[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2LurhWUwZcOmAqiadUFm_L4-42ljOKTsdWCJDTJihro":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":132,"fingerprints":214},"call-to-action-widget","Call to Action Widget","1.1","Charlie Strickler","https:\u002F\u002Fprofiles.wordpress.org\u002Fcharliestricklergmailcom\u002F","\u003Cp>A modified version of the standard WordPress text widget.  In addition to a title and textarea\u002Fhtml field the CTA widget includes an image URL that can be positioned above or below the title, a button text field and a button URL field.  CTA widget is short for “Call to Action” widget.  We frequently see website designs with 3 columns of widgets on the home page.  Frequently these buckets or widgets utilize an image, title, description, and call to action button.  This widget makes it easier for beginners to change the content of these blocks without editing HTML.\u003C\u002Fp>\n\u003Cp>Read more about this widget on \u003Ca href=\"http:\u002F\u002Fwordpress.boomvisibility.com\u002Fcta-widget\u002F\" rel=\"nofollow ugc\">wordpress.boomvisibility.com\u003C\u002Fa>\u003C\u002Fp>\n","A simple text widget with Title, Image URL, A text\u002Fhtml area, Link Text and Link URL.  This simple widget is often used for a call to action widget.",200,13953,94,6,"2013-12-10T00:00:00.000Z","3.7.41","3.0.2","",[4,20,21,22],"cta-widget","image-widget","text-widget","http:\u002F\u002Fwww.boomvisibility.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-to-action-widget.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"charliestricklergmailcom",1,30,84,"2026-04-04T14:00:02.157Z",[37,57,76,97,115],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":55,"download_link":56,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wp-shaper-image-and-text","WP Shaper Image and Text","1.0","wpshaper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpshaper\u002F","\u003Cp>WP Shaper Image and Text is a dynamic image & text widget plugin for display sidebar or any where in your site.\u003C\u002Fp>\n\u003Cp>The plugin is designed for any dynamic image & text widget. “WP Shaper Image and Text” is a free wordpress plugin. Any developer can change Or modify this plugin without author permission.\u003C\u002Fp>\n","WP Shaper Image and Text is a dynamic image & text widget plugin for display sidebar or any where in your site.",90,5384,100,2,"2015-01-06T06:44:00.000Z","4.1.42","4.0",[53,21,22,54],"dynamic-image","wp-shaper","http:\u002F\u002Fwww.wpshaper.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-shaper-image-and-text.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":26,"num_ratings":26,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":74,"download_link":75,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wp-master-widget","WP Master Widget","1.0.0","WebSPI","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevcon1\u002F","\u003Cp>Supports vertical ordering of images, icons, texts, titles, and more using a simple drag and drop ordering feature. Users can dynamically add any number of elements to the WP Master Widget and each element can be styled differently from the “Widgets” page. All widgets can be configured as a hyperlink to any destination with styling options.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Image widget allows using hover animation based on pure CSS.\u003C\u002Fli>\n\u003Cli>Text Widget allows using shortcodes and simple styling available from the user interface.\u003C\u002Fli>\n\u003Cli>Icon Widget loads FontAwesome icons library with style settings.\u003C\u002Fli>\n\u003Cli>All Widgets can be configured with hyperlink with options to open from a new window and styling.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Master Widget is an advanced WordPress widget that allows easy styling and organization for text, fontawesome icon, image, and more types of elemen …",20,2860,"2017-08-22T22:54:00.000Z","4.8.28","3.0.1",[71,72,21,22,73],"advanced-widget","custom-widget","widget-with-custom-class","\u002F\u002Fwpmaster.com\u002Fplugins\u002Fwp-master-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-master-widget.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":45,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":95,"download_link":96,"security_score":47,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"simple-image-widget","Simple Image Widget","4.4.2","Cedaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fcedaro\u002F","\u003Cp>Simple Image Widget is what the name implies — the easiest way to add images to your sidebars. Display advertisements, calls-to-action, or even build a slider based on image widgets.\u003C\u002Fp>\n\u003Cp>Despite its simplicity, Simple Image Widget is built with extensibility in mind, making it super easy to spin off new image-based widgets, or customize the widget ouput using the available template hierarchy.\u003C\u002Fp>\n\u003Ch3>Additional Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsimple-image-widget#postform\" rel=\"ugc\">Write a review\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcedaro\u002Fsimple-image-widget\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcedaroco\" rel=\"nofollow ugc\">Follow @cedaroco\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.cedaro.com\u002F?utm_source=wordpress.org&utm_medium=link&utm_content=simple-image-widget-readme&utm_campaign=plugins\" rel=\"nofollow ugc\">Visit Cedaro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple widget that makes it a breeze to add images to your sidebars.",10000,854415,39,"2025-07-20T14:44:00.000Z","6.8.5","4.9",[21,91,92,93,94],"media","media-manager","sidebar","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-image-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-image-widget.4.4.2.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":48,"last_updated":108,"tested_up_to":88,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":113,"download_link":114,"security_score":47,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"image-widget-rb","Image Widget","1.0.12","rbplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Frbplugins\u002F","\u003Cp>With Image Widget plugin you can in few simple steps publish images grid on sidebar of your blog page or post. For management of the images implemented set of simple and smart options. It’s not gonna take to much time to manage your media resources. Configuration of the gallery widget it’s very simple task with our image widget.\u003Cbr \u002F>\nImage Widget have few functionality modes. You can easily change view of the image widget thumbnails layout. Upload images to the image widget take just few minutes and few clicks. You can use external plugins which have integration with Image Widget RB as source of the settings for the gallery and images sets.\u003Cbr \u002F>\nConfigure styles and view in external gallery plugin, select required gallery elements and publish it in image widget, as target content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features Image Widget\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple image widget interface;\u003C\u002Fli>\n\u003Cli>Simple image management tools;\u003C\u002Fli>\n\u003Cli>Media resources could be upload in few clicks;\u003C\u002Fli>\n\u003Cli>Multi columns image widget configuration;\u003C\u002Fli>\n\u003Cli>Unlimited images amount;\u003C\u002Fli>\n\u003Cli>Image grid widget view;\u003C\u002Fli>\n\u003Cli>Import of the image widget content from the external integrated plugins;\u003C\u002Fli>\n\u003Cli>No limits for image widgets amount on page;\u003C\u002Fli>\n\u003Cli>No limits for image widgets on sidebar;\u003C\u002Fli>\n\u003Cli>Additional parameters for images in image widget media manager;\u003C\u002Fli>\n\u003Cli>Image widget with lightbox;\u003C\u002Fli>\n\u003Cli>Fast navigation in lightbox;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s not require any special skills or code modifications to image widget on your website. Just install image widget plugin on your website, open settings to enable main functionality. Just install plugin from the directory and activate image widget function in widget settings.\u003C\u002Fp>\n\u003Cp>If you have some ideas of new functionality or options for this image widget plugin please drop a line to our contact form or support section.\u003C\u002Fp>\n","Image Widget - most simple and fast way to create image widget to your sidebar",4000,54014,60,"2025-09-25T07:24:00.000Z","3.1",[111,112,21,93,94],"gallery-widget","image","https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fimage-widget-rb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget-rb.1.0.12.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":47,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":18,"download_link":131,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"classic-text-widget","Classic Text Widget","1.0.1","Victor Font","https:\u002F\u002Fprofiles.wordpress.org\u002Fvfontj\u002F","\u003Cp>Brings back the classic WordPress text widget without TinyMCE. This is based on the code from WordPress Ver. 4.7.5\u003C\u002Fp>\n\u003Cp>Functionality is exactly the same as the pre-version 4.8 text widget. Additional default functionality includes shortcode execution and custom class filter.\u003C\u002Fp>\n\u003Cp>Note: This widget uses PHP namespaces to prevent conflicts with other widgets of a similar nature. PHP namespaces are only supported in PHP Version 5.3.0 and higher. If your site uses a PHP version earlier than 5.3.0, do not install this widget unless your PHP version is upgraded first.\u003C\u002Fp>\n","The classic pre-WordPress version 4.8 text widget",2000,20397,15,"2019-04-29T17:05:00.000Z","5.2.24","4.8",[116,130,22],"text","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassic-text-widget.1.0.2.zip",{"attackSurface":133,"codeSignals":145,"taintFlows":201,"riskAssessment":202,"analyzedAt":213},{"hooks":134,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":26,"unprotectedCount":26},[135],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","widgets_init","anonymous","cta-widget.php",93,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":150,"outputEscaping":152,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":32,"bundledLibraries":200},[147],{"fn":148,"file":139,"line":140,"context":149},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget( \"RT_Widget_Text\" );' ) );",{"prepared":26,"raw":26,"locations":151},[],{"escaped":125,"rawEcho":33,"locations":153},[154,156,158,159,161,163,165,166,167,168,170,172,174,175,177,179,180,182,184,185,186,187,189,190,191,193,195,196,198,199],{"file":139,"line":33,"context":155},"raw output",{"file":139,"line":157,"context":155},32,{"file":139,"line":157,"context":155},{"file":139,"line":160,"context":155},33,{"file":139,"line":162,"context":155},34,{"file":139,"line":164,"context":155},36,{"file":139,"line":164,"context":155},{"file":139,"line":86,"context":155},{"file":139,"line":86,"context":155},{"file":139,"line":169,"context":155},41,{"file":139,"line":171,"context":155},69,{"file":139,"line":173,"context":155},70,{"file":139,"line":173,"context":155},{"file":139,"line":176,"context":155},72,{"file":139,"line":178,"context":155},73,{"file":139,"line":178,"context":155},{"file":139,"line":181,"context":155},75,{"file":139,"line":183,"context":155},76,{"file":139,"line":183,"context":155},{"file":139,"line":183,"context":155},{"file":139,"line":183,"context":155},{"file":139,"line":188,"context":155},78,{"file":139,"line":188,"context":155},{"file":139,"line":188,"context":155},{"file":139,"line":192,"context":155},80,{"file":139,"line":194,"context":155},81,{"file":139,"line":194,"context":155},{"file":139,"line":197,"context":155},83,{"file":139,"line":34,"context":155},{"file":139,"line":34,"context":155},[],[],{"summary":203,"deductions":204},"The \"call-to-action-widget\" v1.1 plugin exhibits a generally positive security posture with no recorded vulnerabilities or critical taint flows. The absence of SQL injection vulnerabilities due to the exclusive use of prepared statements is a significant strength. Furthermore, the plugin has a minimal attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack proper authentication or permission checks. File operations and external HTTP requests are also absent, reducing potential attack vectors.\n\nHowever, there are several areas of concern that warrant attention. The presence of the `create_function` dangerous function is a known security risk that can lead to code injection if used with unsanitized input, although no specific instances were found in the taint analysis. The low percentage of properly escaped output (33%) indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks on entry points, while the attack surface is currently zero, leaves it open to potential CSRF attacks should any entry points be introduced in the future without proper protection.\n\nGiven the plugin's clean vulnerability history, it suggests diligent maintenance or a lack of significant exploitation attempts. Nevertheless, the identified code quality issues, particularly concerning output escaping and the use of `create_function`, present inherent risks that could be exploited. The plugin's strengths lie in its limited attack surface and secure data handling for SQL queries, but these are somewhat overshadowed by potential XSS flaws and the use of a deprecated, insecure function.",[205,208,210],{"reason":206,"points":207},"Dangerous function detected (create_function)",10,{"reason":209,"points":125},"Low percentage of properly escaped output",{"reason":211,"points":212},"No nonce checks on entry points",5,"2026-03-16T20:30:48.439Z",{"wat":215,"direct":220},{"assetPaths":216,"generatorPatterns":217,"scriptPaths":218,"versionParams":219},[],[],[],[],{"cssClasses":221,"htmlComments":224,"htmlAttributes":225,"restEndpoints":245,"jsGlobals":246,"shortcodeOutput":247},[222,223],"widget_cta","ctabutton",[],[226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244],"for=\"imgabove\"","name=\"imageplace\"","id=\"imgabove\"","value=\"above\"","checked","id=\"imgbelow\"","value=\"below\"","id=\"title\"","name=\"title\"","id=\"title1\"","name=\"title1\"","id=\"imageurl\"","name=\"imageurl\"","id=\"text\"","name=\"text\"","id=\"buttontext\"","name=\"buttontext\"","id=\"buttonurl\"","name=\"buttonurl\"",[],[],[]]