[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5qzWqctPIym4exRam4bcwRvGcP8Ni181Ru-RuLy50pY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":129,"fingerprints":375},"category-coloumn","Category Column","4.5","tepelstreel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftepelstreel\u002F","\u003Cp>The Category Column is mainly designed to give your blog a bit more of a newspaper behaviour. E.g. The plugin shows the latest posts from all categories with an offset of three posts (which are in the main column) on our homepage.\u003C\u002Fp>\n\u003Cp>If there is a post thumbnail, it will be displayed above the headline of the post. No further text will appear. If there is no thumbnail, only the headline and the excerpt of the post will be shown. When the plugin can detect neither the thumbnail nor the excerpt of a post, it will display just the first couple of sentenses (or words) of a post.\u003C\u002Fp>\n\u003Cp>The Category Column was tested up to WP 4.5. It should work with versions down to 2.9 but was never tested on those.\u003C\u002Fp>\n","The Category Column does simply, what the name says; it will show excerpts of the latest posts in your sidebar.",20,15167,100,1,"2016-02-26T10:15:00.000Z","4.5.33","2.9","",[20,21,22,23,24],"category","column","newspaper","sidebar","widget","http:\u002F\u002Fwasistlos.waldemarstoffel.com\u002Fplugins-fur-wordpress\u002Fcategory-column-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-coloumn.4.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},8,2550,30,84,"2026-04-04T05:29:07.754Z",[39,51,73,91,109],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":36,"num_ratings":46,"last_updated":47,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":48,"homepage":49,"download_link":50,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"category-feature","Featured Category Widget","2.5","\u003Cp>The Featured Category Widget is mainly designed because there were people for whom the Featured Post Widget was not enough. They wanted to put a category of their blog in the highlight.\u003Cbr \u002F>\nIf there is a post thumbnail, it will be displayed above the headline of the post. If there is no thumbnail, the first picture of the post is taken. You can set the size for the thumbnail or just take the standard from your options. Decide yourself, whether you want to show the excerpt, saved with your post or just the first three sentences or the first twenty words of the post. Style the widget individually, ready.\u003C\u002Fp>\n\u003Cp>The Featured Category was tested up to WP 4.5. It should work with versions down to 2.9 but was never tested on those.\u003C\u002Fp>\n","The Featured Category Widget is basically a Featured Post Widget for a category.",29613,5,"2016-02-26T10:18:00.000Z",[20,21,22,23,24],"http:\u002F\u002Fwasistlos.waldemarstoffel.com\u002Fplugins-fur-wordpress\u002Ffeatured-category-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-feature.2.5.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":18,"tags":66,"homepage":69,"download_link":70,"security_score":71,"vuln_count":14,"unpatched_count":28,"last_vuln_date":72,"fetched_at":30},"list-custom-taxonomy-widget","List Custom Taxonomy Widget","4.2","Nick Halsey","https:\u002F\u002Fprofiles.wordpress.org\u002Fcelloexpressions\u002F","\u003Cp>The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto-populated list. You can also set a title to display for the widget. Multiple list custom taxonomy widgets can be added to the same and other sidebars as well. There are several display options (including as a dropdown), and it generally behaves similarly to the built-in categories widget but with the addition of custom taxonomies.\u003C\u002Fp>\n","The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto &hellip;",9000,118876,94,21,"2024-07-13T01:39:00.000Z","6.6.5","3.3",[20,67,68,23,24],"custom-tax","custom-taxonomy","http:\u002F\u002Fcelloexpressions.com\u002Fplugins\u002Flist-custom-taxonomy-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-custom-taxonomy-widget.4.2.zip",91,"2024-04-22 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":61,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":18,"download_link":90,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"recent-posts-by-category-widget","Recent Posts by Category Widget","1.3","Ross Cornell","https:\u002F\u002Fprofiles.wordpress.org\u002Frossc\u002F","\u003Cp>This plugin adds a simple widget that allows you to display a number of recent blog posts from a specific category. You have the options to choose a title, category, number of posts and whether or not to show the post date. The posts will be ordered by date just like the default Recent Posts widget included with WordPress.\u003C\u002Fp>\n","Just like the default Recent Posts widget except you can choose a category to pull posts from.",4000,33251,12,"2017-11-28T16:45:00.000Z","4.2.39","3.0.1",[88,20,89,23,24],"categories","recent-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-by-category-widget.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":13,"num_ratings":14,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":107,"download_link":108,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lj-multi-column-archive","LJ Multi Column Archive","1.4","littlejon","https:\u002F\u002Fprofiles.wordpress.org\u002Flittlejon\u002F","\u003Cp>LJ Multi Column Archive is a WordPress plugin\u002Fwidget that allows you to display your archive list with multiple columns.\u003C\u002Fp>\n\u003Cp>I developed this plugin as I wanted to make use of the space I had in the sidebar more effectively, while still keeping the links to all the archives available.\u003C\u002Fp>\n\u003Cp>Depending on how old you blog is you can set the Archives to display either a list of Months with Posts, a list of Years with Posts, or a list of Days with posts.\u003C\u002Fp>\n\u003Cp>Archive links can be shown with or without post counts.\u003C\u002Fp>\n","LJ Multi Column Archive is a Wordpress plugin\u002Fwidget that allows you to display your archive list with multiple columns.",1000,5912,"2012-01-01T10:21:00.000Z","3.3.2","2.8",[105,21,106,23,24],"archive","multi","http:\u002F\u002Fwww.thelazysysadmin.net\u002Fsoftware\u002Fwordpress-plugins\u002Flj-multi-column-archive\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flj-multi-column-archive.1.4.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":99,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ns-category-widget","NS Category Widget","4.1.6","Nilambar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fnilambar\u002F","\u003Cp>Are you frustrated by the lack of customization options in default Category widget in WordPress? Then this plugin is for you. Works in similar fashion but with several customization options. Cheers !\u003C\u002Fp>\n","A plugin to add widget for listing Categories and Taxonomies. Extending Default WordPress Category Widget.",42075,96,34,"2025-09-12T01:32:00.000Z","6.8.5","6.0","7.2.24",[20,125,23,126,24],"listing","taxonomy","https:\u002F\u002Fwww.nilambar.net\u002F2013\u002F12\u002Fns-category-widget-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fns-category-widget.4.1.6.zip",{"attackSurface":130,"codeSignals":190,"taintFlows":332,"riskAssessment":359,"analyzedAt":374},{"hooks":131,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":28,"unprotectedCount":28},[132,138,141,144,148,154,157,161,164,168,172,176,179,181],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","save_post","flush_widget_cache","category_column.php",64,{"type":133,"name":139,"callback":135,"file":136,"line":140},"deleted_post",65,{"type":133,"name":142,"callback":135,"file":136,"line":143},"switch_theme",66,{"type":133,"name":145,"callback":146,"file":136,"line":147},"admin_enqueue_scripts","enqueue_scripts",68,{"type":149,"name":150,"callback":151,"priority":152,"file":136,"line":153},"filter","plugin_row_meta","register_links",10,70,{"type":149,"name":155,"callback":155,"priority":152,"file":136,"line":156},"plugin_action_links",71,{"type":133,"name":158,"callback":159,"file":136,"line":160},"init","update_rewrite_rules",80,{"type":133,"name":162,"callback":163,"file":136,"line":36},"wp_before_admin_bar_render","admin_bar_menu",{"type":133,"name":158,"callback":165,"file":166,"line":167},"add_rewrite","class-lib\\A5_DynamicFileClass.php",43,{"type":133,"name":169,"callback":170,"file":166,"line":171},"template_redirect","file_template",44,{"type":133,"name":173,"callback":174,"file":175,"line":11},"admin_init","initialize_settings","class-lib\\CC_AdminClass.php",{"type":133,"name":177,"callback":178,"file":175,"line":62},"admin_menu","add_admin_menu",{"type":133,"name":145,"callback":146,"file":175,"line":180},22,{"type":133,"name":182,"callback":183,"file":184,"line":185},"widgets_init","anonymous","class-lib\\CC_WidgetClass.php",351,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":195,"outputEscaping":198,"fileOperations":14,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":331},[192],{"fn":193,"file":184,"line":185,"context":194},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"Category_Column_Widget\");'))",{"prepared":196,"raw":28,"locations":197},2,[],{"escaped":11,"rawEcho":140,"locations":199},[200,203,205,207,209,211,213,215,217,219,221,223,225,227,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,285,287,289,291,293,295,297,299,301,303,305,307,309,310,312,314,316,318,320,322,324,326,328,329],{"file":166,"line":201,"context":202},118,"raw output",{"file":166,"line":204,"context":202},222,{"file":166,"line":206,"context":202},238,{"file":166,"line":208,"context":202},254,{"file":166,"line":210,"context":202},272,{"file":166,"line":212,"context":202},288,{"file":166,"line":214,"context":202},304,{"file":166,"line":216,"context":202},316,{"file":166,"line":218,"context":202},324,{"file":166,"line":220,"context":202},338,{"file":166,"line":222,"context":202},354,{"file":166,"line":224,"context":202},364,{"file":166,"line":226,"context":202},372,{"file":228,"line":229,"context":202},"class-lib\\A5_FormFieldClass.php",213,{"file":228,"line":231,"context":202},247,{"file":228,"line":233,"context":202},281,{"file":228,"line":235,"context":202},311,{"file":228,"line":237,"context":202},333,{"file":228,"line":239,"context":202},357,{"file":228,"line":241,"context":202},381,{"file":228,"line":243,"context":202},407,{"file":228,"line":245,"context":202},431,{"file":228,"line":247,"context":202},455,{"file":228,"line":249,"context":202},479,{"file":228,"line":251,"context":202},507,{"file":228,"line":253,"context":202},531,{"file":228,"line":255,"context":202},555,{"file":228,"line":257,"context":202},579,{"file":228,"line":259,"context":202},603,{"file":228,"line":261,"context":202},628,{"file":228,"line":263,"context":202},652,{"file":228,"line":265,"context":202},680,{"file":228,"line":267,"context":202},704,{"file":228,"line":269,"context":202},728,{"file":228,"line":271,"context":202},752,{"file":228,"line":273,"context":202},776,{"file":228,"line":275,"context":202},800,{"file":228,"line":277,"context":202},886,{"file":228,"line":279,"context":202},945,{"file":228,"line":281,"context":202},968,{"file":283,"line":284,"context":202},"class-lib\\A5_OptionPageClass.php",27,{"file":283,"line":286,"context":202},29,{"file":283,"line":288,"context":202},31,{"file":283,"line":290,"context":202},39,{"file":283,"line":292,"context":202},49,{"file":283,"line":294,"context":202},72,{"file":283,"line":296,"context":202},76,{"file":283,"line":298,"context":202},93,{"file":283,"line":300,"context":202},101,{"file":283,"line":302,"context":202},180,{"file":283,"line":304,"context":202},216,{"file":283,"line":306,"context":202},239,{"file":283,"line":308,"context":202},297,{"file":283,"line":218,"context":202},{"file":283,"line":311,"context":202},341,{"file":175,"line":313,"context":202},120,{"file":184,"line":315,"context":202},148,{"file":184,"line":317,"context":202},150,{"file":184,"line":319,"context":202},196,{"file":184,"line":321,"context":202},200,{"file":184,"line":323,"context":202},289,{"file":184,"line":325,"context":202},295,{"file":184,"line":327,"context":202},325,{"file":184,"line":237,"context":202},{"file":184,"line":330,"context":202},345,[],[333,351],{"entryPoint":334,"graph":335,"unsanitizedCount":14,"severity":350},"file_template (class-lib\\A5_DynamicFileClass.php:68)",{"nodes":336,"edges":347},[337,342],{"id":338,"type":339,"label":340,"file":166,"line":341},"n0","source","$_SERVER['SERVER_NAME']",115,{"id":343,"type":344,"label":345,"file":166,"line":341,"wp_function":346},"n1","sink","header() [Header Injection]","header",[348],{"from":338,"to":343,"sanitized":349},false,"medium",{"entryPoint":352,"graph":353,"unsanitizedCount":14,"severity":350},"\u003CA5_DynamicFileClass> (class-lib\\A5_DynamicFileClass.php:0)",{"nodes":354,"edges":357},[355,356],{"id":338,"type":339,"label":340,"file":166,"line":341},{"id":343,"type":344,"label":345,"file":166,"line":341,"wp_function":346},[358],{"from":338,"to":343,"sanitized":349},{"summary":360,"deductions":361},"The 'category-coloumn' v4.5 plugin presents a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and a seemingly small attack surface with no exposed AJAX handlers, REST API routes, or shortcodes that are unprotected. The use of prepared statements for all SQL queries is also a strong security practice. However, significant concerns arise from the static code analysis. The presence of the `create_function` dangerous function, while not necessarily exploitable without further context, is a code smell that can lead to serious vulnerabilities if used with user-supplied input.  Furthermore, a concerning 76% of output is not properly escaped, representing a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially if any of the output is derived from user input or external data. The taint analysis also indicates two flows with unsanitized paths, suggesting potential for data leakage or manipulation, although these did not reach critical or high severity in the analysis. The lack of any nonce checks or capability checks, combined with the unsanitized flows, significantly weakens the plugin's defense against unauthorized actions. The absence of external HTTP requests and file operations, while positive, does not mitigate the risks identified in the code itself.  In conclusion, while the plugin benefits from a clean vulnerability history and good practices in SQL handling and attack surface management, the critical weaknesses in output escaping, the use of `create_function`, and the absence of security checks like nonces and capability checks make it a moderate to high risk, particularly concerning XSS.",[362,364,367,369,372],{"reason":363,"points":33},"Dangerous function create_function used",{"reason":365,"points":366},"Significant portion of output unescaped",15,{"reason":368,"points":152},"Taint flows with unsanitized paths",{"reason":370,"points":371},"No nonce checks implemented",7,{"reason":373,"points":371},"No capability checks implemented","2026-03-16T22:54:08.916Z",{"wat":376,"direct":394},{"assetPaths":377,"generatorPatterns":387,"scriptPaths":388,"versionParams":391},[378,379,380,381,382,383,384,385,386],"\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FA5_ImageClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FA5_ExcerptClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FA5_FormFieldClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FA5_OptionPageClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FA5_DynamicFileClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FA5_WidgetClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FCC_AdminClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FCC_DynamicCSSClass.php","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fclass-lib\u002FCC_WidgetClass.php",[],[389,390],"\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fta-expander.js","\u002Fwp-content\u002Fplugins\u002Fcategory-coloumn\u002Fta-expander.min.js",[392,393],"category-coloumn\u002Fta-expander.js?ver=","category-coloumn\u002Fta-expander.min.js?ver=",{"cssClasses":395,"htmlComments":396,"htmlAttributes":397,"restEndpoints":399,"jsGlobals":400,"shortcodeOutput":402},[],[],[398],"data-cc_options",[],[401],"CategoryColumn",[]]