[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTNA8JmfKI8kuaMMxXbn1yOVT095o_yMbiQSSOcXqdsI":3,"$frV2ywTzdvGBaXnKXAeWsZMPyuxkhBzjWqdMQbFSgPkc":173,"$fmdchdaofchB-oUwEaRccagBlhYVngjJTpcRylEeuUnA":178},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":130,"fingerprints":159},"comment-count","Comment Count","1.2","Nick Momrik","https:\u002F\u002Fprofiles.wordpress.org\u002Fnickmomrik\u002F","\u003Cp>Counts the number of comments.\u003C\u002Fp>\n","Counts the number of comments.",10,8457,20,2,"2015-12-08T22:57:00.000Z","4.4.34","",[19,20],"comments","count","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-count\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-count.1.2.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":23,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"nickmomrik",12,3080,30,84,"2026-05-20T00:13:12.048Z",[37,57,76,93,110],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":45,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"admin-commenters-comments-count","Admin Commenters Comments Count","1.9.6","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Next to all appearances of each commenter’s name in the admin, this plugin shows a comments bubble identical to the one shown for posts in the admin listing of posts. The comments bubble shows the number of approved comments for that person and potentially a red superscript circle indicating the number of pending comments for the person (assuming they have any). The comment counts are linked to listings of comments associated solely with that particular commenter.\u003C\u002Fp>\n\u003Cp>By default in WordPress, it is not possible to tell via a single glance whether a particular commenter has commented before or how many times the’ve commented.\u003C\u002Fp>\n\u003Cp>This plugin adds this handy capability to the WordPress admin pages that allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Quickly identify a first-time commenter\u003C\u002Fli>\n\u003Cli>Quickly identify unfamiliar commenters that have in fact commented before\u003C\u002Fli>\n\u003Cli>Quickly see how many total comments a particular commenter has made, and how many comments are pending\u003C\u002Fli>\n\u003Cli>Easily navigate to a listing of all approved comments and all moderated comments by a commenter, in order to see what post and when they last commented (or first commented), get a feel for the nature of their comments, or find something they’ve said in the past\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Specifically, the linked comment count appears next to commenters in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The “Comments” listing of comments (including comment search results)\u003C\u002Fli>\n\u003Cli>The “Comments for ‘POST_TITLE'” listing of post-specific comments\u003C\u002Fli>\n\u003Cli>The “Discussion” box of the “Edit Post” page for a post with comments\u003C\u002Fli>\n\u003Cli>The “Recent Comments” admin dashboard widget\u003C\u002Fli>\n\u003Cli>The “Users” listing of users (as the column “Comments”)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Commenters are identified by the email address they provided when commenting. If your site does not require that commenters submit their email address when commenting, this plugin will use the commenter’s name as the identifier, though since this is a publicly viewable piece of data it’s possible that multiple people could be posting under the same “name”, so this method has the potential to be not as accurate.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fadmin-commenters-comments-count\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-commenters-comments-count\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fadmin-commenters-comments-count\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Displays a count of each commenter's total number of comments (linked to those comments) next to their name on any admin page.",100,19017,8,"2021-05-02T06:46:00.000Z","5.7.15","4.6",[52,53,4,54,19],"comment","comment-author","commenters","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fadmin-commenters-comments-count\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-commenters-comments-count.1.9.6.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":45,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":17,"tags":71,"homepage":17,"download_link":75,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"simple-top-commenters","Simple Top Commenters","1.5.2","mrengy","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrengy\u002F","\u003Cp>A sidebar widget that displays a list of top commenters across a site, showing the number of comments for each. Inspired by and extended from the Top Commentators Widget by WebGrrrl.\u003C\u002Fp>\n\u003Ch3>Supported Languages:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>English\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Slovene: Thanks to Mitja Mihelič: mitja.mihelic@arnes.si http:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fmmihelic\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Romanian: Thanks to Alexander Ovsov: \u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002F\" rel=\"nofollow ugc\">Web Hosting Geeks\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Ukranian: Thanks to Michael Yunat: \u003Ca href=\"http:\u002F\u002Fgetvoip.com\u002Fblog\" rel=\"nofollow ugc\">http:\u002F\u002Fgetvoip.com\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Options:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>“Title”: customizable title that is displayed in the sidebar for this widget.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“Define Commenters by”: choose whether to define an individual by email address or by name entered in the comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“Commenters to Exclude”: a list of people to exclude from the count. Can enter names and\u002For email addresses here. Separate each with a comma.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“# of Commenters to List”: determines the number of top commenters to list.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>“Show ‘comments’ Label?”: If checked, a top commenter will appear as “mike: 10 comments”. If unchecked, he\u002Fshe will appear simply as “mike: 10”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","A sidebar widget that displays a list of top commenters across a site, showing the number of comments for each.",40,7175,1,"2017-10-01T19:57:00.000Z","4.8.28","3.0",[19,72,73,74],"counter","sidebar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-top-commenters.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":33,"downloaded":84,"rating":45,"num_ratings":14,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":17,"download_link":92,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"dx2-post-hit-counter","DX2 Post Hit Counter","1.3","dx2systems","https:\u002F\u002Fprofiles.wordpress.org\u002Fdx2systems\u002F","\u003Cp>This hit counter is a light weight way to track the hits on all posts, including custom post types on your WordPress blog. The plugin uses ajax to count the hit which means it will have no affect on the speed of which the page loads. This also leads to a much more reliable hit count as the hit is not actually counted until the page has loaded. To the end user this hit counter will have almost no affect on the pages load speed.\u003C\u002Fp>\n\u003Cp>Your traffic stats are can be viewed quickly from the dashboard widget that will give you a daily overview of the most popular posts along with the total hits on the website for the past few days.\u003C\u002Fp>\n\u003Cp>When logged in as an administrator you will be able to see the number of hits that a page has from the WordPress admin title bar. When editing the post you will also be able to see the number of hits the page has received and have the ability to reset the counter if needed. Admin hits will be automatically be discounted to save the hit count being inflated due to testing or other general use of the site by any of the administrators.\u003C\u002Fp>\n\u003Cp>A few notes about the sections above:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Light weight method to count page hits.\u003C\u002Fli>\n\u003Cli>AJAX powered recording system\u003C\u002Fli>\n\u003Cli>Dashboard widget for traffic overview\u003C\u002Fli>\n\u003Cli>Administration tools to manage hits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>https:\u002F\u002Fdx2systems.com\u002F\u003C\u002Fp>\n","A lightweight counter to track the number of hits on all posts on the website.",4023,"2017-03-31T08:07:00.000Z","4.7.33","3.0.1",[19,20,89,90,91],"hit","page-views","traffic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx2-post-hit-counter.1.3.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":24,"num_ratings":24,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":17,"tags":105,"homepage":108,"download_link":109,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"comment-count-admin","Comment Count Admin (by URL)","1.5","Jan Teriete","https:\u002F\u002Fprofiles.wordpress.org\u002Fleisurelarry\u002F","\u003Ch4>ENGLISH:\u003C\u002Fh4>\n\u003Cp>This plugin adds a handy feature to the WordPress admin pages to allow you to quickly identify anonymous first-time\u003Cbr \u002F>\ncomment authors by comment url. The comment count appears next to the comment authors name in the “Edit Comments”\u003Cbr \u002F>\nlisting of comments and in the “Discussion” box of the “Edit Post” page for a post with comments. Anonymous comment\u003Cbr \u002F>\nauthors are identified by the url they provided when commenting, all WordPress users are identified by their user id.\u003C\u002Fp>\n","Displays a count of each comment authors total number of comments next to their name on the admin pages.",3287,"2014-07-18T17:06:00.000Z","3.9.40","3.9",[106,53,4,107,19],"admin","comment-url","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-count-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-count-admin.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":24,"downloaded":118,"rating":24,"num_ratings":24,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":45,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":129},"aquiline-comment-country-flags","Aquiline Comment Country Flags for GeneratePress","1.0.0","Bob Arnold","https:\u002F\u002Fprofiles.wordpress.org\u002Fbobarnold80537\u002F","\u003Cp>The \u003Cstrong>Aquiline Comment Country Flags\u003C\u002Fstrong> plugin affords a commenter on a \u003Cstrong>GeneratePress\u003C\u002Fstrong> blog the option to affix a country flag to the right of their name in the comment header. A new, optional field is added below the existing fields in the Comment submit form. The commenter is presented with an alphabetical list of the countries which the site administrator has enabled in the plugin settings panel.\u003C\u002Fp>\n\u003Cp>The plugin requires the active parent theme to be \u003Cstrong>GeneratePress v3.1.0 or later\u003C\u002Fstrong>, since it relies on a custom action hook introduced with that version. The commenter’s selection is “remembered” in the same way as the name and email, i.e., through use of a cookie. The flag images are in the public domain, and are provided by \u003Ca href=\"https:\u002F\u002Fflagpedia.net\u002F\" rel=\"nofollow ugc\">Flagpedia.net\u003C\u002Fa>. That site works closely with Wikimedia Commons to maintain an up-to-date, worldwide store of “official” flags.\u003C\u002Fp>\n\u003Cp>In cases where a visitor to the site is unfamiliar with a displayed flag, and a pointer such as a mouse is available, they can hover over the flag to reveal the country name. A long press on the flag in some mobile browsers, e.g. Android Chrome, has been seen to produce a popup with the country name at the top.\u003C\u002Fp>\n\u003Cp>One limitation is that the Country selection and flag display are not available to logged-in users. Since such users’ metadata (name and email) are handled internally by WordPress, it was decided that support for the Country field in this case would be unduly complex. The logged-in user would just need to log out, then revisit the blog to make their flag selection.\u003C\u002Fp>\n\u003Cp>Enabling the flag display via explicit user selection, rather than via IP-based geolocation, has several advantages. It affords greater privacy, and is immune to “false” readings that could occur when a VPN or proxy is in use. Also, a commenter (e.g. someone working abroad) may choose to identify with a country other than that from which their internet connection originates.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Flag Images: \u003Ca href=\"https:\u002F\u002Fflagpedia.net\" rel=\"nofollow ugc\">Flagpedia.net\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>License: \u003Ca href=\"https:\u002F\u002Fflagpedia.net\u002Fdownload#js-download\" rel=\"nofollow ugc\">Public Domain\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Affords a commenter on a GeneratePress blog the option to affix a country flag to the right of their name in the comment header.",168,"2026-02-13T03:31:00.000Z","6.9.4","5.2","7.4",[19,124,125,126],"country","flags","generatepress","https:\u002F\u002Fwww.aquilinestudios.com\u002Faquiline-comment-country-flags\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faquiline-comment-country-flags.1.0.0.zip","2026-04-06T09:54:40.288Z",{"attackSurface":131,"codeSignals":137,"taintFlows":150,"riskAssessment":151,"analyzedAt":158},{"hooks":132,"ajaxHandlers":133,"restRoutes":134,"shortcodes":135,"cronEvents":136,"entryPointCount":24,"unprotectedCount":24},[],[],[],[],[],{"dangerousFunctions":138,"sqlUsage":139,"outputEscaping":145,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":149},[],{"prepared":24,"raw":67,"locations":140},[141],{"file":142,"line":143,"context":144},"comment-count.php",14,"$wpdb->get_var() with variable interpolation",{"escaped":24,"rawEcho":67,"locations":146},[147],{"file":142,"line":143,"context":148},"raw output",[],[],{"summary":152,"deductions":153},"The static analysis of the 'comment-count' plugin version 1.2 reveals a generally strong security posture with no identified attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events.  The absence of dangerous functions, file operations, external HTTP requests, and taint flows with unsanitized paths further strengthens this positive outlook.  However, significant concerns arise from the handling of SQL queries and output. The single SQL query is not using prepared statements, introducing a potential SQL injection risk.  Furthermore, none of the total outputs are properly escaped, creating a risk of Cross-Site Scripting (XSS) vulnerabilities.  The lack of any recorded vulnerabilities in its history is a positive sign, suggesting the plugin has historically been maintained securely. Despite the lack of active exploitation paths, the identified SQL and output handling issues represent tangible risks that require immediate attention.",[154,156],{"reason":155,"points":11},"SQL query not using prepared statements",{"reason":157,"points":47},"No output escaping found","2026-03-16T23:35:05.300Z",{"wat":160,"direct":165},{"assetPaths":161,"generatorPatterns":162,"scriptPaths":163,"versionParams":164},[],[],[],[],{"cssClasses":166,"htmlComments":167,"htmlAttributes":168,"restEndpoints":169,"jsGlobals":170,"shortcodeOutput":171},[],[],[],[],[],[172],"\u003Cp dir=\"ltr\">",{"error":174,"url":175,"statusCode":176,"statusMessage":177,"message":177},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcomment-count\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":179},[180,188],{"version":181,"download_url":182,"svn_tag_url":183,"released_at":25,"has_diff":184,"diff_files_changed":185,"diff_lines":25,"trac_diff_url":186,"vulnerabilities":187,"is_current":184},"1.02","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-count.1.02.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcomment-count\u002Ftags\u002F1.02\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcomment-count%2Ftags%2F1.2&new_path=%2Fcomment-count%2Ftags%2F1.02",[],{"version":6,"download_url":22,"svn_tag_url":189,"released_at":25,"has_diff":184,"diff_files_changed":190,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":191,"is_current":174},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcomment-count\u002Ftags\u002F1.2\u002F",[],[]]