[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flrduvGNjVMWd_mgi_09VzNZwDBIFEBOuKrffzEisN44":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":118,"fingerprints":291},"code-school-badges","Code School Badges","1.0.2","mcnitt","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcnitt\u002F","\u003Cp>Learn By Doing. Code School teaches web technologies in the comfort of your browser with video lessons, coding challenges, and screencasts. Use this plugin to proudly display completed Code School course badges on your WordPress blog, website or CV.\u003C\u002Fp>\n\u003Cp>You can use a widget to display your badges in a header, sidebar or footer or use a shortcode to display badges in the main content area of a post or page. The plugin offers two customization options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>How many of your most recent completed course badges to display\u003C\u002Fli>\n\u003Cli>How large should each badge be (in pixels, ems, or other valid units)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Project code is hosted at GitHub. Contributors welcome.\u003C\u002Fp>\n","Provides both widgets and shortcodes to help display Code School profile badges on your website.",10,1875,0,"2014-09-23T00:37:00.000Z","4.0.38","3.0.1","",[19,20,21,22,23],"badges","code-school","codeschool","profile","shortcode","https:\u002F\u002Fgithub.com\u002Fmcnitt\u002Fcode-school-badges-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-school-badges.1.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T11:00:14.736Z",[36,58,77,89,99],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp-xprofile-shortcode","BP XProfile Shortcode","1.0.1","TylerDigital","https:\u002F\u002Fprofiles.wordpress.org\u002Ftylerdigital\u002F","\u003Cp>Adds Shortcode for BuddyPress XProfile data\u003C\u002Fp>\n\u003Cp>For quick reference, here is a list of example shortcodes:\u003C\u002Fp>\n\u003Cp>Reference field by ID in case name changes:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=12]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city using default user detection (currently displayed BP profile, fallback to author of current page\u002Fpost, fallback to currently logged in user):\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City”]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city for a specific user by ID or username:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=20]\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=”someusername”]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Override the default user detection by specifying method:\u003Cbr \u002F>\nOutput city for the currently logged in user (blank if no user is logged in):\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=current]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city for the author of the current page\u002Fpost being viewed:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=author]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city for the currently displayed BuddyPress profile:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=displayed]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftylerdigital.com\u002Fproducts\u002Fbp-xprofile-shortcode-plugin\u002F\" rel=\"nofollow ugc\">Learn more about BP XProfile Shortcode\u003C\u002Fa>\u003C\u002Fp>\n","Adds Shortcode for BuddyPress XProfile data",50,9039,60,4,"2015-04-25T00:24:00.000Z","3.9.40","3.5",[52,23,53,54,55],"buddypress","user-meta","users","xprofile","http:\u002F\u002Ftylerdigital.com\u002Flabs\u002Fbp-xprofile-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-xprofile-shortcode.1.0.1.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":75,"download_link":76,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"achievement-shortcode-add-on-for-gamipress","Achievement Shortcode Add-On for GamiPress","1.0.0","konnektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonnektiv\u002F","\u003Cp>This GamiPress Add-on adds a shortcode to show or hide content depending on the user having earned a specific achievement. Any content in a post or page enclosed in the shortcode [user_earned_achievement id=”achievement_id”][\u002Fuser_earned_achievement] will only be shown if the current user has already earned the achievement with the specified id. This shortcode is fully integrated with the GamiPress shortcode insert button.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> You will need to install the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress plugin\u003C\u002Fa>™ (version 1.4 or higher) to use the GamiPress Achievement Shortcode Add-on. This Plugin was tested up to GamiPress 1.9.1\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">Get the GamiPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin was originally developed for the \u003Ca href=\"https:\u002F\u002Fwww.giz.de\u002Fakademie\u002Fen\u002Fhtml\u002Findex.html\" rel=\"nofollow ugc\">Academy of International Cooperation\u003C\u002Fa> of \u003Ca href=\"https:\u002F\u002Fwww.giz.de\" rel=\"nofollow ugc\">GIZ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contact\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fkonnektiv.de\u002F\" rel=\"nofollow ugc\">Konnektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This GamiPress Add-on adds a shortcode to show or hide content depending on the user having earned a specific achievement.",1339,"2020-10-29T15:34:00.000Z","5.5.18","4.4","5.5.9",[72,73,19,74,23],"access","badge","restrict","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fachievement-shortcode-add-on-for-gamipress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fachievement-shortcode-add-on-for-gamipress.1.0.0.zip",{"slug":78,"name":79,"version":80,"author":62,"author_profile":63,"description":81,"short_description":82,"active_installs":11,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":68,"requires_at_least":85,"requires_php":70,"tags":86,"homepage":87,"download_link":88,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"achievement-shortcode-for-badgeos","Achievement Shortcode Add-On for BadgeOS","1.1.0","\u003Cp>This BadgeOS Add-on adds a shortcode to show or hide content depending on the user having earned a specific achievement.\u003C\u002Fp>\n\u003Cp>Any content in a post or page enclosed in the shortcode [user_earned_achievement id=”achievement_id”][\u002Fuser_earned_achievement] will only be shown if the current user has already earned the achievement with the specified id. This shortcode is fully integrated with the BadgeOS shortcode insert button.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> You will need to install the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbadgeos\u002F\" title=\"BadgeOS\" rel=\"ugc\">BadgeOS plugin\u003C\u002Fa>™ (version 1.4 or higher) to use the BadgeOS Community Add-on. This Plugin was tested up to BadgeOS 3.6.7.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbadgeos\u002F\" title=\"BadgeOS\" rel=\"ugc\">Get the BadgeOS plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin was originally developed for the \u003Ca href=\"https:\u002F\u002Fquality4digitallearning.org\u002F\" rel=\"nofollow ugc\">globe – Community of Digital Learning\u003C\u002Fa> on behalf of \u003Ca href=\"https:\u002F\u002Fwww.giz.de\u002F\" rel=\"nofollow ugc\">GIZ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contact\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fkonnektiv.de\u002F\" rel=\"nofollow ugc\">Konnektiv\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkonnektiv\u002Fbadgeos-achievement-shortcode-add-on\" rel=\"nofollow ugc\">BadgeOS Achievement Shortcode Add-on on GitHub\u003C\u002Fa> – Report issues, contribute code\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This BadgeOS Add-on adds a shortcode to show or hide content depending on the user having earned a specific achievement.",2637,"2020-11-26T17:47:00.000Z","3.6.0",[72,73,19,74,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fachievement-shortcode-for-badgeos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fachievement-shortcode-for-badgeos.1.1.0.zip",{"slug":90,"name":91,"version":61,"author":62,"author_profile":63,"description":92,"short_description":93,"active_installs":11,"downloaded":94,"rating":13,"num_ratings":13,"last_updated":95,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":96,"homepage":97,"download_link":98,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"award-on-click-for-gamipress","Award On Click Add-On for GamiPress","\u003Cp>This GamiPress Add-on adds a shortcode to show a link. The user is then awarded a specified achievement when the link is clicked. This shortcode is fully integrated with the GamiPress shortcode insert button.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> You need to install the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">GamiPress plugin\u003C\u002Fa>™ (version 1.4 or higher) to use the GamiPress Community Add-on. The Plugin was tested up to GamiPress 1.9.1\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgamipress\u002F\" title=\"GamiPress\" rel=\"ugc\">Get the GamiPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin was originally developed for the \u003Ca href=\"https:\u002F\u002Fwww.giz.de\u002Fakademie\u002Fen\u002Fhtml\u002Findex.html\" rel=\"nofollow ugc\">Academy of International Cooperation\u003C\u002Fa> of \u003Ca href=\"https:\u002F\u002Fwww.giz.de\" rel=\"nofollow ugc\">GIZ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contact\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkonnektiv.de\u002F\" rel=\"nofollow ugc\">Konnektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This GamiPress Add-on adds a shortcode to show a link. The user is awarded a specified achievement when the link is clicked.",1228,"2020-10-24T14:03:00.000Z",[72,73,19,74,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faward-on-click-for-gamipress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faward-on-click-for-gamipress.1.0.0.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":11,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":17,"tags":113,"homepage":116,"download_link":117,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"buddypress-custom-profile-filters","Custom Profile Filters for BuddyPress","1.1","antonchanning","https:\u002F\u002Fprofiles.wordpress.org\u002Fantonchanning\u002F","\u003Cp>Out of the box, BuddyPress automatically turns some words and phrases in the fields of a user’s profile into links that, when clicked, search the user’s community for other profiles containing those phrases. It also removes any attempts at formatting with new lines.\u003C\u002Fp>\n\u003Cp>When activated, this plugin allows users to have more control over these links, in the following ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Auto generated links are completely disabled.\u003C\u002Fli>\n\u003Cli>By using curly brackets in a profile field, users can specify which words or phrases in their profile turn into links. For example: under Interests, I might list “Cartoons about dogs”. Without this plugin, Buddypress will turn the entire phrase into a link that searches the community for others who like ‘cartoons about cats’. If I instead type “{Cartoons} about {cats}”, then the two words in brackets will turn into independent links.\u003C\u002Fli>\n\u003Cli>If the ‘bbPress2 shortcode whitelist’ plugin is activated, then users can also apply admin approved shortcodes to their profile fields. \u003C\u002Fli>\n\u003Cli>Administrators can specify certain profile fields that link to social networking profiles. If I enter my Twitter handle ‘antonchanning’ into a field labeled ‘Twitter’, for example, this plugin will bypass the default link to a BuddyPress search on ‘antonchanning’ and instead link to http:\u002F\u002Ftwitter.com\u002Fantonchanning. (Currently this list is hardcoded, but I plan to add an admin screen in future versions. See buddypress-custom-profile-filters-bp-functions.php to configure this setting for now).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin is forked from a similar plugin from CUNY Academic Commons of the City University of New York.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>The plugin checks each profile for curly brackets and activates if it finds any. If the ‘bbPress2 shortcode whitelist’ plugin\u003Cbr \u002F>\nis installed, any shortcodes approved by admin can be used in profile fields. For example, codes from the ‘bbPress BBCode’\u003Cbr \u002F>\nplugin.\u003C\u002Fp>\n\u003Cp>You might want to insert a small explanation into your BP profile edit template (\u002Fwp-content\u002Fbp-themes\u002F[your-member-theme]\u002Fprofile\u002Fedit.php that tells your site’s users how to use these brackets. For example:\u003C\u002Fp>\n\u003Cp>“Words or phrases in your profile can be linked to the profiles of other members that contain the same phrases. To specify which words or phrases should be linked, add square brackets: e.g. “[b]Life’s a beach![\u002Fb] I love {icecream} and {swimming}.”.”\u003C\u002Fp>\n\u003Cp>Future features include: admin tab with toggle switch; ability to tweak BP’s automatic profile filter (e.g. to parse semi-colon separated lists in addition to commas).\u003C\u002Fp>\n","Allows users to take control of the way that the links in their Buddypress profiles are handled.",3678,100,2,"2013-04-08T10:08:00.000Z","3.5.2","2.5",[114,52,115,22,23],"bbcode","filter","http:\u002F\u002Fwp.antonchanning.com\u002Fbuddypress-custom-profile-filters","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-custom-profile-filters.1.1.zip",{"attackSurface":119,"codeSignals":152,"taintFlows":237,"riskAssessment":279,"analyzedAt":290},{"hooks":120,"ajaxHandlers":143,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":31,"unprotectedCount":31},[121,127,131,135,139],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","admin_menu","wpcodeschool_badges_menu","wpcodeschool-badges.php",37,{"type":122,"name":128,"callback":129,"file":125,"line":130},"widgets_init","wpcodeschool_badges_register_widgets",138,{"type":122,"name":132,"callback":133,"file":125,"line":134},"wp_head","wpcodeschool_badges_enable_frontend_ajax",227,{"type":122,"name":136,"callback":137,"file":125,"line":138},"admin_head","wpcodeschool_badges_backend_styles",236,{"type":122,"name":140,"callback":141,"file":125,"line":142},"wp_enqueue_scripts","wpcodeschool_badges_frontend_scripts_and_styles",242,[144],{"action":145,"nopriv":146,"callback":147,"hasNonce":146,"hasCapCheck":146,"file":125,"line":148},"wpcodeschool_badges_recfresh_profile",false,"wpcodeschool_badges_refresh_profile",210,[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":13,"externalRequests":31,"nonceChecks":13,"capabilityChecks":31,"bundledLibraries":236},[],{"prepared":13,"raw":13,"locations":155},[],{"escaped":157,"rawEcho":158,"locations":159},6,49,[160,163,165,166,167,169,170,172,173,175,177,178,179,180,181,182,183,184,185,187,189,190,191,192,193,195,196,198,199,200,202,203,205,206,208,209,211,213,215,217,219,221,223,225,227,229,230,232,234],{"file":161,"line":109,"context":162},"inc\\front-end-shortcode.php","raw output",{"file":161,"line":164,"context":162},3,{"file":161,"line":11,"context":162},{"file":161,"line":11,"context":162},{"file":161,"line":168,"context":162},11,{"file":161,"line":168,"context":162},{"file":161,"line":171,"context":162},12,{"file":161,"line":171,"context":162},{"file":161,"line":174,"context":162},18,{"file":176,"line":109,"context":162},"inc\\front-end.php",{"file":176,"line":164,"context":162},{"file":176,"line":11,"context":162},{"file":176,"line":11,"context":162},{"file":176,"line":168,"context":162},{"file":176,"line":168,"context":162},{"file":176,"line":171,"context":162},{"file":176,"line":171,"context":162},{"file":176,"line":174,"context":162},{"file":186,"line":174,"context":162},"inc\\options-page-wrapper.php",{"file":186,"line":188,"context":162},80,{"file":186,"line":188,"context":162},{"file":186,"line":188,"context":162},{"file":186,"line":26,"context":162},{"file":186,"line":26,"context":162},{"file":186,"line":194,"context":162},88,{"file":186,"line":194,"context":162},{"file":186,"line":197,"context":162},126,{"file":186,"line":197,"context":162},{"file":186,"line":197,"context":162},{"file":186,"line":201,"context":162},131,{"file":186,"line":201,"context":162},{"file":186,"line":204,"context":162},134,{"file":186,"line":204,"context":162},{"file":186,"line":207,"context":162},169,{"file":186,"line":207,"context":162},{"file":186,"line":210,"context":162},172,{"file":186,"line":212,"context":162},174,{"file":186,"line":214,"context":162},175,{"file":186,"line":216,"context":162},176,{"file":186,"line":218,"context":162},177,{"file":186,"line":220,"context":162},178,{"file":186,"line":222,"context":162},183,{"file":186,"line":224,"context":162},190,{"file":186,"line":226,"context":162},194,{"file":228,"line":47,"context":162},"inc\\widget-fields.php",{"file":228,"line":168,"context":162},{"file":228,"line":231,"context":162},17,{"file":228,"line":233,"context":162},24,{"file":125,"line":235,"context":162},220,[],[238,261],{"entryPoint":239,"graph":240,"unsanitizedCount":31,"severity":260},"wpcodeschool_badges_options_page (wpcodeschool-badges.php:44)",{"nodes":241,"edges":257},[242,247,251],{"id":243,"type":244,"label":245,"file":125,"line":246},"n0","source","$_POST",57,{"id":248,"type":249,"label":250,"file":125,"line":246},"n1","transform","→ wpcodeschool_badges_get_profile()",{"id":252,"type":253,"label":254,"file":125,"line":255,"wp_function":256},"n2","sink","wp_remote_get() [SSRF]",179,"wp_remote_get",[258,259],{"from":243,"to":248,"sanitized":146},{"from":248,"to":252,"sanitized":146},"medium",{"entryPoint":262,"graph":263,"unsanitizedCount":109,"severity":260},"\u003Cwpcodeschool-badges> (wpcodeschool-badges.php:0)",{"nodes":264,"edges":274},[265,267,268,270,272],{"id":243,"type":244,"label":245,"file":125,"line":266},55,{"id":248,"type":253,"label":254,"file":125,"line":255,"wp_function":256},{"id":252,"type":244,"label":269,"file":125,"line":246},"$_POST (x2)",{"id":271,"type":249,"label":250,"file":125,"line":246},"n3",{"id":273,"type":253,"label":254,"file":125,"line":255,"wp_function":256},"n4",[275,277,278],{"from":243,"to":248,"sanitized":276},true,{"from":252,"to":271,"sanitized":146},{"from":271,"to":273,"sanitized":146},{"summary":280,"deductions":281},"The code-school-badges plugin v1.0.2 presents a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and having no recorded historical vulnerabilities. The plugin also avoids bundled libraries and making external HTTP requests, which can sometimes introduce security risks.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes a single AJAX handler that lacks authentication checks, creating a direct attack vector. Furthermore, a substantial portion of its output (89%) is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. While taint analysis did not reveal critical or high severity issues, the presence of two flows with unsanitized paths, even if of lower severity, coupled with the unescaped output, suggests potential for malicious data injection or manipulation.\n\nIn conclusion, the lack of historical vulnerabilities is a positive indicator, but the current code analysis highlights critical weaknesses, particularly the unprotected AJAX endpoint and pervasive output escaping deficiencies. These issues present a clear and present danger to any WordPress site using this plugin, outweighing the positive aspects of its code quality in other areas.",[282,284,287],{"reason":283,"points":11},"AJAX handler without authentication check",{"reason":285,"points":286},"High percentage of unescaped output",8,{"reason":288,"points":289},"Flows with unsanitized paths detected",5,"2026-03-17T01:27:57.224Z",{"wat":292,"direct":299},{"assetPaths":293,"generatorPatterns":296,"scriptPaths":297,"versionParams":298},[294,295],"\u002Fwp-content\u002Fplugins\u002Fwpcodeschool-badges\u002Finc\u002Fwpcodeschool-badges.css","\u002Fwp-content\u002Fplugins\u002Fwpcodeschool-badges\u002Fwpcodeschool-badges.js",[],[295],[],{"cssClasses":300,"htmlComments":301,"htmlAttributes":303,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":311},[],[302],"\u003C!-- Markup Based on: https:\u002F\u002Fgithub.com\u002Fbueltge\u002FWordPress -->",[304,305,306,307],"name=\"wpcodeschool_username\"","name=\"wpcodeschool_display_sub_badges\"","id=\"wpcodeschool_username\"","id=\"wpcodeschool_display_sub_badges\"",[],[310],"ajaxurl",[312,313,314,315],"[wpcodeschool_badges]","[wpcodeschool_badges num_badges=\"3\"]","[wpcodeschool_badges badge_size=\"120px\"]","[wpcodeschool_badges num_badges=\"3\" badge_size=\"120px\"]"]