[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5-8nIAd0V_IG8_dHhA3a9AcuIJ5I_Xh8RZepvzc69p4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":122,"fingerprints":169},"category-contributors","Category Contributors","2017.08.13","klickonit","https:\u002F\u002Fprofiles.wordpress.org\u002Fklickonit\u002F","\u003Cp>** this plugin is no longer being update. Please feel free to adopt me! **\u003C\u002Fp>\n\u003Cp>Displays a list of contributors from a category, and on posts will list authors who have contributed to the same category.\u003C\u002Fp>\n","Displays a list of contributors from a category, and on posts will list authors who have contributed to the same category.",10,1729,0,"2017-07-13T17:56:00.000Z","4.8.0","4.0.0","",[19],"adopt-me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-contributors.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},17,130,88,30,86,"2026-04-04T13:43:04.370Z",[33,56,77,98,113],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":11,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":53,"download_link":54,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"share-on-mastodon","Share on Mastodon","0.20.1","Jan Boddez","https:\u002F\u002Fprofiles.wordpress.org\u002Fjanboddez\u002F","\u003Cp>Automatically share WordPress posts on \u003Ca href=\"https:\u002F\u002Fjoinmastodon.org\u002F\" rel=\"nofollow ugc\">Mastodon\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You choose which post types are shared, and sharing can still be disabled on a per-post basis.\u003C\u002Fp>\n\u003Cp>Supports WordPress’ new block editor, image uploads and alt text, “template tags,” and comes with a number of filter hooks for developers.\u003C\u002Fp>\n\u003Cp>More details can be found on \u003Ca href=\"https:\u002F\u002Fjan.boddez.net\u002Fwordpress\u002Fshare-on-mastodon\" rel=\"nofollow ugc\">this plugin’s web page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Credit\u003C\u002Fh4>\n\u003Cp>Share icon by \u003Ca href=\"https:\u002F\u002Fheroicons.dev\u002F\" rel=\"nofollow ugc\">Heroicons\u003C\u002Fa>, licensed under the terms of the MIT License. Elephant illustration sourced from Mastodon’s \u003Ca href=\"https:\u002F\u002Fjoinmastodon.org\u002Fpress-kit.zip\" rel=\"nofollow ugc\">Press Kit\u003C\u002Fa>.\u003C\u002Fp>\n","Automatically share WordPress posts on Mastodon.",1000,29553,96,"2026-01-31T14:49:00.000Z","6.9.4","5.9","7.2",[19,49,50,51,52],"fediverse","mastodon","posse","syndication","https:\u002F\u002Fjan.boddez.net\u002Fwordpress\u002Fshare-on-mastodon","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshare-on-mastodon.0.20.1.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":41,"downloaded":64,"rating":55,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":17,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"wp-rest-yoast-meta","WP REST Yoast Meta","2025.1.0","Acato","https:\u002F\u002Fprofiles.wordpress.org\u002Facato\u002F","\u003Cp>\u003Cem>This plugin is no longer updated, but is open for adoption\u003C\u002Fem>\u003Cbr \u002F>\nAs of Yoast SEO version 16.7 the functionality provided by this plugin is now \u003Ca href=\"https:\u002F\u002Fdeveloper.yoast.com\u002Fcustomization\u002Fapis\u002Frest-api\u002F\" rel=\"nofollow ugc\">part of the Yoast SEO plugin\u003C\u002Fa> itself. This plugin will no longer be updated, but is open for adoption. If you are interested in adopting this plugin, please contact the authors.\u003C\u002Fp>\n\u003Cp>Are you using WordPress for a headless set-up, using the WP REST API? And would you like to use the Yoast SEO plugin just like you would for any other project? This plugin adds the meta tags generated by the Yoast SEO plugin to the WP REST API output, allowing your headless set-up to implement them. Also when you are using Yoast SEO Premium you have the option to retrieve redirects throught the API: this plugin adds a custom endpoint (\u003Ccode>\u002Fwp-rest-yoast-meta\u002Fv1\u002Fredirects\u003C\u002Fcode>) to provide those redirects in a JSON format. Since Yoast 11.0 JSON LD Schema.org data is also supported and is now also available through the WP REST API when using this plugin.\u003C\u002Fp>\n\u003Ch3>Installation from within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit ‘Plugins > Add New’ (or ‘My Sites > Network Admin > Plugins > Add New’ if you are on a multisite installation).\u003C\u002Fli>\n\u003Cli>Search for ‘WP REST Yoast Meta’.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Yoast Meta plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload the \u003Ccode>wp-rest-yoast-meta\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003Cli>Activate the WP REST Yoast Meta plugin through the ‘Plugins’ menu in WordPress.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds meta tags as generated by Yoast SEO to the WP REST API. And adds a custom endpoint to retrieve all redirects as they are set in Yoast SEO Premium …",31743,6,"2025-01-23T09:31:00.000Z","5.7.15","4.7","5.4",[19,71,72,73,74],"api","wp-rest","wp-rest-api","yoast","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rest-yoast-meta.2025.1.0.zip",92,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":13,"num_ratings":13,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":96,"download_link":97,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"mc-divi-title-module","Divi Title Module","1.0.2","Marie Comet","https:\u002F\u002Fprofiles.wordpress.org\u002Fchaton666\u002F","\u003Cp>This plugin adds a new module to the Divi builder, it allows to easily insert titles without going through the text module.\u003Cbr \u002F>\nYou will be able to set the level of the title (h1, h2, etc), its color, its size, among others.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fgallery\u002Fdivi\u002F\" rel=\"nofollow ugc\">Divi\u003C\u002Fa> is a registered trademark of Elegant Themes, Inc. This plugin is not affiliated with nor endorsed by \u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\" rel=\"nofollow ugc\">Elegant Themes\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin adds a new module to the Divi builder, it allows to easily insert titles without going through the text module.",200,5133,"2020-04-08T11:08:00.000Z","5.4.19","4.4","5.2.4",[19,92,93,94,95],"divi","divi-builder","divi-module","divi-title","https:\u002F\u002Fgithub.com\u002FMarieComet\u002FMC-Divi-Module-Title\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-divi-title-module.1.0.2.zip",{"slug":99,"name":100,"version":101,"author":37,"author_profile":38,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":55,"num_ratings":106,"last_updated":107,"tested_up_to":45,"requires_at_least":17,"requires_php":17,"tags":108,"homepage":17,"download_link":112,"security_score":55,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"share-on-pixelfed","Share on Pixelfed","0.9.0","\u003Cp>Automatically share WordPress posts on \u003Ca href=\"https:\u002F\u002Fpixelfed.org\u002F\" rel=\"nofollow ugc\">Pixelfed\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You choose which Post Types are shared—though sharing can still be disabled on a per-post basis. Posts without a Featured Image will not be shared. (The plugin currently doesn’t look for other images inside the post, that is.)\u003C\u002Fp>\n\u003Cp>Supports a number of filter hooks for developers, and is fully compatible with WordPress’s new block editor.\u003C\u002Fp>\n\u003Cp>More details can be found on \u003Ca href=\"https:\u002F\u002Fjan.boddez.net\u002Fwordpress\u002Fshare-on-pixelfed\" rel=\"nofollow ugc\">this plugin’s web page\u003C\u002Fa>.\u003C\u002Fp>\n","Automatically share WordPress (image) posts on Pixelfed.",70,3325,1,"2026-02-07T10:24:00.000Z",[19,109,49,110,111],"crosspost","pixelfed","share","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshare-on-pixelfed.0.9.0.zip",{"slug":114,"name":115,"version":6,"author":7,"author_profile":8,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":120,"homepage":17,"download_link":121,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"add-image-to-rss-feed","Add Image to RSS Feed","\u003Cp>** this plugin is no longer being update. Please feel free to adopt me! **\u003C\u002Fp>\n\u003Cp>Automatically adds the featured image to RSS feed posts\u003C\u002Fp>\n","** this plugin is no longer being update. Please feel free to adopt me! **",20,2944,[19],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-image-to-rss-feed.zip",{"attackSurface":123,"codeSignals":135,"taintFlows":161,"riskAssessment":162,"analyzedAt":168},{"hooks":124,"ajaxHandlers":131,"restRoutes":132,"shortcodes":133,"cronEvents":134,"entryPointCount":13,"unprotectedCount":13},[125],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","widgets_init","closure","category-contributors.php",137,[],[],[],[],{"dangerousFunctions":136,"sqlUsage":137,"outputEscaping":139,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":160},[],{"prepared":13,"raw":13,"locations":138},[],{"escaped":140,"rawEcho":141,"locations":142},2,9,[143,146,147,148,150,152,154,156,158],{"file":129,"line":144,"context":145},41,"raw output",{"file":129,"line":144,"context":145},{"file":129,"line":144,"context":145},{"file":129,"line":149,"context":145},55,{"file":129,"line":151,"context":145},81,{"file":129,"line":153,"context":145},116,{"file":129,"line":155,"context":145},118,{"file":129,"line":157,"context":145},121,{"file":129,"line":159,"context":145},132,[],[],{"summary":163,"deductions":164},"The \"category-contributors\" plugin version 2017.08.13 exhibits a strong static security posture according to the provided analysis. The absence of entry points such as AJAX handlers, REST API routes, shortcodes, and cron events, coupled with zero dangerous function calls, suggests a minimal attack surface and adherence to secure coding practices in these areas. The plugin also demonstrates good practices by using prepared statements for all its SQL queries and avoiding external HTTP requests and file operations. This indicates a low likelihood of common web vulnerabilities like SQL injection or remote code execution originating from these vectors.\n\nHowever, a significant concern arises from the very low percentage of properly escaped output (18%). This suggests that data rendered to the user or other contexts may not be adequately sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities. The lack of any recorded vulnerabilities in its history is positive, but it doesn't negate the potential risks posed by the unescaped output. The analysis also notes the absence of nonce and capability checks, which, while less critical in the absence of direct entry points, could become a weakness if new entry points are introduced in future updates without corresponding security measures.\n\nIn conclusion, while the plugin is strong in its core development practices by avoiding common dangerous functions and SQL injection vectors, the insufficient output escaping presents a notable risk of XSS. The clean vulnerability history is a good sign, but the identified output escaping issue requires attention. The overall security posture is good, but the XSS risk is a significant weakness.",[165],{"reason":166,"points":167},"Low output escaping rate",8,"2026-03-17T01:19:08.720Z",{"wat":170,"direct":179},{"assetPaths":171,"generatorPatterns":174,"scriptPaths":175,"versionParams":176},[172,173],"\u002Fwp-content\u002Fplugins\u002Fcategory-contributors\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcategory-contributors\u002Fcategory-contributors.js",[],[173],[177,178],"category-contributors\u002Fstyle.css?ver=","category-contributors.js?ver=",{"cssClasses":180,"htmlComments":182,"htmlAttributes":183,"restEndpoints":187,"jsGlobals":188,"shortcodeOutput":189},[181,4],"CategoryContributorsWidget",[],[184,185,186],"author-photo","author-name","author-user-description",[],[],[]]