[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOYqwJT4kUAfgo8Y_tuXeOhntcB70Dhgb4LCuqlhGgvQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":82},"cellarweb-instant-comment-management","CellarWeb Instant Comment Management","1.01","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Easily moderate comments from the front end comment display by adding ‘Spam’, ‘Trash’, and ‘Delete’ options next to the standard ‘Edit’ option. Immediately performs the action without any intervening screens, then removes the comment from the display. Much faster and more efficient for sites with many comments. Works with all themes that use the standard comment list functions and filters.\u003C\u002Fp>\n","Easily moderate comments from the front end comment display with spam\u002Ftrash\u002Fdelete options for admins only.",0,1573,"","6.3.8","4.9","7.3",[18],"comment-manage-monitor-moderate","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcellarweb-instant-comment-management.1.01.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-04T13:49:17.179Z",[],{"attackSurface":35,"codeSignals":55,"taintFlows":74,"riskAssessment":75,"analyzedAt":81},{"hooks":36,"ajaxHandlers":51,"restRoutes":52,"shortcodes":53,"cronEvents":54,"entryPointCount":11,"unprotectedCount":11},[37,43,47],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","wp_enqueue_scripts","CWICM_ajax_action","cellarweb-instant-comment-management.php",28,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_menu","CWICM_add_plugin_page",75,{"type":38,"name":48,"callback":49,"file":41,"line":50},"init","CWICM_init",179,[],[],[],[],{"dangerousFunctions":56,"sqlUsage":57,"outputEscaping":59,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":72,"bundledLibraries":73},[],{"prepared":11,"raw":11,"locations":58},[],{"escaped":11,"rawEcho":60,"locations":61},5,[62,64,66,68,70],{"file":41,"line":29,"context":63},"raw output",{"file":41,"line":65,"context":63},142,{"file":41,"line":67,"context":63},159,{"file":41,"line":69,"context":63},228,{"file":41,"line":71,"context":63},238,1,[],[],{"summary":76,"deductions":77},"The cellarweb-instant-comment-management plugin version 1.01 exhibits a mixed security posture. On the positive side, the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all detected SQL queries utilize prepared statements, and there are no direct file operations or external HTTP requests, which are generally good practices for minimizing risk. The plugin also includes one capability check, demonstrating some awareness of permission management.\n\nHowever, a significant concern arises from the output escaping. With 5 total outputs and 0% properly escaped, this plugin presents a clear risk of cross-site scripting (XSS) vulnerabilities. Any data displayed to users that originates from user input or other sources without proper sanitization could be exploited. The absence of nonce checks on AJAX (though there are no AJAX handlers) and the lack of critical or high severity taint flows are positive signs, but the unescaped output remains a substantial threat.\n\nThe plugin's vulnerability history is clean, with no known CVEs. This suggests that either the plugin has not been a target, or its developers have maintained a good security record in the past. However, the lack of historical vulnerabilities should not be interpreted as a guarantee of future security, especially given the identified output escaping issues. The overall conclusion is that while the plugin has a limited attack surface and uses secure database practices, the critical failure in output escaping creates a significant security weakness that needs immediate attention.",[78],{"reason":79,"points":80},"Unescaped output",15,"2026-03-17T05:46:03.797Z",{"wat":83,"direct":92},{"assetPaths":84,"generatorPatterns":87,"scriptPaths":88,"versionParams":90},[85,86],"\u002Fwp-content\u002Fplugins\u002Fcellarweb-instant-comment-management\u002Fassets\u002Fbanner-1000x200.jpg","\u002Fwp-content\u002Fplugins\u002Fcellarweb-instant-comment-management\u002Fassets\u002Fscreenshot-1.jpg",[],[89],"\u002Fwp-content\u002Fplugins\u002Fcellarweb-instant-comment-management\u002Fjs\u002Fcwicm_comment_ajax_actions.js",[91],"cellarweb-instant-comment-management\u002Fjs\u002Fcwicm_comment_ajax_actions.js?ver=",{"cssClasses":93,"htmlComments":100,"htmlAttributes":102,"restEndpoints":104,"jsGlobals":105,"shortcodeOutput":106},[94,95,96,97,98,99],"CWICM_header","CWICM_shadow","CWICM_options","CWICM_sidebar","CWICM_footer","CWICM_list_disc",[101]," not sure why this one is needed ...",[103],"CWICM_settings",[],[],[]]