[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHcrudD0q8J8zClk4AUt96uSy4CY7Ow9ecUd8FtZy3vE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":142,"fingerprints":237},"comment-change-status","Comment Change Status","0.10.1","mortay","https:\u002F\u002Fprofiles.wordpress.org\u002Fmortay\u002F","\u003Cp>Easy comment management from email.\u003C\u002Fp>\n\u003Cp>You will receive an email of approved or unapproved comments with a direct link to unapprove or approve it.\u003C\u002Fp>\n\u003Cp>It’s higly recommended to moderate comments from your mobile device because you won’t have to log-in into wp-admin to approve or unapprove them.\u003C\u002Fp>\n\u003Cp>See the \u003Ca href=\"http:\u002F\u002Ftaller.pequelia.es\u002Fplugins\u002Fcomment-change-status\u002F\" rel=\"nofollow ugc\">Comment Change Status\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch3>Updates\u003C\u002Fh3>\n\u003Cp>Plugin updates will be posted here \u003Ca href=\"http:\u002F\u002Ftaller.pequelia.es\u002Fplugins\u002Fcomment-change-status\u002F\" rel=\"nofollow ugc\">Taller de Pequelia\u003C\u002Fa> and it will always link to the newest version.\u003C\u002Fp>\n","Change comment status with one only click on e-mail.",10,2612,80,1,"2017-11-16T18:39:00.000Z","4.8.28","2.6.0","",[20,21,22,23],"approve","comments","status","unapprove","http:\u002F\u002Ftaller.pequelia.es\u002Fplugins\u002Fcomment-change-status\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-change-status.0.10.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},4,140,89,30,86,"2026-04-04T15:59:44.812Z",[39,61,82,100,122],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":59,"download_link":60,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bulk-comments-management","Bulk Comments Management","1.0","Yakup Hoca","https:\u002F\u002Fprofiles.wordpress.org\u002Fyakuphoca\u002F","\u003Cp>This plugin allows administrators to globally delete comments (spam, trash, unapproved comments), enable\u002Fdisable comments on all posts.\u003C\u002Fp>\n","This plugin allows administrators to globally delete comments (spam, trash, unapproved comments), enable\u002Fdisable comments on all posts.",700,25895,94,13,"2017-11-28T20:57:00.000Z","3.5.2","3.3",[21,55,56,57,58],"delete-comments","delete-tracakbacks","spam","unapproved","http:\u002F\u002Fwww.yakuphoca.com\u002Fbulk-comments-management-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-comments-management.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":13,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":14,"unpatched_count":27,"last_vuln_date":81,"fetched_at":29},"thoughtful-comments","FV Thoughtful Comments","0.4.1","FolioVision","https:\u002F\u002Fprofiles.wordpress.org\u002Ffoliovision\u002F","\u003Cp>We’ve always found the comment moderation\u002Fmanagement a bit weak (no wonder so many people are using the Disqus crutch). Our plugin Thoughtful Comments supercharges comment moderation by moving it into the front end (i.e. in context). It also allows banning by IP, email address or domain.\u003C\u002Fp>\n\u003Cp>Unlike many comment plugins, Thoughtful Comments works hand in hand with Akismet, feeding all the information into Akismet as well as the existing WordPress whitelist and blacklist features.\u003C\u002Fp>\n\u003Cp>What’s cool about Thoughtful Comments is that you can add it to a WordPress site with no changes to existing comment moderation tables and you can remove it from a WordPress site with no loss of core functionality. I.e. I think Thoughtful Comments could be integrated into core with a minimum amount of pain. Thoughtful Comments works with all current Subscribe to Comment plugins as well. As we use all core functions and tables, Thoughtful Comments works with all current Subscribe to Comment plugins as well.\u003C\u002Fp>\n\u003Cp>Thoughtful Comments is the most powerful and useful code we’ve ever written (we have four very popular plugins). It’s integration into core would save many, many site owners the pain of Disqus.\u003C\u002Fp>\n\u003Cp>Thoughtful Comments is entirely stable and active on some of the most heavily commented political and lifestyle sites in the world.\u003C\u002Fp>\n\u003Cp>While Automattic has a horse in the ring (Intense Debate), we’d really like to see Thoughtful Comments included in core.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Front-end comment moderation – for logged in users with required permission\u003C\u002Fli>\n\u003Cli>Unapproved comments shown in front-end – for logged in users with required permission\u003C\u002Fli>\n\u003Cli>Per-user moderation settings\u003C\u002Fli>\n\u003Cli>Comment caching – lightening PHP load and speeding up busy sites significantly – works with any WP cache plugin!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Ffoliovision.com\u002Fseo-tools\u002Fwordpress\u002Fplugins\u002Fthoughtful-comments\u002F\" rel=\"nofollow ugc\">Download now!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ffoliovision.com\u002Fseo-tools\u002Fwordpress\u002Fplugins\u002Fthoughtful-comments\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Ffoliovision.com\u002Fseo-tools\u002Fwordpress\u002Fplugins\u002Fthoughtful-comments\u002Fchangelog\u002F\" rel=\"nofollow ugc\">Change Log\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Ffoliovision.com\u002Fseo-tools\u002Fwordpress\u002Fplugins\u002Fthoughtful-comments\u002Finstallation\u002F\" rel=\"nofollow ugc\">Installation\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Ffoliovision.com\u002Fseo-tools\u002Fwordpress\u002Fplugins\u002Fthoughtful-comments\u002Fusage\u002F\" rel=\"nofollow ugc\">Usage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Theme compatibility\u003C\u002Fh3>\n\u003Cp>If you want to get the most correct display when deleting a comment and preserving it’s replies, you need to use a theme which is using “cascade” display of the comments instead of “nested” display.\u003C\u002Fp>\n\u003Cp>Thoughtful Comments assumes that each comment is contained in some HTML element with unique ID which is containing the comment ID, so it works with most of the themes.\u003C\u002Fp>\n\u003Cp>Also, commenter name should not be in cite tag, so that the HTML highlight will appear properly and not as readable HTML (similar to code tag).\u003C\u002Fp>\n","FV Thoughtful Comments adds front end comment moderation including sophisticated banning mechanisms. Say Goodbye to Disqus!",16006,100,3,"2025-03-14T10:38:00.000Z","6.7.5","4.9",[21,76,77,58],"frontend","moderation","http:\u002F\u002Ffoliovision.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthoughtful-comments.zip",92,"2025-01-24 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":27,"num_ratings":27,"last_updated":92,"tested_up_to":93,"requires_at_least":53,"requires_php":18,"tags":94,"homepage":98,"download_link":99,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"adminbar-link-comments-to-pending","Adminbar Link Comments to Pending","1.0.1","Juliette Reinders Folmer","https:\u002F\u002Fprofiles.wordpress.org\u002Fjrf\u002F","\u003Cp>Tiny plugin which changes the link from the Adminbar comments bubble to go to the ‘Pending’ comments queue instead of to the ‘All’ comments overview page.\u003C\u002Fp>\n\u003Cp>That’s all 😉\u003C\u002Fp>\n\u003Cp>If you like this plugin, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fadminbar-link-comments-to-pending\" rel=\"ugc\">rate and\u002For review\u003C\u002Fa> it. If you have ideas on how to make the plugin even better or if you have found any bugs, please report these in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fadminbar-link-comments-to-pending\" rel=\"ugc\">Support Forum\u003C\u002Fa> or in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjrfnl\u002FWP-adminbar-comments-to-pending\u002Fissues\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Changes the link from the Adminbar comments bubble to go straight to the 'Pending' comments queue.",20,2904,"2018-01-22T11:14:00.000Z","4.9.29",[95,96,21,97,58],"admin-bar","adminbar","pending","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadminbar-link-comments-to-pending\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadminbar-link-comments-to-pending.1.0.1.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":11,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":18,"tags":114,"homepage":118,"download_link":119,"security_score":120,"vuln_count":14,"unpatched_count":27,"last_vuln_date":121,"fetched_at":29},"one-click-close-comments","One Click Close Comments","3.0","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>From the admin listing of posts (‘Edit Posts’) and pages (‘Edit Pages’), a user can close or open comments to any posts to which they have sufficient privileges to make such changes (essentially admins and post authors for their own posts). This is done via an AJAX-powered color-coded indicator. The color-coding gives instant feedback on the current status of the post for comments: green means the post\u002Fpage is open to comments, red means the post\u002Fpage is closed to comments. Being AJAX-powered means that the change is submitted in the background after being clicked without requiring a page reload.\u003C\u002Fp>\n\u003Cp>This plugin will only function for administrative users in the admin who have JavaScript enabled.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fone-click-close-comments\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-close-comments\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fone-click-close-comments\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>Developer documentation can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fone-click-close-comments\u002Fblob\u002Fmaster\u002FDEVELOPER-DOCS.md\" rel=\"nofollow ugc\">DEVELOPER-DOCS.md\u003C\u002Fa>. That documentation covers the hooks provided by the plugin.\u003C\u002Fp>\n\u003Cp>As an overview, these are the hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>c2c_one_click_close_comments_click_char\u003C\u002Fcode> : Filter to customize the character, string, or markup used as the indicator used to toggle a post’s comment status.\u003C\u002Fli>\n\u003C\u002Ful>\n","Conveniently close or open comments for a post or page with one click from the admin listing of posts.",6000,159941,98,"2025-04-17T20:29:00.000Z","6.8.5","4.7",[115,116,117,21,22],"admin","coffee2code","comment","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fone-click-close-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-close-comments.3.0.zip",99,"2024-07-26 13:12:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":18,"tags":137,"homepage":140,"download_link":141,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"auto-approve-comments","Auto Approve Comments","2.8","Federico Andrioli","https:\u002F\u002Fprofiles.wordpress.org\u002Ffedeandri\u002F","\u003Cp>Auto approve comments by Commenter (email, name, url), User and Role (Akismet and wpDiscuz compatible).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Open Comments -> Auto Approve Comments\u003C\u002Fli>\n\u003Cli>Go to Settings -> Discussion and check “Comment must be manually approved” \u003C\u002Fli>\n\u003Cli>Optionally install and activate Akismet (comments flagged as SPAM will never get auto approved) \u003C\u002Fli>\n\u003Cli>Configure your auto approval filters in “Commenters”, “Users” and “Roles”\u003C\u002Fli>\n\u003Cli>Save and you’re done\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>From now on all the comments that match at least one of the configurations in “Commenters”, “Users” or “Roles” will always be auto approved.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Commenters – example\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add one Commenter per line, follow the example below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>tom@myface.com\ntom@myface.com,Tom\ntom@myface.com,www.myface.com\ntom@myface.com,www.myface.com,Tom\ntom@myface.com,Tom,www.myface.com\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Users – example\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add one Username per line, follow the example below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>steveknobs76\njeffmezos012\nlarrymage98\nmarktuckerberg2004\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Roles – example\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add one Role per line, follow the example below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>contributor\neditor\nyourcustomrole\nsubscriber\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Developers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Official Github repository:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Ffedeandri\u002Fauto-approve-comments\u003C\u002Fp>\n","Auto approve comments by Commenter (email, name, url), User and Role (Akismet and wpDiscuz compatible)",200,9999,64,5,"2021-06-15T12:24:00.000Z","5.8.13","3.8",[138,139,21,77],"anti-spam","auto-approve","https:\u002F\u002Fgithub.com\u002Ffedeandri\u002Fauto-approve-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-approve-comments.2.8.zip",{"attackSurface":143,"codeSignals":164,"taintFlows":185,"riskAssessment":224,"analyzedAt":236},{"hooks":144,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":163,"entryPointCount":27,"unprotectedCount":27},[145,151,156],{"type":146,"name":147,"callback":148,"priority":11,"file":149,"line":150},"action","comment_post","comment_change_status__comment_post","comment-change-status-mail.php",104,{"type":146,"name":152,"callback":153,"file":154,"line":155},"init","comment_change_status__init","comment-change-status.php",43,{"type":146,"name":157,"callback":158,"file":154,"line":159},"admin_init","comment_change_status__admin_init",81,[],[],[],[],{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":176,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":184},[],{"prepared":167,"raw":168,"locations":169},8,2,[170,174],{"file":171,"line":172,"context":173},"comment-change-status-check.php",38,"$wpdb->get_var() with variable interpolation",{"file":171,"line":175,"context":173},59,{"escaped":27,"rawEcho":71,"locations":177},[178,181,183],{"file":154,"line":179,"context":180},88,"raw output",{"file":154,"line":182,"context":180},90,{"file":154,"line":80,"context":180},[],[186,213],{"entryPoint":187,"graph":188,"unsanitizedCount":32,"severity":212},"comment_change_status__process (comment-change-status-check.php:55)",{"nodes":189,"edges":208},[190,195,200,203],{"id":191,"type":192,"label":193,"file":171,"line":194},"n0","source","$_GET['becid']",62,{"id":196,"type":197,"label":198,"file":171,"line":175,"wp_function":199},"n1","sink","get_var() [SQLi]","get_var",{"id":201,"type":192,"label":202,"file":171,"line":194},"n2","$_GET (x3)",{"id":204,"type":197,"label":205,"file":171,"line":206,"wp_function":207},"n3","query() [SQLi]",72,"query",[209,211],{"from":191,"to":196,"sanitized":210},false,{"from":201,"to":204,"sanitized":210},"high",{"entryPoint":214,"graph":215,"unsanitizedCount":32,"severity":212},"\u003Ccomment-change-status-check> (comment-change-status-check.php:0)",{"nodes":216,"edges":221},[217,218,219,220],{"id":191,"type":192,"label":193,"file":171,"line":194},{"id":196,"type":197,"label":198,"file":171,"line":175,"wp_function":199},{"id":201,"type":192,"label":202,"file":171,"line":194},{"id":204,"type":197,"label":205,"file":171,"line":206,"wp_function":207},[222,223],{"from":191,"to":196,"sanitized":210},{"from":201,"to":204,"sanitized":210},{"summary":225,"deductions":226},"The \"comment-change-status\" plugin version 0.10.1 presents a concerning security posture despite a seemingly clean vulnerability history and a limited static attack surface. While the plugin doesn't exhibit critical vulnerabilities like unpatched CVEs or dangerous functions, the code analysis reveals significant weaknesses.  A notable concern is the complete lack of output escaping, meaning any data displayed to users could potentially be manipulated for cross-site scripting (XSS) attacks. Furthermore, the taint analysis indicates two flows with unsanitized paths, which, if they involve user-supplied data, could lead to serious security issues like arbitrary code execution or unauthorized data access, even without direct SQL injection risks. The absence of capability checks and nonce checks on potential entry points also leaves the plugin vulnerable to unauthorized actions by authenticated users.",[227,230,232,234],{"reason":228,"points":229},"Taint flows with unsanitized paths (High Severity)",15,{"reason":231,"points":167},"No output escaping",{"reason":233,"points":133},"No capability checks",{"reason":235,"points":133},"No nonce checks","2026-03-17T00:25:53.621Z",{"wat":238,"direct":244},{"assetPaths":239,"generatorPatterns":241,"scriptPaths":242,"versionParams":243},[240],"\u002Fwp-content\u002Fplugins\u002Fcomment-change-status\u002Fcomment-change-status-mail.php",[],[],[],{"cssClasses":245,"htmlComments":246,"htmlAttributes":247,"restEndpoints":248,"jsGlobals":249,"shortcodeOutput":250},[],[],[],[],[],[]]