[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUdwS8HMDiCB5TT3KtO-z5GMdHOklY-dMZOIvxeDYGh8":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":134,"fingerprints":220},"calj","CalJ","1.5","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalj\u002F","\u003Cp>Use the popular CalJ API to display the begin and end times of Shabbat as well as the name of the week’s Parasha on your blog,\u003Cbr \u002F>\nwith the help of a simple \u003Cem>shortcode\u003C\u002Fem>\u003C\u002Fp>\n","Display the Shabbat times (zmanim) for the city of your choice.",90,3685,68,5,"2025-06-20T14:49:00.000Z","6.6.5","4.9","5.6",[19,20,21,22,23],"calendar","date","events","hebrew","jewish","https:\u002F\u002Fcalj.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalj.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":4,"display_name":4,"profile_url":7,"plugin_count":32,"total_installs":10,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,94,"2026-04-04T23:25:00.341Z",[37,56,76,97,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":27,"num_ratings":27,"last_updated":47,"tested_up_to":48,"requires_at_least":17,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"jewish-date","Jewish Date","1.0.2","kikipress","https:\u002F\u002Fprofiles.wordpress.org\u002Fkikiatwp\u002F","\u003Cp>The Jewish Date plugin enables you to show the Jewish date next to the Gregorian date on your WordPress site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Enable or disable display of the Jewish date next to the Gregorian post date\u003C\u002Fli>\n\u003Cli>Enable or disable display of the Jewish date next to the Gregorian comment date\u003C\u002Fli>\n\u003Cli>Install a widget displaying today’s Jewish date, and optionally also today’s Gregorian date, in a registered sidebar\u003C\u002Fli>\n\u003Cli>Available in English (default), French, German and Spanish. You can add your own translation if you want\u003C\u002Fli>\n\u003C\u002Ful>\n","Jewish Date is a small plugin to show the Jewish date on your WordPress site.",40,1943,"2025-12-04T10:22:00.000Z","6.9.4","7.0.0",[51,52,23,53,38],"hebrew-calendar","hebrew-date","jewish-calendar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjewish-date","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjewish-date.1.0.2.zip",{"slug":19,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":48,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":10,"vuln_count":13,"unpatched_count":27,"last_vuln_date":75,"fetched_at":29},"Calendar","1.3.17","Kieran O'Shea","https:\u002F\u002Fprofiles.wordpress.org\u002Fkieranoshea\u002F","\u003Cp>A simple but effective Calendar plugin for WordPress that allows you to\u003Cbr \u002F>\nmanage your events and appointments and display them to the world on your\u003Cbr \u002F>\nwebsite.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Monthly view of events\u003C\u002Fli>\n\u003Cli>Mouse-over details for each event\u003C\u002Fli>\n\u003Cli>Events can have a timestamp (optional)\u003C\u002Fli>\n\u003Cli>Events can display their author (optional)\u003C\u002Fli>\n\u003Cli>Events can span more than one day\u003C\u002Fli>\n\u003Cli>Multiple events per day possible\u003C\u002Fli>\n\u003Cli>Events can repeat on a weekly, monthly (set numerical day), monthly (set textual day) or yearly basis\u003C\u002Fli>\n\u003Cli>Repeats can occur indefinitely or a limited number of times\u003C\u002Fli>\n\u003Cli>Easy to use events manager in admin dashboard\u003C\u002Fli>\n\u003Cli>Sidebar function\u002FWidget to show todays events\u003C\u002Fli>\n\u003Cli>Sidebar function\u002FWidget to show upcoming events\u003C\u002Fli>\n\u003Cli>Lists of todays events can be displayed in posts or pages\u003C\u002Fli>\n\u003Cli>Lists of upcoming events can be displayed in posts or pages\u003C\u002Fli>\n\u003Cli>Comprehensive options panel for admin\u003C\u002Fli>\n\u003Cli>Modifiable CSS using the options panel\u003C\u002Fli>\n\u003Cli>Optional drop down boxes to quickly change month and year\u003C\u002Fli>\n\u003Cli>User groups other than admin can be permitted to manage events\u003C\u002Fli>\n\u003Cli>Events can be placed into categories\u003C\u002Fli>\n\u003Cli>A calendar of events for just one of more categories can be displayed\u003C\u002Fli>\n\u003Cli>Categories system can be switched on or off\u003C\u002Fli>\n\u003Cli>Pop up javascript calendars help the choosing of dates\u003C\u002Fli>\n\u003Cli>Events can be links pointing to a location of your choice\u003C\u002Fli>\n\u003Cli>Full internationalisation is possible\u003C\u002Fli>\n\u003Cli>Comaptible with WordPress MU\u003C\u002Fli>\n\u003Cli>iCalendar feed of events can be made accessible\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple but effective Calendar plugin for WordPress that allows you to  manage your events and appointments and display them to the world.",4000,673410,74,24,"2025-12-13T21:39:00.000Z","6.2.4","",[19,71,21,72],"dates","times","http:\u002F\u002Fwww.kieranoshea.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendar.1.3.17.zip","2025-12-22 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":48,"requires_at_least":89,"requires_php":69,"tags":90,"homepage":93,"download_link":94,"security_score":95,"vuln_count":32,"unpatched_count":27,"last_vuln_date":96,"fetched_at":29},"tockify-events-calendar","Tockify Events Calendar","2.3.1","Tockify","https:\u002F\u002Fprofiles.wordpress.org\u002Ftockify\u002F","\u003Cp>\u003Cstrong>WordPress 5 and 6 Notice\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WordPress 5 and 6 users should only use Tockify Plugin \u003Cstrong>version 2.0.1\u003C\u002Fstrong> or later – preferably the latest version.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About Tockify Calendar\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftockify.com\" rel=\"nofollow ugc\">Tockify\u003C\u002Fa> Calendar is a modern attractive web calendar with an engaging and easy to use design that’s perfect for the desktop and mobile web. It’s image rich, lightning fast, highly customizable and blends seamlessly into any site. Our simple yet powerful editor makes creating and managing events a joy.\u003C\u002Fp>\n\u003Cp>As well as the main calendar there’s a mini-calendar that’s been carefully designed to work well in small spaces like a sidebar.\u003C\u002Fp>\n\u003Cp>The Tockify WordPress plugin provides a WordPress shortcode and Widget that makes it easy to add your Tockify calendar to any WordPress site.\u003C\u002Fp>\n\u003Cp>We also provide a Tockify \u003Cstrong>Block\u003C\u002Fstrong> for visual editing with WordPress 5.\u003C\u002Fp>\n\u003Cp>This plugin can be used with both the free and the subscription editions of Tockify Calendar.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tockify Calendar Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Month\u003C\u002Fstrong>, \u003Cstrong>Agenda\u003C\u002Fstrong> and \u003Cstrong>Pinboard\u003C\u002Fstrong> style layouts.\u003C\u002Fli>\n\u003Cli>Attractive \u003Cstrong>Mini Calendar\u003C\u002Fstrong> widget that’s great for sidebars and other small spaces.\u003C\u002Fli>\n\u003Cli>Highly \u003Cstrong>customizable\u003C\u002Fstrong> appearance.\u003C\u002Fli>\n\u003Cli>Live sync with \u003Cstrong>Google Calendar\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Social sharing to \u003Cstrong>Facebook\u003C\u002Fstrong>, \u003Cstrong>Twitter\u003C\u002Fstrong> etc.\u003C\u002Fli>\n\u003Cli>Ticket\u002F\u003Cstrong>Call To Action\u003C\u002Fstrong> buttons.\u003C\u002Fli>\n\u003Cli>Embed Video from YouTube, Vimeo or Facebook.\u003C\u002Fli>\n\u003Cli>Customizable \u003Cstrong>RSVP forms\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Accept and approve \u003Cstrong>community submitted events\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Simple, powerful editor with complex \u003Cstrong>repeating events\u003C\u002Fstrong> support and built in image cropping.\u003C\u002Fli>\n\u003Cli>Built in tag and text based \u003Cstrong>search\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Built in \u003Cstrong>maps\u003C\u002Fstrong> and directions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iCalendar\u003C\u002Fstrong> support so people can subscribe with, for example, their phone’s built in calendar.\u003C\u002Fli>\n\u003Cli>Continuous calendar \u003Cstrong>backup\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Blends seamlessly into your site. Probably the world’s least widgetty widget.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Language Support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With the help of our community we’ve been able to make Tockify available in these languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Portuguese\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Danish\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Norwegian\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Finnish\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Slovak\u003C\u002Fli>\n\u003Cli>Slovenian\u003C\u002Fli>\n\u003Cli>Romanian\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003Cli>Greek\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Persian\u003C\u002Fli>\n\u003Cli>Chinese (traditional)\u003C\u002Fli>\n\u003Cli>Hebrew\u003C\u002Fli>\n\u003Cli>Welsh\u003C\u002Fli>\n\u003Cli>Korean\u003C\u002Fli>\n\u003Cli>Catalan\u003C\u002Fli>\n\u003Cli>Icelandic\u003C\u002Fli>\n\u003Cli>Galacian\u003C\u002Fli>\n\u003Cli>Faroese\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If your language isn’t there yet and you’d like to help just contact us at support@tockify.com and together we’ll make it happen.\u003C\u002Fp>\n","Tockify Calendar is a modern attractive website calendar. Beautiful. Intuitive. Super-Customizable. Lightning Fast.",2000,159300,88,18,"2025-12-07T13:30:00.000Z","4.1",[19,20,91,21,92],"event","events-calendar","https:\u002F\u002Ftockify.com\u002Fi\u002Fdocs\u002Finstall\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftockify-events-calendar.zip",99,"2025-04-04 00:00:00",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":26,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":69,"tags":111,"homepage":112,"download_link":113,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wordpress-hebrew-date","WP Hebrew Date","2.0.5","hatul","https:\u002F\u002Fprofiles.wordpress.org\u002Fhatul\u002F","\u003Cp>The plugin preview Hebrew date in date of post and date of comments.\u003Cbr \u002F>\nThe hebrew date format able to change in options page of the plugin.\u003C\u002Fp>\n\u003Cp>Note: This plugin was previously known as “WordPress Hebrew Date”.\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>You can add the shortcode \u003Ccode>[today_hebdate]\u003C\u002Fcode> in posts or pages for show the hebrew date of today.\u003C\u002Fp>\n\u003Ch4>Widget\u003C\u002Fh4>\n\u003Cp>You can add widget for show the hebrew date of today.\u003C\u002Fp>\n","Convert dates in wordpress to Hebrew dates.",700,15166,9,"2025-09-15T07:54:00.000Z","6.8.5","2.0",[20,22,23],"https:\u002F\u002Fhatul.info\u002Fhebdate\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordpress-hebrew-date.2.0.5.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":69,"tags":129,"homepage":131,"download_link":132,"security_score":133,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"localendar-for-wordpress","Localendar Calendar for WordPress","1.4","Thomas Griffin","https:\u002F\u002Fprofiles.wordpress.org\u002Fgriffinjt\u002F","\u003Cp>Thanks for checking out the \u003Ca href=\"http:\u002F\u002Fwww.localendar.com\" rel=\"nofollow ugc\">localendar\u003C\u002Fa> calendar plugin for WordPress. We have been powering web calendars for thousands of sites for over 16 years, and are pleased to provide a dedicated calendar plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Why use a slow, stripped-down calendar plugin that offers only a few basic features when you can have the power of our complete solution which offers \u003Ca href=\"http:\u002F\u002Fwww.localendar.com\u002Fcalendar\u002Fonline-calendar-features\" rel=\"nofollow ugc\">over 100 features\u003C\u002Fa>?\u003C\u002Fp>\n\u003Cp>\u003Cstrong>We always display full event titles!\u003C\u002Fstrong> Many calendar plugins truncate your event titles to fit their layout, and force users to mouse-over each entry to see the full text.\u003C\u002Fp>\n\u003Cp>localendar makes it easy to customize the calendar on your site. Whether you use our Theme Editor (no coding required!) or custom CSS hooks, you can make your calendar fit your site perfectly.\u003C\u002Fp>\n\u003Cp>Includes \u003Cstrong>Twitter integration\u003C\u002Fstrong>: Send event reminders as custom tweets.\u003C\u002Fp>\n\u003Cp>Our new “School Year” view is perfect for schools and other venues that don’t want to show a 12-month calendar\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"localendar overview\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F230486304?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch4>Calendar Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full event title display on all calendar views – \u003Cstrong>no trunctation!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Year\u002FMonth\u002FWeek\u002FDay block and list views, “Today + Happening Soon”, and a mini-calendar widget\u003C\u002Fli>\n\u003Cli>Twitter and email support for event reminders \u003C\u002Fli>\n\u003Cli>Add calendar attachments directly from Dropbox.com\u003C\u002Fli>\n\u003Cli>Sophisticated “Repeating Event” Functionality\u003C\u002Fli>\n\u003Cli>Publish your calendar and events in various languages and timezones\u003C\u002Fli>\n\u003Cli>Full import\u002Fexport support for iCal-based calendars (Google, Yahoo, Apple, etc)\u003C\u002Fli>\n\u003Cli>Merge calendars\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited\u003C\u002Fstrong> custom event categories\u003C\u002Fli>\n\u003Cli>Local \u003Cstrong>weather forecasts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Search within a calendar (sorted by relevancy, custom search periods)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customize Customize Customize\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use Images and Clipart in Event Descriptions: Add multiple images and clipart items to your events to create highly visual and detailed descriptions\u003C\u002Fli>\n\u003Cli>Extensive clipart library, or upload your own. \u003C\u002Fli>\n\u003Cli>8 different \u003Ca href=\"http:\u002F\u002Fwww.localendar.com\u002Fsamples\u002Fspecialeffect1\u002Ffree-web-calendar.html\" rel=\"nofollow ugc\">transition effects\u003C\u002Fa> that can be applied to your public calendar when visitors move to a different time period: Fade, Vertical Slide and Fade, Zoom In, Bounce Right, Curtain, and more!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful WYSIWYG Theme Editor:\u003C\u002Fstrong> Our custom point-and-click widget gives you amazing control over the look and feel of your calendar. No CSS or development skills required!\u003C\u002Fli>\n\u003Cli>Custom Image Backgrounds: Upload your own images to make your calendar seamlessly fit your site\u003C\u002Fli>\n\u003Cli>Common Event Information: Add “boilerplate” text (such as ‘About Us’, contact info, location, etc) to all of your events automatically without tedious retyping.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Get the plugin, create an account at \u003Ca href=\"http:\u002F\u002Fwww.localendar.com\" rel=\"nofollow ugc\">localendar.com\u003C\u002Fa>, and put a powerful, capable calendar on your site! Check out the screenshots for more information.\u003C\u002Fp>\n\u003Ch4>Additional Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>localendar.com \u003Ca href=\"http:\u002F\u002Fwww.localendar.com\" rel=\"nofollow ugc\">homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.localendar.com\u002Fdocs\" rel=\"nofollow ugc\">Support wiki\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.localendar.com\u002Fforums\u002Fsupport\" rel=\"nofollow ugc\">Forums\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.twitter.com\u002Flocalendar_news\" rel=\"nofollow ugc\">Follow us\u003C\u002Fa> on Twitter\u003C\u002Fli>\n\u003C\u002Ful>\n","Thanks for checking out the localendar calendar plugin for WordPress. We have been powering web calendars for thousands of sites for over 16 years, an &hellip;",400,78866,54,19,"2019-02-14T21:44:00.000Z","5.1.22","3.2",[19,20,91,92,130],"ical","\u002F\u002Flocalendar.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocalendar-for-wordpress.zip",85,{"attackSurface":135,"codeSignals":162,"taintFlows":179,"riskAssessment":206,"analyzedAt":219},{"hooks":136,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":161,"entryPointCount":32,"unprotectedCount":27},[137,143,147],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","add_plugin_page","CalJSettingsPage.php",43,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_init","page_init",44,{"type":148,"name":149,"callback":150,"priority":151,"file":141,"line":152},"filter","plugin_action_links","pluginActionLinks",10,46,[],[],[156],{"tag":157,"callback":158,"file":159,"line":160},"caljshabbat","shortcode","CalJPlugin.php",12,[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":27,"externalRequests":32,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":178},[],{"prepared":27,"raw":27,"locations":165},[],{"escaped":32,"rawEcho":167,"locations":168},4,[169,172,174,176],{"file":141,"line":170,"context":171},21,"raw output",{"file":141,"line":173,"context":171},32,{"file":141,"line":175,"context":171},81,{"file":141,"line":177,"context":171},105,[],[180,197],{"entryPoint":181,"graph":182,"unsanitizedCount":32,"severity":196},"create_admin_page (CalJSettingsPage.php:74)",{"nodes":183,"edges":193},[184,188],{"id":185,"type":186,"label":187,"file":141,"line":175},"n0","source","$_SERVER['REQUEST_URI']",{"id":189,"type":190,"label":191,"file":141,"line":175,"wp_function":192},"n1","sink","echo() [XSS]","echo",[194],{"from":185,"to":189,"sanitized":195},false,"medium",{"entryPoint":198,"graph":199,"unsanitizedCount":32,"severity":205},"\u003CCalJSettingsPage> (CalJSettingsPage.php:0)",{"nodes":200,"edges":203},[201,202],{"id":185,"type":186,"label":187,"file":141,"line":175},{"id":189,"type":190,"label":191,"file":141,"line":175,"wp_function":192},[204],{"from":185,"to":189,"sanitized":195},"low",{"summary":207,"deductions":208},"The plugin \"calj\" v1.5 exhibits a generally positive security posture, with several good practices observed.  Notably, it has a small attack surface, with only one entry point (a shortcode) and no AJAX handlers, REST API routes, or cron events. All SQL queries are properly prepared, and there are no file operations or external HTTP requests that appear to be directly controllable by user input. The absence of known vulnerabilities in its history is also a strong indicator of good development and maintenance.\n\nHowever, there are significant areas for improvement and concern. The most pressing issue is the lack of output escaping, with only 20% of outputs being properly handled. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks, especially given the presence of taint flows with unsanitized paths.  The absence of nonce and capability checks further exacerbates this risk, as it suggests that the plugin may not be adequately protecting sensitive actions or data from unauthorized access or manipulation. While the attack surface is small, the lack of proper sanitization and authorization on the identified flows represents a critical weakness.\n\nIn conclusion, while \"calj\" v1.5 benefits from a limited attack surface and secure SQL handling, the critical vulnerabilities in output escaping and the lack of authorization checks present a significant risk. The presence of unsanitized taint flows, coupled with these weaknesses, means that despite its clean vulnerability history, the plugin requires immediate attention to mitigate potential XSS and privilege escalation attacks.",[209,212,215,217],{"reason":210,"points":211},"Unsanitized taint flows detected",15,{"reason":213,"points":214},"Low percentage of properly escaped output",8,{"reason":216,"points":13},"Missing nonce checks",{"reason":218,"points":13},"Missing capability checks","2026-03-16T21:16:24.467Z",{"wat":221,"direct":229},{"assetPaths":222,"generatorPatterns":223,"scriptPaths":224,"versionParams":225},[],[],[],[226,227,228],"calj.php?ver=","calj.css?ver=","calj.js?ver=",{"cssClasses":230,"htmlComments":231,"htmlAttributes":232,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":235},[],[],[157],[],[],[236,237],"[ERR:","-"]