[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDRiremhSL5PCyvrtGRbicNb--OIpjSj13zUCzMStj2E":3,"$flhGliS723hdlsuqvhHMnm28I2ghot6Sm4efP_HmzwCI":126,"$fhuA6g5oOd_eT9ue22vVQZ7E4OUdmDV7U64NFmfQVT9A":131},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"discovery_status":23,"vulnerabilities":24,"developer":25,"crawl_stats":21,"alternatives":31,"analysis":32,"fingerprints":95},"calendar-widget-with-posts","Calendar Widget with Posts","1.0","Hoang Kim Lam","https:\u002F\u002Fprofiles.wordpress.org\u002Fhoangklam\u002F","\u003Cp>This plugin is a Calendar widget, it was customized from the WordPress Calendar Widget.\u003Cbr \u002F>\nWith this widget, it will show list of posts with link on day that mouse hover to it.\u003Cbr \u002F>\nIts setting allows to choose the category to query and can choose the color for background and font that will show on.\u003C\u002Fp>\n\u003Cp>Once installed and enabled it, go to widget setting and find for widget “Calendar with posts”, drag it to where you want it to be, then if you want just give it a title, choose a category, background color, font color.\u003C\u002Fp>\n","This plugin is a Calendar widget, it was customized from the Wordpress Calendar Widget.",0,1563,"2020-07-03T01:14:00.000Z","5.4.19","4.7","7.0",[],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendar-widget-with-posts.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"hoangklam",2,30,84,"2026-05-20T12:17:03.049Z",[],{"attackSurface":33,"codeSignals":45,"taintFlows":83,"riskAssessment":84,"analyzedAt":94},{"hooks":34,"ajaxHandlers":41,"restRoutes":42,"shortcodes":43,"cronEvents":44,"entryPointCount":11,"unprotectedCount":11},[35],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","widgets_init","register_mywidget","cwpwidget-plugin.php",117,[],[],[],[],{"dangerousFunctions":46,"sqlUsage":47,"outputEscaping":50,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":82},[],{"prepared":48,"raw":11,"locations":49},5,[],{"escaped":51,"rawEcho":52,"locations":53},13,15,[54,57,59,61,63,65,66,68,70,72,73,75,77,78,80],{"file":39,"line":55,"context":56},52,"raw output",{"file":39,"line":58,"context":56},54,{"file":39,"line":60,"context":56},63,{"file":39,"line":62,"context":56},98,{"file":39,"line":64,"context":56},99,{"file":39,"line":64,"context":56},{"file":39,"line":67,"context":56},101,{"file":39,"line":69,"context":56},103,{"file":39,"line":71,"context":56},104,{"file":39,"line":71,"context":56},{"file":39,"line":74,"context":56},106,{"file":39,"line":76,"context":56},107,{"file":39,"line":76,"context":56},{"file":39,"line":79,"context":56},157,{"file":39,"line":81,"context":56},378,[],[],{"summary":85,"deductions":86},"The \"calendar-widget-with-posts\" v1.0 plugin exhibits a generally positive security posture based on the provided static analysis.  The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events, along with no identified dangerous functions or external HTTP requests, significantly limits the attack surface.  Furthermore, all SQL queries utilize prepared statements, which is a strong defense against SQL injection vulnerabilities.  The lack of any recorded vulnerabilities in its history is also a very positive indicator.\n\nHowever, there are notable areas for concern that temper the overall positive assessment.  The most significant is the low percentage of properly escaped output (46%).  This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or dynamic content may be rendered without proper sanitization.  Additionally, the absence of nonce checks and capability checks across any potential entry points, while there are no identified entry points in this analysis, suggests a potential weakness if any were to be introduced or become discoverable.  The lack of taint analysis flows reported could also be due to the analysis not covering all potential paths or the plugin having a very limited interaction model, but it means potential vulnerabilities in this area cannot be ruled out.\n\nIn conclusion, the \"calendar-widget-with-posts\" v1.0 plugin has a very small attack surface and uses prepared statements for its SQL queries, which are excellent security practices.  Its vulnerability history is clean.  The primary and most critical weakness is the poor handling of output escaping, leaving it susceptible to XSS attacks.  While the current lack of identified entry points is beneficial, the absence of fundamental security checks like nonces and capability checks on any potential future or hidden entry points represents a latent risk.",[87,90,92],{"reason":88,"points":89},"Low output escaping percentage",12,{"reason":91,"points":48},"No nonce checks",{"reason":93,"points":48},"No capability checks","2026-04-16T14:27:16.985Z",{"wat":96,"direct":102},{"assetPaths":97,"generatorPatterns":99,"scriptPaths":100,"versionParams":101},[98],"\u002Fwp-content\u002Fplugins\u002Fcalendar-widget-with-posts\u002Fcalendar_widget.css",[],[],[],{"cssClasses":103,"htmlComments":106,"htmlAttributes":107,"restEndpoints":121,"jsGlobals":122,"shortcodeOutput":123},[104,105],"cwp_widget_plugin","calendar_wrap",[],[108,109,110,111,112,113,114,115,116,117,118,119,120],"id=\"calendar_wrap\"","for=\"cwp_widget_plugin-title\"","id=\"cwp_widget_plugin-title\"","name=\"cwp_widget_plugin-title\"","for=\"cwp_widget_plugin-category\"","id=\"cwp_widget_plugin-category\"","name=\"cwp_widget_plugin-category\"","for=\"cwp_widget_plugin-bg_color\"","id=\"cwp_widget_plugin-bg_color\"","name=\"cwp_widget_plugin-bg_color\"","for=\"cwp_widget_plugin-font_color\"","id=\"cwp_widget_plugin-font_color\"","name=\"cwp_widget_plugin-font_color\"",[],[],[124,125],"\u003Cdiv id=\"calendar_wrap\" class=\"calendar_wrap\">","\u003Cdiv class=\"calendar_wrap\">",{"error":127,"url":128,"statusCode":129,"statusMessage":130,"message":130},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcalendar-widget-with-posts\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":132,"versions":133},1,[134],{"version":6,"download_url":135,"svn_tag_url":136,"released_at":21,"has_diff":137,"diff_files_changed":138,"diff_lines":21,"trac_diff_url":21,"vulnerabilities":139,"is_current":127},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendar-widget-with-posts.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcalendar-widget-with-posts\u002Ftags\u002F1.0\u002F",false,[],[]]