() ) {\u003Cbr \u002F>\necho '\u003Cbr \u002F>\n\u003C!-- after-content -->\u003C\u002Fp>\n\u003Cp>(adsbygoogle = window.adsbygoogle || []).push({});\u003Cbr \u002F>\n‘;}\u003Cbr \u002F>\nelse {\u003Cbr \u002F>\n$myMobileAdsenseClient=’ca-mb-pub-xxxxxxxxxxxx’;\u003Cbr \u002F>\n$myMobileAdsenseSlot=’xxxxxxxxxx’;\u003Cbr \u002F>\n}?>\u003C\u002Fp>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Support for the mixing of PHP and HTML\u003C\u002Fli>\n\u003Cli>Support for mobile browsers\u003C\u002Fli>\n\u003Cli>Support for Google Adsense including mobilie\u003C\u002Fli>\n\u003Cli>Includes “before post” support\u003C\u002Fli>\n\u003Cli>Includes “after post” support\u003C\u002Fli>\n\u003Cli>No limit on the number of widgets\u003C\u002Fli>\n\u003Cli>Includes dynamic title support in sidebars\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for the mixing of PHP and HTML\u003C\u002Fli>\n\u003Cli>Support for mobile browsers\u003C\u002Fli>\n\u003Cli>Support for Google adsense including mobile\u003C\u002Fli>\n\u003Cli>Includes support for “before post”\u003C\u002Fli>\n\u003Cli>Includes support for “after post”\u003C\u002Fli>\n\u003Cli>No limit on the number of widgets\u003C\u002Fli>\n\u003Cli>Include dynamic title support in sidebars\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Link to [WordPress](https:\u002F\u002Fwordpress.org\u002F \\”Your favorite software\\”) and one to [Markdown\\’s Syntax Documentation][markdown syntax].\u003C\u002Fp>\n","Mix HTML and PHP in a widget with mobile support.",10,2736,100,1,"2013-11-12T15:48:00.000Z","3.7.41","3.4","",[20,21,22,23],"eval","execute","php","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbyte-php-code.0.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"byteenable",30,84,"2026-04-05T18:39:36.226Z",[36,54,71,87,105],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":26,"num_ratings":26,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":18,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"php-widgetify","PHP-Widgetify","1.0","RMWebsec","https:\u002F\u002Fprofiles.wordpress.org\u002Frmwebsec\u002F","\u003Cp>Like a normal text widget this allows you to easily post text and HTML, but\u003Cbr \u002F>\nnow you can execute PHP too!\u003Cbr \u002F>\nThis makes merging with other themes easier.\u003C\u002Fp>\n\u003Cp>!IMPORTANT! You must use  tags for the code to be\u003Cbr \u002F>\nrecognized.\u003C\u002Fp>\n","Execute HTML, Text or PHP fast and easy with this Widgetify-widget.",40,6488,"2009-11-08T13:55:00.000Z","2.9.2","2.8",[21,50,22,51,23],"html","text","http:\u002F\u002Frmwebsec.com\u002Fportfolio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphp-widgetify.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":26,"num_ratings":26,"last_updated":18,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":70},"admin-php-eval","Admin PHP Eval","1.1","Jan Štětina","https:\u002F\u002Fprofiles.wordpress.org\u002Fzaantar\u002F","\u003Cp>This plugin allows to edit and store multiple PHP scripts within WordPress administration (Tools -> Admin PHP Eval) and execute them repeatedly with \u003Ccode>eval()\u003C\u002Fcode>. After evaluation the return value and echoed data is displayed.\u003C\u002Fp>\n","Storing and evaluating PHP scripts within WordPress administration.",2888,"3.4.2","3.3",[66,20,21,22,67],"admin","script","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadmin-php-eval\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-php-eval.zip","2026-03-15T10:48:56.248Z",{"slug":72,"name":73,"version":57,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":13,"num_ratings":14,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":18,"tags":82,"homepage":85,"download_link":86,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"dx-template-manager","DX Template Manager","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cp>Create page templates like the ones in your theme folder but through a “DX Templates” menu in your Admin dashboard. Paste HTML, JS and PHP code which you could assign to your posts, pages or custom post types via a meta box dropdown. Create page templates and apply them to be evaluated.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: eval() function is used. However, it is available only for admin users to submit code and normally admin users could do a lot harm or upload external harmful plugins as well.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A complete demo is available here:\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FjtsbXfNi7ts?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Create page templates like the ones in your theme folder but through a \"DX Templates\" menu in your Admin dashboard - HTML, JS, PHP supported &hellip;",4248,"2014-09-08T15:01:00.000Z","4.0.38","3.3.1",[83,21,22,84],"evaluation","template","http:\u002F\u002Fdevrix.com\u002Ftemplate-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-template-manager.1.2.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":48,"requires_php":18,"tags":101,"homepage":103,"download_link":104,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"php-code-widget","PHP Code Widget","2.4","Samuel Wood (Otto)","https:\u002F\u002Fprofiles.wordpress.org\u002Fotto42\u002F","\u003Cp>The normal Text widget allows you to insert arbitrary Text and\u002For HTML code. This allows that too, but also parses any PHP code in the text widget and executes it.\u003C\u002Fp>\n\u003Cp>This can make it easier to migrate to a widget-based theme. However, this plugin should not be used long term, as anybody with access to edit the widgets on your site will be able to execute arbitrary PHP code.\u003C\u002Fp>\n\u003Cp>All PHP code must be enclosed in the standard php opening and closing tags ( \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode> ) for it to be recognized and executed.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003C\u002Fp>\n","Like the Text widget, but also allows working PHP code to be inserted.",90000,994300,94,61,"2022-03-30T16:55:00.000Z","5.9.13",[102,22,23],"execphp","http:\u002F\u002Fottopress.com\u002Fwordpress-plugins\u002Fphp-code-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphp-code-widget.2.4.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":125,"download_link":126,"security_score":127,"vuln_count":14,"unpatched_count":26,"last_vuln_date":128,"fetched_at":28},"error-log-monitor","Error Log Monitor","1.7.12","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>This plugin adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send you email notifications about newly logged errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically detects error log location.\u003C\u002Fli>\n\u003Cli>Explains how to configure PHP error logging if it’s not enabled yet.\u003C\u002Fli>\n\u003Cli>The number of displayed log entries is configurable.\u003C\u002Fli>\n\u003Cli>Sends you email notifications about logged errors (optional).\u003C\u002Fli>\n\u003Cli>Configurable email address and frequency.\u003C\u002Fli>\n\u003Cli>You can easily clear the log file.\u003C\u002Fli>\n\u003Cli>The dashboard widget is only visible to administrators.\u003C\u002Fli>\n\u003Cli>Optimized to work well even with very large log files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you’ve installed the plugin, go to the Dashboard and enable the “PHP Error Log” widget through the “Screen Options” panel. The widget should automatically display the last 20 lines from your PHP error log. If you see an error message like “Error logging is disabled” instead, follow the displayed instructions to configure error logging.\u003C\u002Fp>\n\u003Cp>Email notifications are disabled by default. To enable them, click the “Configure” link in the top-right corner of the widget and enter your email address in the “Periodically email logged errors to:” box. If desired, you can also change email frequency by selecting the minimum time interval between emails from the “How often to send email” drop-down.\u003C\u002Fp>\n","Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.",20000,631204,86,48,"2025-10-01T15:12:00.000Z","6.8.5","4.5","7.4",[66,122,123,124,22],"administration","dashboard-widget","error-reporting","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2012\u002F07\u002F25\u002Ferror-log-monitor-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ferror-log-monitor.1.7.12.zip",99,"2019-02-25 00:00:00",{"attackSurface":130,"codeSignals":147,"taintFlows":196,"riskAssessment":197,"analyzedAt":203},{"hooks":131,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":26,"unprotectedCount":26},[132,138],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","widgets_init","wp_vxBEyz_code_load_widget","bytes-php-code.php",174,{"type":139,"name":140,"callback":141,"file":136,"line":142},"filter","the_content","custom_content_after_post",229,[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":151,"fileOperations":194,"externalRequests":26,"nonceChecks":26,"capabilityChecks":14,"bundledLibraries":195},[],{"prepared":26,"raw":26,"locations":150},[],{"escaped":152,"rawEcho":153,"locations":154},4,19,[155,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192],{"file":136,"line":156,"context":157},74,"raw output",{"file":136,"line":159,"context":157},77,{"file":136,"line":161,"context":157},79,{"file":136,"line":163,"context":157},80,{"file":136,"line":165,"context":157},112,{"file":136,"line":167,"context":157},114,{"file":136,"line":169,"context":157},115,{"file":136,"line":171,"context":157},117,{"file":136,"line":173,"context":157},119,{"file":136,"line":175,"context":157},120,{"file":136,"line":177,"context":157},122,{"file":136,"line":179,"context":157},125,{"file":136,"line":181,"context":157},126,{"file":136,"line":183,"context":157},128,{"file":136,"line":185,"context":157},131,{"file":136,"line":187,"context":157},132,{"file":136,"line":189,"context":157},134,{"file":136,"line":191,"context":157},137,{"file":136,"line":193,"context":157},138,2,[],[],{"summary":198,"deductions":199},"The plugin \"byte-php-code\" v0.4 exhibits a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the code's adherence to using prepared statements for all SQL queries and the presence of capability checks are strong indicators of good security practices. The lack of any recorded vulnerabilities in its history further bolsters this assessment, suggesting a mature and well-maintained codebase.\n\nHowever, a notable concern arises from the output escaping. With 23 total outputs and only 17% properly escaped, there's a significant risk of cross-site scripting (XSS) vulnerabilities. This means that user-supplied or dynamic data displayed on the frontend is highly likely to be rendered without proper sanitization, potentially allowing attackers to inject malicious scripts. The presence of file operations also warrants attention, though without further context on their nature, it's difficult to assign a specific risk level.\n\nIn conclusion, while the plugin demonstrates commendable practices in limiting its attack surface and securing database interactions, the poor output escaping is a critical weakness that could be exploited. The absence of known vulnerabilities is a positive sign, but the identified flaw in output handling necessitates immediate attention. The plugin's overall security is compromised by this single, yet significant, oversight.",[200],{"reason":201,"points":202},"Low percentage of properly escaped output",15,"2026-03-17T01:32:43.847Z",{"wat":205,"direct":211},{"assetPaths":206,"generatorPatterns":208,"scriptPaths":209,"versionParams":210},[207],"\u002Fwp-content\u002Fplugins\u002Fbyte-php-code\u002Finc\u002Fadsense-support.php",[],[],[],{"cssClasses":212,"htmlComments":213,"htmlAttributes":214,"restEndpoints":218,"jsGlobals":219,"shortcodeOutput":220},[],[],[215,216,217],"id=\"wp_vxBEyz_code_widget\"","name=\"wp_vxBEyz_code_widget\"","id=\"wp_vxBEyz_code_widget_domain\"",[],[],[]]