[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frHrKNFvx1C9ij5XU3tcdaE1fZ_2fNQeTcKZ25QUj0Mg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":129,"fingerprints":393},"category-feature","Featured Category Widget","2.5","tepelstreel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftepelstreel\u002F","\u003Cp>The Featured Category Widget is mainly designed because there were people for whom the Featured Post Widget was not enough. They wanted to put a category of their blog in the highlight.\u003Cbr \u002F>\nIf there is a post thumbnail, it will be displayed above the headline of the post. If there is no thumbnail, the first picture of the post is taken. You can set the size for the thumbnail or just take the standard from your options. Decide yourself, whether you want to show the excerpt, saved with your post or just the first three sentences or the first twenty words of the post. Style the widget individually, ready.\u003C\u002Fp>\n\u003Cp>The Featured Category was tested up to WP 4.5. It should work with versions down to 2.9 but was never tested on those.\u003C\u002Fp>\n","The Featured Category Widget is basically a Featured Post Widget for a category.",100,29613,84,5,"2016-02-26T10:18:00.000Z","4.5.33","2.9","",[20,21,22,23,24],"category","column","newspaper","sidebar","widget","http:\u002F\u002Fwasistlos.waldemarstoffel.com\u002Fplugins-fur-wordpress\u002Ffeatured-category-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-feature.2.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":13,"computed_at":36},8,2550,30,"2026-04-04T21:24:00.123Z",[38,51,73,91,109],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":11,"num_ratings":46,"last_updated":47,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":48,"homepage":49,"download_link":50,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"category-coloumn","Category Column","4.5","\u003Cp>The Category Column is mainly designed to give your blog a bit more of a newspaper behaviour. E.g. The plugin shows the latest posts from all categories with an offset of three posts (which are in the main column) on our homepage.\u003C\u002Fp>\n\u003Cp>If there is a post thumbnail, it will be displayed above the headline of the post. No further text will appear. If there is no thumbnail, only the headline and the excerpt of the post will be shown. When the plugin can detect neither the thumbnail nor the excerpt of a post, it will display just the first couple of sentenses (or words) of a post.\u003C\u002Fp>\n\u003Cp>The Category Column was tested up to WP 4.5. It should work with versions down to 2.9 but was never tested on those.\u003C\u002Fp>\n","The Category Column does simply, what the name says; it will show excerpts of the latest posts in your sidebar.",20,15167,1,"2016-02-26T10:15:00.000Z",[20,21,22,23,24],"http:\u002F\u002Fwasistlos.waldemarstoffel.com\u002Fplugins-fur-wordpress\u002Fcategory-column-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-coloumn.4.5.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":18,"tags":66,"homepage":69,"download_link":70,"security_score":71,"vuln_count":46,"unpatched_count":28,"last_vuln_date":72,"fetched_at":30},"list-custom-taxonomy-widget","List Custom Taxonomy Widget","4.2","Nick Halsey","https:\u002F\u002Fprofiles.wordpress.org\u002Fcelloexpressions\u002F","\u003Cp>The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto-populated list. You can also set a title to display for the widget. Multiple list custom taxonomy widgets can be added to the same and other sidebars as well. There are several display options (including as a dropdown), and it generally behaves similarly to the built-in categories widget but with the addition of custom taxonomies.\u003C\u002Fp>\n","The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto &hellip;",9000,118876,94,21,"2024-07-13T01:39:00.000Z","6.6.5","3.3",[20,67,68,23,24],"custom-tax","custom-taxonomy","http:\u002F\u002Fcelloexpressions.com\u002Fplugins\u002Flist-custom-taxonomy-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-custom-taxonomy-widget.4.2.zip",91,"2024-04-22 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":61,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":18,"download_link":90,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"recent-posts-by-category-widget","Recent Posts by Category Widget","1.3","Ross Cornell","https:\u002F\u002Fprofiles.wordpress.org\u002Frossc\u002F","\u003Cp>This plugin adds a simple widget that allows you to display a number of recent blog posts from a specific category. You have the options to choose a title, category, number of posts and whether or not to show the post date. The posts will be ordered by date just like the default Recent Posts widget included with WordPress.\u003C\u002Fp>\n","Just like the default Recent Posts widget except you can choose a category to pull posts from.",4000,33251,12,"2017-11-28T16:45:00.000Z","4.2.39","3.0.1",[88,20,89,23,24],"categories","recent-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-by-category-widget.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":11,"num_ratings":46,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":107,"download_link":108,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lj-multi-column-archive","LJ Multi Column Archive","1.4","littlejon","https:\u002F\u002Fprofiles.wordpress.org\u002Flittlejon\u002F","\u003Cp>LJ Multi Column Archive is a WordPress plugin\u002Fwidget that allows you to display your archive list with multiple columns.\u003C\u002Fp>\n\u003Cp>I developed this plugin as I wanted to make use of the space I had in the sidebar more effectively, while still keeping the links to all the archives available.\u003C\u002Fp>\n\u003Cp>Depending on how old you blog is you can set the Archives to display either a list of Months with Posts, a list of Years with Posts, or a list of Days with posts.\u003C\u002Fp>\n\u003Cp>Archive links can be shown with or without post counts.\u003C\u002Fp>\n","LJ Multi Column Archive is a Wordpress plugin\u002Fwidget that allows you to display your archive list with multiple columns.",1000,5912,"2012-01-01T10:21:00.000Z","3.3.2","2.8",[105,21,106,23,24],"archive","multi","http:\u002F\u002Fwww.thelazysysadmin.net\u002Fsoftware\u002Fwordpress-plugins\u002Flj-multi-column-archive\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flj-multi-column-archive.1.4.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":99,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ns-category-widget","NS Category Widget","4.1.6","Nilambar Sharma","https:\u002F\u002Fprofiles.wordpress.org\u002Fnilambar\u002F","\u003Cp>Are you frustrated by the lack of customization options in default Category widget in WordPress? Then this plugin is for you. Works in similar fashion but with several customization options. Cheers !\u003C\u002Fp>\n","A plugin to add widget for listing Categories and Taxonomies. Extending Default WordPress Category Widget.",42075,96,34,"2025-09-12T01:32:00.000Z","6.8.5","6.0","7.2.24",[20,125,23,126,24],"listing","taxonomy","https:\u002F\u002Fwww.nilambar.net\u002F2013\u002F12\u002Fns-category-widget-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fns-category-widget.4.1.6.zip",{"attackSurface":130,"codeSignals":191,"taintFlows":351,"riskAssessment":378,"analyzedAt":392},{"hooks":131,"ajaxHandlers":187,"restRoutes":188,"shortcodes":189,"cronEvents":190,"entryPointCount":28,"unprotectedCount":28},[132,138,141,144,148,154,157,161,165,169,173,177,180,182],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","save_post","flush_widget_cache","category-feature.php",60,{"type":133,"name":139,"callback":135,"file":136,"line":140},"deleted_post",61,{"type":133,"name":142,"callback":135,"file":136,"line":143},"switch_theme",62,{"type":133,"name":145,"callback":146,"file":136,"line":147},"admin_enqueue_scripts","enqueue_scripts",64,{"type":149,"name":150,"callback":151,"priority":152,"file":136,"line":153},"filter","plugin_row_meta","register_links",10,66,{"type":149,"name":155,"callback":155,"priority":152,"file":136,"line":156},"plugin_action_links",67,{"type":133,"name":158,"callback":159,"file":136,"line":160},"init","update_rewrite_rules",74,{"type":133,"name":162,"callback":163,"file":136,"line":164},"wp_before_admin_bar_render","admin_bar_menu",78,{"type":133,"name":158,"callback":166,"file":167,"line":168},"add_rewrite","class-lib\\A5_DynamicFileClass.php",43,{"type":133,"name":170,"callback":171,"file":167,"line":172},"template_redirect","file_template",44,{"type":133,"name":174,"callback":175,"file":176,"line":44},"admin_init","initialize_settings","class-lib\\CF_AdminClass.php",{"type":133,"name":178,"callback":179,"file":176,"line":62},"admin_menu","add_admin_menu",{"type":133,"name":145,"callback":146,"file":176,"line":181},22,{"type":133,"name":183,"callback":184,"file":185,"line":186},"widgets_init","anonymous","class-lib\\CF_WidgetClass.php",508,[],[],[],[],{"dangerousFunctions":192,"sqlUsage":196,"outputEscaping":199,"fileOperations":46,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":350},[193],{"fn":194,"file":185,"line":186,"context":195},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"Featured_Category_Widget\");'",{"prepared":197,"raw":28,"locations":198},2,[],{"escaped":200,"rawEcho":201,"locations":202},53,73,[203,206,208,210,212,214,216,218,220,222,224,226,228,230,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,288,290,292,294,296,298,300,302,304,306,308,310,312,313,315,317,319,321,323,325,327,329,331,332,334,336,338,340,342,344,346,348],{"file":167,"line":204,"context":205},118,"raw output",{"file":167,"line":207,"context":205},222,{"file":167,"line":209,"context":205},238,{"file":167,"line":211,"context":205},254,{"file":167,"line":213,"context":205},272,{"file":167,"line":215,"context":205},288,{"file":167,"line":217,"context":205},304,{"file":167,"line":219,"context":205},316,{"file":167,"line":221,"context":205},324,{"file":167,"line":223,"context":205},338,{"file":167,"line":225,"context":205},354,{"file":167,"line":227,"context":205},364,{"file":167,"line":229,"context":205},372,{"file":231,"line":232,"context":205},"class-lib\\A5_FormFieldClass.php",213,{"file":231,"line":234,"context":205},247,{"file":231,"line":236,"context":205},281,{"file":231,"line":238,"context":205},311,{"file":231,"line":240,"context":205},333,{"file":231,"line":242,"context":205},357,{"file":231,"line":244,"context":205},381,{"file":231,"line":246,"context":205},407,{"file":231,"line":248,"context":205},431,{"file":231,"line":250,"context":205},455,{"file":231,"line":252,"context":205},479,{"file":231,"line":254,"context":205},507,{"file":231,"line":256,"context":205},531,{"file":231,"line":258,"context":205},555,{"file":231,"line":260,"context":205},579,{"file":231,"line":262,"context":205},603,{"file":231,"line":264,"context":205},628,{"file":231,"line":266,"context":205},652,{"file":231,"line":268,"context":205},680,{"file":231,"line":270,"context":205},704,{"file":231,"line":272,"context":205},728,{"file":231,"line":274,"context":205},752,{"file":231,"line":276,"context":205},776,{"file":231,"line":278,"context":205},800,{"file":231,"line":280,"context":205},886,{"file":231,"line":282,"context":205},945,{"file":231,"line":284,"context":205},968,{"file":286,"line":287,"context":205},"class-lib\\A5_OptionPageClass.php",27,{"file":286,"line":289,"context":205},29,{"file":286,"line":291,"context":205},31,{"file":286,"line":293,"context":205},39,{"file":286,"line":295,"context":205},49,{"file":286,"line":297,"context":205},72,{"file":286,"line":299,"context":205},76,{"file":286,"line":301,"context":205},93,{"file":286,"line":303,"context":205},101,{"file":286,"line":305,"context":205},180,{"file":286,"line":307,"context":205},216,{"file":286,"line":309,"context":205},239,{"file":286,"line":311,"context":205},297,{"file":286,"line":221,"context":205},{"file":286,"line":314,"context":205},341,{"file":176,"line":316,"context":205},116,{"file":176,"line":318,"context":205},122,{"file":176,"line":320,"context":205},130,{"file":185,"line":322,"context":205},165,{"file":185,"line":324,"context":205},256,{"file":185,"line":326,"context":205},260,{"file":185,"line":328,"context":205},451,{"file":185,"line":330,"context":205},453,{"file":185,"line":250,"context":205},{"file":185,"line":333,"context":205},457,{"file":185,"line":335,"context":205},459,{"file":185,"line":337,"context":205},461,{"file":185,"line":339,"context":205},463,{"file":185,"line":341,"context":205},465,{"file":185,"line":343,"context":205},467,{"file":185,"line":345,"context":205},475,{"file":185,"line":347,"context":205},483,{"file":185,"line":349,"context":205},496,[],[352,370],{"entryPoint":353,"graph":354,"unsanitizedCount":46,"severity":369},"file_template (class-lib\\A5_DynamicFileClass.php:68)",{"nodes":355,"edges":366},[356,361],{"id":357,"type":358,"label":359,"file":167,"line":360},"n0","source","$_SERVER['SERVER_NAME']",115,{"id":362,"type":363,"label":364,"file":167,"line":360,"wp_function":365},"n1","sink","header() [Header Injection]","header",[367],{"from":357,"to":362,"sanitized":368},false,"medium",{"entryPoint":371,"graph":372,"unsanitizedCount":46,"severity":369},"\u003CA5_DynamicFileClass> (class-lib\\A5_DynamicFileClass.php:0)",{"nodes":373,"edges":376},[374,375],{"id":357,"type":358,"label":359,"file":167,"line":360},{"id":362,"type":363,"label":364,"file":167,"line":360,"wp_function":365},[377],{"from":357,"to":362,"sanitized":368},{"summary":379,"deductions":380},"The \"category-feature\" plugin version 2.5 presents a mixed security posture. On the positive side, its attack surface is currently zero, with no unprotected AJAX handlers, REST API routes, shortcodes, or cron events. All SQL queries are properly prepared, and there are no external HTTP requests, which are good indicators of secure coding practices. However, significant concerns arise from the static analysis. The presence of the `create_function` function is a clear vulnerability risk, as it can lead to code injection if user-supplied data is ever passed to it. Furthermore, only 42% of output is properly escaped, leaving a substantial portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks. The taint analysis also reveals that all two analyzed flows have unsanitized paths, indicating that potentially harmful data is not being properly handled before being used or outputted, though these were not classified as critical or high severity in this analysis. The lack of any recorded vulnerabilities in its history is a positive sign, suggesting the plugin has historically been maintained with security in mind, but the current code analysis reveals new potential weaknesses that need to be addressed. Overall, while the plugin benefits from a small attack surface and good SQL practices, the use of `create_function`, poor output escaping, and unsanitized taint flows represent critical areas of concern that require immediate attention to mitigate security risks.",[381,384,386,388,390],{"reason":382,"points":383},"Use of dangerous function create_function",15,{"reason":385,"points":33},"Low percentage of properly escaped output",{"reason":387,"points":152},"Taint flows with unsanitized paths",{"reason":389,"points":14},"Missing nonce checks",{"reason":391,"points":14},"Missing capability checks","2026-03-16T20:49:19.011Z",{"wat":394,"direct":407},{"assetPaths":395,"generatorPatterns":398,"scriptPaths":399,"versionParams":402},[396,397],"\u002Fwp-content\u002Fplugins\u002Fcategory-feature\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fcategory-feature\u002Fjs\u002Fcategory-feature.js",[],[400,401],"\u002Fwp-content\u002Fplugins\u002Fcategory-feature\u002Fta-expander.js","\u002Fwp-content\u002Fplugins\u002Fcategory-feature\u002Fta-expander.min.js",[403,404,405,406],"category-feature\u002Fstyle.css?ver=","category-feature\u002Fjs\u002Fcategory-feature.js?ver=","ta-expander.js?ver=","ta-expander.min.js?ver=",{"cssClasses":408,"htmlComments":410,"htmlAttributes":423,"restEndpoints":425,"jsGlobals":426,"shortcodeOutput":431},[409],"featured-category-widget",[411,412,413,414,415,416,417,418,419,420,421,422],"Copyright 2012 -2016 Stefan Crämer (email : support@atelier-fuenf.de)","This program is free software: you can redistribute it and\u002For modify","This program is distributed in the hope that it will be useful,","You should have received a copy of the GNU General Public License","Stop direct call","loading the framework","loading plugin specific classes","attach JavaScript file for textarea resizing","Additional links on the plugin page","Creating default options on activation","Cleaning on deactivation","Adds a link to the settings to the admin bar in case WP_DEBUG is true",[424],"data-fcw-options",[],[427,428,429,430],"window.FCW_PATH","var FCW_PATH","window.FCW_BASE","var FCW_BASE",[]]