[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnuNkaKS5ymlDy2CpWimdfRdu3bvY1GedNQLZ18_gl7g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":129,"fingerprints":265},"combined-image-and-text-widget","Combined Image and Text Widget","1.1","Nadav Rotchild","https:\u002F\u002Fprofiles.wordpress.org\u002Fnadav-rotchild\u002F","\u003Cp>Combined Image and Text Widget is a plugin that allows you to effortlessly add text and images to your sidebars, with or without links.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily add images to your sidebar using the native WordPress media uploader.\u003C\u002Fli>\n\u003Cli>Add classes, an id, an image alt and a link to your sidebar widget without touching any code.\u003C\u002Fli>\n\u003Cli>Supports WPML multilanguage capabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n","A widget plugin for text and image combinations, with multilingual support.",90,5375,0,"2016-10-07T01:21:00.000Z","4.6.30","2.8","",[19,20,21,22],"admin","images","links","widget","http:\u002F\u002Fwww.nadavr.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcombined-image-and-text-widget.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"nadav-rotchild",1,30,84,"2026-04-04T05:39:35.508Z",[36,57,77,94,111],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"dashboard-quick-link-widget","Dashboard quick links widget","1.6.0","Hem Thapa","https:\u002F\u002Fprofiles.wordpress.org\u002Fhemthapa\u002F","\u003Cp>A lightweight plugin to allows admins to create an admin dashboard widget with frequently accessed links for quick access.\u003C\u002Fp>\n\u003Cp>I originally developed this plugin after spending hours creating client\u002Fuser documentation for every WordPress project. Instead of writing step-by-step navigation documentation, I used this plugin to organise all necessary links on the single widget for non-technical users. As a developer, I also use this script myself to organise frequently accessed links for quick access.\u003C\u002Fp>\n\u003Ch4>Links format\u003C\u002Fh4>\n\u003Cp>Each link should be entered in a separate line in the following format\u003Cbr \u002F>\n(the fourth parameter, i.e. font awesome icon class is optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ccode>Link text|Button link|Button text|font-awesome icon class\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>Post blog|\u002Fwp-admin\u002Fpost-new.php|Post blog\nPost blog|\u002Fwp-admin\u002Fpost-new.php|Post blog|fa fa-cog\nPost blog|\u002Fwp-admin\u002Fpost-new.php newtab|Post blog|fa fa-cog`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you have any feedback or queries please contact me at \u003Ca href=\"http:\u002F\u002Fhemthapa.com?ref=wp_dqlw\"hemthapa.com\"\" rel=\"nofollow ugc\">hemthapa.com\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin to allows admins to create a admin dashboard widget with frequently accessed links for quick access.",700,8592,100,8,"2026-01-23T07:08:00.000Z","6.9.4","3.0","7.3",[19,53,21,54,22],"dashboard","shortcut-widget","http:\u002F\u002Fwww.hemthapa.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-quick-link-widget.1.6.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":17,"tags":72,"homepage":75,"download_link":76,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"insights","Insights","1.0.8","Vladimir Prelovac","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreediver\u002F","\u003Cp>Insights brings a powerful new way to write your blog posts. It increases productivity and at the same time quality of your posts.\u003C\u002Fp>\n\u003Cp>Insights performs following functions in real-time:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Interlink your posts\u003C\u002Fli>\n\u003Cli>Insert Flickr images\u003C\u002Fli>\n\u003Cli>Insert Youtube videos\u003C\u002Fli>\n\u003Cli>Search Wikipedia\u003C\u002Fli>\n\u003Cli>Search Google\u003C\u002Fli>\n\u003Cli>Search Google News\u003C\u002Fli>\n\u003Cli>Google Blog Search\u003C\u002Fli>\n\u003Cli>Google Book Search\u003C\u002Fli>\n\u003Cli>Insert a Google Map\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Finsights\u002Fscreenshots\u002F\" rel=\"ugc\">screenshots\u003C\u002Fa> for more examples of usage.\u003C\u002Fp>\n\u003Cp>Insights allows you to do all this using dynamic AJAX interface which loads the relevant information to your post in just a few seconds.\u003C\u002Fp>\n\u003Cp>Plugin by Vladimir Prelovac. Also check out \u003Ca href=\"https:\u002F\u002Fmanagewp.com\" rel=\"nofollow ugc\">ManageWP\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>The ideas for a quickly accessible Google Maps solution came from \u003Ca href=\"http:\u002F\u002Flabs.mozilla.com\u002Fprojects\u002Fubiquity\u002F\" rel=\"nofollow ugc\">Ubiquity\u003C\u002Fa> plugin for Firefox, which is just pure coolness.\u003C\u002Fp>\n\u003Cp>Thanks.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of Insights.\u003C\u002Fp>\n\u003Cp>Insights is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>Insights is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with Insights. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Insights allows you to quickly access and insert information (links, images, videos, maps..) into your blog posts.",300,150073,96,5,"2014-12-22T09:10:00.000Z","4.2.39","2.3",[19,73,20,21,74],"google","posts","http:\u002F\u002Fwww.prelovac.com\u002Fvladimir\u002Fwordpress-plugins\u002Finsights","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finsights.zip",{"slug":78,"name":79,"version":6,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":68,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":17,"tags":90,"homepage":92,"download_link":93,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"default-image-link","Default Image Link","jruizcantero","https:\u002F\u002Fprofiles.wordpress.org\u002Fjruizcantero\u002F","\u003Cp>Select default settings for image link when you upload\u002Finsert images in post or pages. When you insert a image in a post\u002Fpage, by default, always it appears linked to media file.\u003Cbr \u002F>\nWith this plugin you will be able to stablish the link type by default for images which are inserted in post\u002Fpages without remembering select this option for each occasion.\u003C\u002Fp>\n\u003Cp>For SEO or other causes, some users prefer \u003Cstrong>images with ‘None’ link\u003C\u002Fstrong>. Also, others users prefer that \u003Cstrong>images link to Attachment page\u003C\u002Fstrong> or directly \u003Cstrong>link to self file\u003C\u002Fstrong> .jpg, .png, .gif, etc.\u003C\u002Fp>\n\u003Cp>Default Image Link let you choose between this links types for images:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>None\u003C\u002Fli>\n\u003Cli>Media File\u003C\u002Fli>\n\u003Cli>Attachment Page\u003C\u002Fli>\n\u003Cli>Custom URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each image, you will be able to change again the link type and the links of images that were inserted in post\u002Fpages previously will never be modified.\u003C\u002Fp>\n\u003Cp>Also, this plugin can be useful for webs where publish multiple users that sometimes forget to select the correct link for each image uploaded\u002Finserted in post or pages.\u003C\u002Fp>\n\u003Cp>Do you want to translate the plugin to your language? (I can give you your credits). Any suggestions? You can contact me or follow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fjruizcantero\" rel=\"nofollow ugc\">Twitter @jruizcantero\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>(Thanks to Isabel Caballero for her English translations).\u003C\u002Fp>\n\u003Ch4>Descripción en Español\u003C\u002Fh4>\n\u003Cp>Selecciona el enlace por defecto que tendrán tus imágenes cuándo son subidas\u002Finsertadas en un artículo o página. Cuando insertas una imagen en un artículo\u002Fpágina, por defecto, siempre aparece enlazada al propio archivo que has subido.\u003Cbr \u002F>\nCon este plugin podrás establecer el tipo de enlace por defecto que quieres que tengan las imágenes cuando son insertadas en artículos\u002Fpáginas sin tener que acordarte de cambiarlo en cada ocasión.\u003C\u002Fp>\n\u003Cp>Por motivos de SEO o cualquier otra causa, muchos usuarios prefieren que las \u003Cstrong>imágenes siempre aparezcan sin enlace\u003C\u002Fstrong>. También hay quien prefiere que las \u003Cstrong>imágenes enlacen a la correspondiente página de adjuntos de WordPress\u003C\u002Fstrong> o directamente \u003Cstrong>enlazar al correspondiente archivo\u003C\u002Fstrong> .jpg, .png, .gif, etc.\u003C\u002Fp>\n\u003Cp>El plugin Defaul Image Link te permite seleccionar entre los siguientes tipos de enlace por defecto para las imágenes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ninguno; Las imágenes aparecerán por defecto sin enlaces.\u003C\u002Fli>\n\u003Cli>Archivo Multimedia: Las imágenes aparecen por defecto enlazadas a su correspondiente archivo .jpg, .png, .gif, etc.\u003C\u002Fli>\n\u003Cli>Página de Adjuntos: Las imágenes aparecen por defecto enlazadas a su correspodiente página de Adjuntos de WordPress.\u003C\u002Fli>\n\u003Cli>URL Personalizada: Enlace personalizado para cada imagen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Para cada imagen se podrá volver a cambiar posteriormente el tipo de enlace y en ningún caso se modificarán los enlaces de las imágenes que ya han sido insertadas en artículos o páginas anteriormente.\u003C\u002Fp>\n\u003Cp>Este plugin también puede ser de gran utilidad en webs en donde publican varios usuarios que en múltiples ocasiones olvidan revisar el enlace asignado a cada imagen que es insertada\u002Fpublicada en los artículos o páginas.\u003C\u002Fp>\n\u003Cp>¿Quieres traducir este plugin a tu idioma? (te asignaré los créditos de la traducción). Alguna sugerencia? Puedes esccribirme o seguirme en \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fjruizcantero\" rel=\"nofollow ugc\">Twitter @jruizcantero\u003C\u002Fa>.\u003C\u002Fp>\n","Select default settings for image link when you upload or insert images. Select default image link to None, Attachment Page, Media File or Custom URL.",200,8332,88,"2013-12-23T10:35:00.000Z","3.7.41","3.0.1",[19,20,21,91,74],"page","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdefault-image-link\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdefault-image-link.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":13,"num_ratings":13,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":17,"tags":107,"homepage":109,"download_link":110,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"admin-links-sidebar-widget","Admin Links Widget","1.4.0","kdmurray","https:\u002F\u002Fprofiles.wordpress.org\u002Fkdmurray\u002F","\u003Cp>This plugin provides a widget which can contain links to pages in the administration panel in one of your sidebars.  These links are only visible to those already logged in as an administrator.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Extract admin-links-sidebar-widget.php  into your wp-content\u002Fplugins folder (or a subfolder)\u003C\u002Fli>\n\u003Cli>Activate the plugin in WordPress\u003C\u002Fli>\n\u003Cli>Add the widget to your page\u003C\u002Fli>\n\u003Cli>Set the options to select which links you want displayed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Release History\u003C\u002Fh3>\n\u003Cp>1.4.0 — Fixed a couple of things for WP 3.0, tested up to 3.0.1 successfully.\u003Cbr \u002F>\n1.3.1 — Tested for 2.7.1, minor code change\u003Cbr \u002F>\n1.3.0 — Refactoring to split the admin page and improve performance\u003Cbr \u002F>\n1.1.4 — Minor changes for compatibility with WordPress 2.5.x\u003Cbr \u002F>\n1.1.1 — Minor changes for compatibility with WordPress 2.3.3\u003Cbr \u002F>\n1.1.0 — Added two major features.  “Edit this post” and “Edit this page”\u003Cbr \u002F>\n1.0.9 — Fixed major bug in the URL construction which caused problems on blogs\u003Cbr \u002F>\n         which were not in the root folder of the web server.\u003Cbr \u002F>\n1.0.8 — Added Themes and Widgets admin links\u003Cbr \u002F>\n1.0.5 — Bug Fix: missing comments and plugins items\u003Cbr \u002F>\n1.0.3 — Documentation correction\u003Cbr \u002F>\n1.0.2 — Initial release\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>kdmurray.at.kdmurray.dot.net\u003Cbr \u002F>\nPlugin page: http:\u002F\u002Fkdmurray.net\u002F2010\u002F09\u002F22\u002Fadmin-links-plugin-updated-to-1-4-0\u002F\u003C\u002Fp>\n","This plugin provides a widget which can contain links to pages in the administration panel in one of your sidebars.  These links are only visible to t &hellip;",20,16674,"2010-09-22T07:29:00.000Z","3.0.5","1.5",[108,19,53,21,22],"adinistration","http:\u002F\u002Fkdmurray.net\u002F2010\u002F09\u002F22\u002Fadmin-links-plugin-updated-to-1-4-0\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-links-sidebar-widget.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":102,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":120,"tested_up_to":49,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"quicklinks-manager","QuickLinks Manager by Press.Zone","2.1.2","Avi Ezra","https:\u002F\u002Fprofiles.wordpress.org\u002Fresite\u002F","\u003Cp>QuickLinks Manager by Press.Zone is a powerful plugin designed to simplify navigation in the WordPress dashboard. It allows users to create a customizable widget on the dashboard screen with their chosen quick links. This functionality is particularly useful for frequent tasks, like accessing draft posts. The plugin offers full control over link selection with import and export options, making it ideal for managing multiple sites or setting up client websites with custom navigation paths.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dashboard widget displaying your custom quick links\u003C\u002Fli>\n\u003Cli>Admin Bar integration with Quick Links dropdown menu\u003C\u002Fli>\n\u003Cli>Drag-and-drop reordering of links\u003C\u002Fli>\n\u003Cli>Role-based access control for Admin Bar visibility\u003C\u002Fli>\n\u003Cli>Import\u002FExport functionality for easy migration\u003C\u002Fli>\n\u003Cli>Modern, responsive settings interface\u003C\u002Fli>\n\u003Cli>Open links in new tab option\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later. See LICENSE.md for more details.\u003C\u002Fp>\n","QuickLinks Manager by Press.Zone lets you create and manage custom quick links in the WordPress dashboard for easier navigation.",611,"2025-12-21T18:29:00.000Z","5.2.4","7.0",[124,53,125,126,22],"admin-bar","management","quick-links","https:\u002F\u002Fpress.zone\u002Fplugins\u002Fquicklinks-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquicklinks-manager.2.1.2.zip",{"attackSurface":130,"codeSignals":158,"taintFlows":253,"riskAssessment":254,"analyzedAt":264},{"hooks":131,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":13,"unprotectedCount":13},[132,138,142,146,150],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_init","register_settings_options","citw.php",39,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_menu","add_settings_item",40,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_enqueue_scripts","enqueue_backend_scripts",43,{"type":133,"name":147,"callback":148,"file":136,"line":149},"wp_head","add_widget_css",45,{"type":133,"name":151,"callback":152,"file":136,"line":153},"widgets_init","register_citw_plugin",480,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":252},[],{"prepared":13,"raw":13,"locations":161},[],{"escaped":163,"rawEcho":164,"locations":165},29,53,[166,169,171,173,174,176,177,179,180,182,183,185,186,188,189,191,192,194,196,197,198,200,201,203,204,206,208,209,211,213,214,216,218,219,221,223,224,226,228,230,231,232,234,236,237,239,241,242,244,246,247,249,251],{"file":136,"line":167,"context":168},108,"raw output",{"file":136,"line":170,"context":168},267,{"file":136,"line":172,"context":168},306,{"file":136,"line":172,"context":168},{"file":136,"line":175,"context":168},307,{"file":136,"line":175,"context":168},{"file":136,"line":178,"context":168},311,{"file":136,"line":178,"context":168},{"file":136,"line":181,"context":168},312,{"file":136,"line":181,"context":168},{"file":136,"line":184,"context":168},317,{"file":136,"line":184,"context":168},{"file":136,"line":187,"context":168},318,{"file":136,"line":187,"context":168},{"file":136,"line":190,"context":168},323,{"file":136,"line":190,"context":168},{"file":136,"line":193,"context":168},324,{"file":136,"line":195,"context":168},325,{"file":136,"line":195,"context":168},{"file":136,"line":195,"context":168},{"file":136,"line":199,"context":168},332,{"file":136,"line":199,"context":168},{"file":136,"line":202,"context":168},333,{"file":136,"line":202,"context":168},{"file":136,"line":205,"context":168},342,{"file":136,"line":207,"context":168},343,{"file":136,"line":207,"context":168},{"file":136,"line":210,"context":168},352,{"file":136,"line":212,"context":168},353,{"file":136,"line":212,"context":168},{"file":136,"line":215,"context":168},370,{"file":136,"line":217,"context":168},371,{"file":136,"line":217,"context":168},{"file":136,"line":220,"context":168},375,{"file":136,"line":222,"context":168},376,{"file":136,"line":222,"context":168},{"file":136,"line":225,"context":168},380,{"file":136,"line":227,"context":168},381,{"file":136,"line":229,"context":168},382,{"file":136,"line":229,"context":168},{"file":136,"line":229,"context":168},{"file":136,"line":233,"context":168},387,{"file":136,"line":235,"context":168},388,{"file":136,"line":235,"context":168},{"file":136,"line":238,"context":168},392,{"file":136,"line":240,"context":168},393,{"file":136,"line":240,"context":168},{"file":136,"line":243,"context":168},402,{"file":136,"line":245,"context":168},403,{"file":136,"line":245,"context":168},{"file":136,"line":248,"context":168},411,{"file":136,"line":250,"context":168},412,{"file":136,"line":250,"context":168},[],[],{"summary":255,"deductions":256},"The 'combined-image-and-text-widget' plugin, version 1.1, exhibits a generally positive security posture based on the provided static analysis.  The absence of identified attack surface entry points like AJAX handlers, REST API routes, shortcodes, and cron events, along with zero critical taint flows, indicates a well-contained plugin. The fact that all SQL queries utilize prepared statements is a significant strength, mitigating risks of SQL injection.  Furthermore, the plugin has no recorded vulnerabilities (CVEs), suggesting a history of stable and secure development.\n\nHowever, there are notable areas for improvement. A concerning signal is the low percentage of properly escaped outputs (35%). This suggests a significant risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied or dynamically generated content may not be adequately sanitized before being displayed to users. The lack of any identified nonce checks or capability checks, while not directly indicative of a vulnerability in this specific analysis (due to the limited attack surface), represents a potential weakness if future updates introduce new entry points without proper authorization mechanisms.  The plugin's overall security is good, but the unescaped output is a critical concern that needs immediate attention.",[257,259,262],{"reason":258,"points":47},"Significant percentage of unescaped output",{"reason":260,"points":261},"No nonce checks implemented",3,{"reason":263,"points":261},"No capability checks implemented","2026-03-16T21:16:50.664Z",{"wat":266,"direct":272},{"assetPaths":267,"generatorPatterns":269,"scriptPaths":270,"versionParams":271},[268],"\u002Fwp-content\u002Fplugins\u002Fcombined-image-and-text-widget\u002Fcitw.js",[],[],[],{"cssClasses":273,"htmlComments":276,"htmlAttributes":277,"restEndpoints":280,"jsGlobals":281,"shortcodeOutput":282},[274,275],"citw_image_container","citw_inner_widget_text",[],[278,279],"name=\"citw_url_schema\"","name=\"citw_enable_img_alt\"",[],[],[]]