[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNWk3tN08yTClJHGjHQC4tEKE1jND3zLgAeuu63COuDI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":133,"fingerprints":195},"code-widget","Code Widget","1.0.15","Sharaz Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharaz\u002F","\u003Cp>Code Widget is simple widget allows you to insert any arbitrary Text\u002FHTML  and run  PHP Code or Short Code. This Widget parses PHP code  into simple text and much more.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003Cbr \u002F>\nThis plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsharazghouri1\" rel=\"nofollow ugc\">Sharaz Shahid\u003C\u002Fa>\u003C\u002Fp>\n","Code widget help  to  add  Short Code, PHP Code, HTML, and Simple Text in widget.",4000,60271,98,35,"2022-06-11T11:06:00.000Z","6.1.0","4.0","7.0",[20,21,22,23,24],"code","html","php","short-code","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-widget.1.0.15.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"sharaz",5,5010,93,30,89,"2026-04-04T02:38:04.528Z",[41,59,78,97,117],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":28,"num_ratings":28,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":57,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"safe-php-code-widget","Safe PHP Code Widget","1.0","k0tik","https:\u002F\u002Fprofiles.wordpress.org\u002Fk0tik\u002F","\u003Cp>The usual Text widget allows you to insert arbitrary Text and\u002For HTML code. This allows that too, but also parses any PHP or JavaScript code in the text widget and executes it.\u003C\u002Fp>\n\u003Cp>This plugin is based on “PHP Code Widget”, but now available for use by site administrators ONLY, which makes it more secure.\u003C\u002Fp>\n\u003Cp>All PHP code must be enclosed in the standard php opening and closing tags ( \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode> ) for it to be recognized and executed. Also JavaScript code must be enclosed in the \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003C\u002Fscript>\u003C\u002Fcode> tags, as usual.\u003C\u002Fp>\n","Adds a secure and simple widget in which you can use PHP and JavaScript code. Also you can use unfiltered HTML or just Text. Admin Use Only.",70,2248,"2019-01-09T01:28:00.000Z","5.0.25","2.8","",[20,21,56,22,24],"javascript","https:\u002F\u002Fnewbiz.online\u002Fwp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-php-code-widget.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":54,"tags":74,"homepage":76,"download_link":77,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"html-widget","HTML Widget","0.1.0","seothemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fseothemes\u002F","\u003Cp>HTML Widget adds a new widget that can be used for displaying any custom HTML in a easy to use way. The syntax highlighting makes the code clear and readable which makes your widgets easier to manage. Only users with sufficient capabilities can use all HTML elements, while users with limited capabilities can only use safe HTML that is allowed in posts.\u003C\u002Fp>\n","Adds a simple HTML widget with syntax highlighting for HTML, CSS and JS.",400,5797,80,4,"2017-06-30T10:45:00.000Z","4.8.28","4.7",[75,21,24],"codemirror","http:\u002F\u002Fgithub.com\u002Fseothemes\u002Fhtml-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-widget.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":28,"num_ratings":28,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":54,"tags":91,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"2mb-autocode","2MB Autocode","1.2.6","Michael","https:\u002F\u002Fprofiles.wordpress.org\u002Flilmike\u002F","\u003Cp>This plugin, developed by \u003Ca href=\"https:\u002F\u002F2mb.solutions\u002F\" rel=\"nofollow ugc\">2MB Solutions\u003C\u002Fa>, allows you to place predetermined text\u002Fhtml\u002Fphp at the top and\u002For bottom of each post. In addition, you can override the placing of text at the bottom and\u002For top of a specific post, override the placing of text on the homepage or on a post individually, or run arbitrary php inside a post.\u003C\u002Fp>\n\u003Cp>For more on 2MB, please visit (https:\u002F\u002F2mb.solutions\u002F).\u003C\u002Fp>\n\u003Cp>Note that all development now takes place at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F2mb-solutions\u002Fautocode\u002F\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin allows you to place predetermined text\u002Fhtml\u002Fphp at the top or bottom of posts.",100,39018,"2021-02-06T21:41:00.000Z","5.6.17","3.0",[92,93,94,21,22],"autocode","automatic","code-placement","https:\u002F\u002F2mb.solutions\u002Fplugins\u002Fautocode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F2mb-autocode.1.2.6.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":69,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":54,"tags":111,"homepage":54,"download_link":116,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"my-wp-tagcanvas","3D WP Tag Cloud-S","5.3.6","hityr5yr","https:\u002F\u002Fprofiles.wordpress.org\u002Fhityr5yr\u002F","\u003Cp>This is a Single Cloud variant of 3D WP Tag Cloud. It Creates multiple instances widget that draws and animates an HTML5 canvas based tag cloud. Plugin may rotate 16 types of content:\u003C\u002Fp>\n\u003Cp>Pages, Recent Posts, External Links (blogroll), Menus, Blog Archives, List of Authors, Current Page\u002FPost Links, Links from a custom HTML container, Post Tags, Post Categories,\u003Cbr \u002F>\nPortfolio Categories, Portfolio Items, Portfolio Filters, Slider Categories, Slider Items and Accordions.\u003C\u002Fp>\n\u003Cp>It Supports 91 shapes:\u003C\u002Fp>\n\u003Cp>A CUSTOMER DEFINED, letter A, parabolic ANTENNA, APPLE-1, APPLE-2, AXES, lighthouse BEAM, BALLOON, BALLS, BLACKHOLE, BLOSSOM, BOWTIE, BULB, BUTTERFLY, CANDY, CAPSULE, concentric CIRCLES,\u003Cbr \u002F>\nCROWN, CUBE, CYLINDER that starts off horizontal, CYLINDER that starts off vertical, DANCERS, DIAMINITY, DIAMOND, DNA that starts off horizontal, DNA that starts off vertical, DOMES,\u003Cbr \u002F>\nEARING, EGG, EGG BOX, EXCAVATOR, Christmas FIR, FISH-1, FISH-2, GLASS, GLOBE of rings, HEART, HEXAGON (bee cell), INFINITY-1, INFINITY-2, INSECT, KNOT, LEMON, LISSAJOUS, LOVE, letter M,\u003Cbr \u002F>\nMÖBIUS FAN, MONSTER, letter N, letter O, OWLISH, PEARISH, PEG TOP that starts off horizontal, PEG TOP that starts off vertical, PILLOW, PYRAMID (tetrahedron), RING that starts off\u003Cbr \u002F>\nhorizontal, RING that starts off vertical, RINGS knotwork, ROLLER of rings, RIM, ROUNDABOUT, SANDGLASS, SATURN, SPHERE, SPIRAL, SPRING, SQUARE, STAIRCASE, STAR-1, STAR-2, STARWARS-1,\u003Cbr \u002F>\nSTARWARS-2, STARWARS-3, STARWARS-4, STOOL, TEARDROP, TIRE, TORUS, TOWER of rings, TRIANGLE, UFO, letter V, letter W, WALL-E’S EYES, WALNUT, WINGS, letter X, letter Y, YIN YANGISH and\u003Cbr \u002F>\nletter Z(S).\u003C\u002Fp>\n\u003Cp>3D WP Tag Cloud-S requires at least WP 4.8 and possesses following Main Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allows adding tag clouds via Shortcode.\u003C\u002Fli>\n\u003Cli>Supports multiple shape selection for automatic shape transitions during rotation.\u003C\u002Fli>\n\u003Cli>Alows different ways of tags distribution on a shape (option ‘Magic’) and supports multipe magic selection for automatic transitions during rotation.\u003C\u002Fli>\n\u003Cli>Able to rotate clouds around all three axes.\u003C\u002Fli>\n\u003Cli>Option values are preset and don’t have to be typed but selected.\u003C\u002Fli>\n\u003Cli>Multiple fonts, multiple colors and multiple backgrounds can be applied to the cloud content.\u003C\u002Fli>\n\u003Cli>Full variety of fonts from Google Font Library is available.\u003C\u002Fli>\n\u003Cli>Allows creating clouds of images.\u003C\u002Fli>\n\u003Cli>In case of Recent posts, Pages, Menu, List of Authors, External Links (blogroll), Current Page\u002FPost Links and Custom HTML container tags may consist of both image and text.\u003C\u002Fli>\n\u003Cli>Gives an option to put images and\u002For text in the center of the cloud. – Accepts background images as well.\u003C\u002Fli>\n\u003Cli>The Number of tags in the cloud is adjustable.\u003C\u002Fli>\n\u003Cli>Allows showing number of posts in a category tag and number of posts where a post tag is used.\u003C\u002Fli>\n\u003Cli>Automatically includes WP Links panel for users who started using WP since v 3.5, when Links Manager and blogroll were made hidden by default.\u003C\u002Fli>\n\u003Cli>Uses Graham Breach’s Javascript class TagCanvas v. 2.9 and includes all of its 80+ options in the Control Panel Settings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For adding tag clouds outside sidebars via Shortcode:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Go to ‘Widgets’ page of your WP Admin Panel and open the widget. \u003C\u002Fli>\n\u003Cli>Set the options for your cloud and save that widget instance in ‘Inactive Widgets’.\u003C\u002Fli>\n\u003Cli>A message with a Shortcode for adding the cloud in a page\u002Fpost will pop up.\u003C\u002Fli>\n\u003Cli>Copy & Paste it where you want it to appear.\u003C\u002Fli>\n\u003Cli>For a later use the Shortcode will be available at the top of that widget instance in ‘WIDGET OPTIONS’ section.\u003C\u002Fli>\n\u003C\u002Fol>\n","3D WP Tag Cloud-S draws and animates an HTML5 canvas based tag cloud.",90,27268,9,"2018-01-17T08:56:00.000Z","4.9.29","4.8",[112,113,114,115,24],"3d","html5","shortcode","tag-cloud","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-wp-tagcanvas.zip",{"slug":118,"name":119,"version":44,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":49,"downloaded":124,"rating":86,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":54,"tags":129,"homepage":131,"download_link":132,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"shortcode-for-sidebar","Plugin Name: Disable Media","Tanmoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fsktanmoy\u002F","\u003Cp>This Plugin Will enable short code in WordPress sidebar Widget. By default, wordpress doesn’t support Short Code in Sidebar Widget. This Plugin can remove that restriction.\u003Cbr \u002F>\nJust Use a text widget for sidebar and use [short code] and ENJOY.\u003C\u002Fp>\n\u003Cp>If you like this, Please rate it.\u003C\u002Fp>\n","This Plugin Will enable short code in WordPress sidebar Widget. By default, wordpress doesn't support Short Code in Sidebar Widget.",4848,1,"2010-04-15T11:43:00.000Z","2.9.2","2.0.0",[23,114,130,24],"sidebar","http:\u002F\u002Fwww.nhost.biz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcode-for-sidebar.zip",{"attackSurface":134,"codeSignals":166,"taintFlows":184,"riskAssessment":185,"analyzedAt":194},{"hooks":135,"ajaxHandlers":156,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":125,"unprotectedCount":28},[136,142,145,149,152],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_init","dismiss_review_notice","class-code-widget.php",54,{"type":137,"name":138,"callback":143,"file":140,"line":144},"show_review_notice",55,{"type":137,"name":146,"callback":147,"file":140,"line":148},"admin_notices","sb_promote_plugins",57,{"type":137,"name":146,"callback":150,"file":140,"line":151},"review_admin_notice",265,{"type":137,"name":153,"callback":154,"file":140,"line":155},"widgets_init","register_code_widget",441,[157],{"action":158,"nopriv":159,"callback":160,"hasNonce":161,"hasCapCheck":161,"file":140,"line":162},"cw_deactivation_feedback",false,"deactivation_feedback",true,56,[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":28,"externalRequests":125,"nonceChecks":70,"capabilityChecks":182,"bundledLibraries":183},[],{"prepared":28,"raw":28,"locations":169},[],{"escaped":171,"rawEcho":70,"locations":172},28,[173,176,178,180],{"file":140,"line":174,"context":175},104,"raw output",{"file":140,"line":177,"context":175},107,{"file":140,"line":179,"context":175},111,{"file":140,"line":181,"context":175},161,2,[],[],{"summary":186,"deductions":187},"The code-widget plugin v1.0.15 demonstrates a strong security posture with several good practices evident.  It boasts a limited attack surface with only one AJAX handler, and importantly, this handler appears to be protected by authentication checks.  The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests further contributes to its security.  The high percentage of properly escaped output and the presence of nonce and capability checks are also positive indicators.  The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a commitment to secure coding or perhaps a lack of widespread security scrutiny.  However, the analysis did not include taint analysis flows, which could reveal subtle vulnerabilities.  While the current static analysis reveals no immediate critical risks, the lack of taint analysis means potential issues related to data sanitization and context could be present.",[188,190,192],{"reason":189,"points":70},"88% of output escaped, 12% unescaped",{"reason":191,"points":182},"External HTTP request not detailed",{"reason":193,"points":34},"Taint analysis flows not analyzed","2026-03-16T18:13:23.956Z",{"wat":196,"direct":205},{"assetPaths":197,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[198,199],"\u002Fwp-content\u002Fplugins\u002Fcode-widget\u002Flib\u002Fsolbox-plugin-deactivation-survey\u002Fcss\u002Ffeedback-modal.css","\u002Fwp-content\u002Fplugins\u002Fcode-widget\u002Flib\u002Fsolbox-plugin-deactivation-survey\u002Fjs\u002Ffeedback-modal.js",[],[],[203,204],"code-widget-style?ver=","code-widget-admin-script?ver=",{"cssClasses":206,"htmlComments":207,"htmlAttributes":208,"restEndpoints":210,"jsGlobals":212,"shortcodeOutput":214},[4],[],[209],"data-codewidget-field",[211],"\u002Fwp-json\u002Fcodewidget\u002Fv1\u002Fsettings",[213],"codewidget_params",[]]