[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiLYpgCbKz1kZ2V4kSPZsQ67nljVF4Y44kBSiIIQ0GxQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":295},"comment-ip-trace","Comment Location Tracker","1.1.1","Jason Grim","https:\u002F\u002Fprofiles.wordpress.org\u002Fjasongrim\u002F","\u003Cp>Traces the IP of comment authors in WordPress on the comments admin page. Shows the country, region, and city.\u003Cbr \u002F>\nFuture features coming soon.\u003C\u002Fp>\n","Traces the IP of comment authors in Wordpress on the comments admin page.",20,4164,0,"2013-06-30T23:35:00.000Z","3.5.2","3.0","",[19,20,21,22,23],"comment","comments","geoip","plugins","tracer","http:\u002F\u002Fjgwebdevelopment.com\u002Fplugins\u002Fcomment-ip-trace","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-ip-trace.1.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"jasongrim",2,30,84,"2026-04-04T15:56:37.606Z",[37,55,75,95,111],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"customized-recent-comments","Customized Recent Comments","1.2","blueinstyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fblueinstyle\u002F","\u003Cp>Options include showing comments from specific categories, or excluding categories.\u003C\u002Fp>\n\u003Cp>Exclude users from comment list by email address.\u003C\u002Fp>\n\u003Cp>Uses a template to display comments exactly the way you want.\u003C\u002Fp>\n\u003Cp>Limit amount of words or characters to display in each comment.\u003C\u002Fp>\n\u003Cp>Include user’s Gravatar or Facebook avatar in comment list.\u003C\u002Fp>\n\u003Cp>Create unlimited comment lists each with their own unique settings and options.\u003C\u002Fp>\n\u003Cp>Support and Feature requests are on my forums at http:\u002F\u002Fjustmyecho.com\u002Fforums\u002F\u003C\u002Fp>\n","Display recent comments on your blog with complete control over the layout and format of comments.",100,13274,"2011-04-07T07:23:00.000Z","3.1.4","2.8",[22,51,52],"recent-comments","widgets","http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Fcustomized-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomized-recent-comments.1.2.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":33,"downloaded":63,"rating":45,"num_ratings":32,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":32,"unpatched_count":13,"last_vuln_date":74,"fetched_at":28},"feature-comments","Featured Comments","1.2.6","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>Lets the admin add “featured” or “buried” css class to selected comments. Handy to highlight comments that add value to your post.\u003C\u002Fp>\n\u003Cp>This plugin makes use of the meta_query option added in WordPress 3.5 to the WP_Comment_Query class, so it is no longer compatible with earlier versions of WordPress.\u003C\u002Fp>\n\u003Cp>Please report bugs and suggestions on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpippinsplugins\u002FFeatured-Comments\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n","Lets the admin add \"featured\" or \"buried\" css class to selected comments. Handy to highlight comments that add value to your post.",8880,"2016-10-10T14:30:00.000Z","4.7.32","3.5",[20,56,68,69,70],"featured-comments","pippins-plugins","pippinsplugins","http:\u002F\u002Fpippinsplugins.com\u002Ffeatured-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeature-comments.1.2.6.zip",83,"2014-10-21 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":13,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":93,"download_link":94,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"actify","Actify","1.0","wpsetter","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsetter\u002F","\u003Cp>Actify is a free plugin for WordPress that gamify your content with readers with the next features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can highlight valuable quotes as a reader similar to Medium.\u003C\u002Fli>\n\u003Cli>Share selected text on social media, twitter and facebook.\u003C\u002Fli>\n\u003Cli>Report a typo in the text and the correct variant.\u003C\u002Fli>\n\u003Cli>Report a similar case, is for investigation journalism, to report similar cases quickly and anonymous.\u003C\u002Fli>\n\u003Cli>Have an widget that show most highlighted quotes by the users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>Looking to contribute code to this plugin? Go ahead and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpsetter\u002Factify\" rel=\"nofollow ugc\">fork the repository over at GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","A plugin that boosts readers’ interaction with the online content, by allowing them to perform a series of actions.",1369,"2018-08-22T23:12:00.000Z","4.9.29","4.7","5.3.0",[20,89,90,91,92],"facebook-quote-plugin","gamification","gamify","social-plugins","http:\u002F\u002Fmoldova.org\u002Fgamification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factify.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":13,"downloaded":103,"rating":13,"num_ratings":13,"last_updated":104,"tested_up_to":85,"requires_at_least":105,"requires_php":87,"tags":106,"homepage":17,"download_link":109,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":110},"additional-plugins-descriptions","Additional Plugins Descriptions","0.1.0","patanaka","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatanaka\u002F","\u003Cp>Note: This plugin has not been tested with multisite functionality.\u003Cbr \u002F>\nHow not to get confused in a variety of WordPress Plugins?\u003Cbr \u002F>\nJust write your additional descriptions for the plugins you are using.\u003Cbr \u002F>\nThis plugin gives you the ability to make additional descriptions to each plugin you use or used.\u003C\u002Fp>\n\u003Cp>After installation, click on the name of any plugin in the table (or near).\u003Cbr \u002F>\nIn the “description” column you will be able to add two additional descriptions to the plugin.\u003C\u002Fp>\n\u003Ch4>Temporary description\u003C\u002Fh4>\n\u003Cp>It will be lost if you remove and reinstall the plugin described. Describe here what you are using the plugin for.\u003C\u002Fp>\n\u003Ch4>Permanent description\u003C\u002Fh4>\n\u003Cp>Will be saved if you uninstall and reinstall described plugin. Describe here their General impressions and comments about the plugin.\u003C\u002Fp>\n\u003Cp>The additional description will be automatically saved after the input field is focus out or “Enter” key pressed.\u003Cbr \u002F>\nIn other words, just click anywhere else on the screen or press “Enter” and your additional description will be saved.\u003C\u002Fp>\n","Allows you to write additional descriptions for plugins.",1474,"2018-02-19T22:31:00.000Z","4.6",[107,20,108,22],"admin","descriptions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadditional-plugins-descriptions.0.1.0.zip","2026-03-15T14:54:45.397Z",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":132,"download_link":133,"security_score":134,"vuln_count":32,"unpatched_count":13,"last_vuln_date":135,"fetched_at":28},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,94,1173,"2025-11-12T16:31:00.000Z","6.9.4","5.8","7.2",[128,129,20,130,131],"anti-spam","antispam","contact-form","spam","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,"2015-10-13 00:00:00",{"attackSurface":137,"codeSignals":171,"taintFlows":199,"riskAssessment":276,"analyzedAt":294},{"hooks":138,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":13,"unprotectedCount":13},[139,145,149,153,158,162],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","manage_comments_custom_column","my_comments_columns","fn\\admin.php",19,{"type":146,"name":147,"callback":148,"file":143,"line":11},"filter","manage_edit-comments_columns","my_custom_columns",{"type":140,"name":150,"callback":151,"file":143,"line":152},"admin_menu","page_menu",23,{"type":140,"name":154,"callback":155,"priority":32,"file":156,"line":157},"comment_post","cache_new_comment_location","fn\\core.php",35,{"type":140,"name":159,"callback":160,"priority":32,"file":156,"line":161},"deleted_comment","delete_comment_cache_item",36,{"type":146,"name":163,"callback":164,"file":165,"line":166},"get_comment_author","comment_add_author_name_filter","fn\\front-end.php",17,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":181,"outputEscaping":183,"fileOperations":197,"externalRequests":197,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":198},[173,178],{"fn":174,"file":175,"line":176,"context":177},"unserialize","fn\\geoplugin.class.php",71,"$data = unserialize($response);",{"fn":174,"file":175,"line":179,"context":180},165,"return unserialize( $this->fetch($host) );",{"prepared":32,"raw":13,"locations":182},[],{"escaped":13,"rawEcho":184,"locations":185},5,[186,189,191,193,195],{"file":143,"line":187,"context":188},40,"raw output",{"file":143,"line":190,"context":188},42,{"file":143,"line":192,"context":188},44,{"file":143,"line":194,"context":188},112,{"file":143,"line":196,"context":188},117,1,[],[200,224,234,257],{"entryPoint":201,"graph":202,"unsanitizedCount":197,"severity":223},"admin_settings_page (fn\\admin.php:84)",{"nodes":203,"edges":219},[204,209,213],{"id":205,"type":206,"label":207,"file":143,"line":208},"n0","source","$_POST['comment-ip-trace']",88,{"id":210,"type":211,"label":212,"file":143,"line":208},"n1","transform","→ set_options()",{"id":214,"type":215,"label":216,"file":156,"line":217,"wp_function":218},"n2","sink","update_option() [Settings Manipulation]",61,"update_option",[220,222],{"from":205,"to":210,"sanitized":221},false,{"from":210,"to":214,"sanitized":221},"low",{"entryPoint":225,"graph":226,"unsanitizedCount":197,"severity":223},"\u003Cadmin> (fn\\admin.php:0)",{"nodes":227,"edges":231},[228,229,230],{"id":205,"type":206,"label":207,"file":143,"line":208},{"id":210,"type":211,"label":212,"file":143,"line":208},{"id":214,"type":215,"label":216,"file":156,"line":217,"wp_function":218},[232,233],{"from":205,"to":210,"sanitized":221},{"from":210,"to":214,"sanitized":221},{"entryPoint":235,"graph":236,"unsanitizedCount":32,"severity":256},"locate (fn\\geoplugin.class.php:56)",{"nodes":237,"edges":252},[238,240,242,244,247],{"id":205,"type":206,"label":239,"file":175,"line":217},"$_SERVER",{"id":210,"type":215,"label":241,"file":175,"line":176,"wp_function":174},"unserialize() [Object Injection]",{"id":214,"type":206,"label":239,"file":175,"line":243},69,{"id":245,"type":211,"label":246,"file":175,"line":243},"n3","→ fetch()",{"id":248,"type":215,"label":249,"file":175,"line":250,"wp_function":251},"n4","file_get_contents() [SSRF\u002FLFI]",105,"file_get_contents",[253,254,255],{"from":205,"to":210,"sanitized":221},{"from":214,"to":245,"sanitized":221},{"from":245,"to":248,"sanitized":221},"high",{"entryPoint":258,"graph":259,"unsanitizedCount":184,"severity":256},"\u003Cgeoplugin.class> (fn\\geoplugin.class.php:0)",{"nodes":260,"edges":271},[261,263,264,265,266,267,269],{"id":205,"type":206,"label":262,"file":175,"line":217},"$_SERVER (x2)",{"id":210,"type":215,"label":241,"file":175,"line":176,"wp_function":174},{"id":214,"type":206,"label":239,"file":175,"line":217},{"id":245,"type":215,"label":249,"file":175,"line":250,"wp_function":251},{"id":248,"type":206,"label":262,"file":175,"line":243},{"id":268,"type":211,"label":246,"file":175,"line":243},"n5",{"id":270,"type":215,"label":249,"file":175,"line":250,"wp_function":251},"n6",[272,273,274,275],{"from":205,"to":210,"sanitized":221},{"from":214,"to":245,"sanitized":221},{"from":248,"to":268,"sanitized":221},{"from":268,"to":270,"sanitized":221},{"summary":277,"deductions":278},"The 'comment-ip-trace' plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. All SQL queries are correctly using prepared statements, and there are no known past vulnerabilities, suggesting a generally stable development history.\n\nHowever, significant concerns arise from the static analysis. The presence of the 'unserialize' function is a known risk vector, especially when handling data from untrusted sources. The taint analysis reveals 4 flows with unsanitized paths, with 2 of high severity, indicating potential for data manipulation or unauthorized actions if these paths are triggered by malicious input. Furthermore, 100% of output escaping is missing, meaning any data processed or displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks. The absence of nonce and capability checks on any potential entry points, although currently zero, is a structural weakness that could become a problem if the attack surface expands in future versions.\n\nWhile the plugin has a clean vulnerability history and a small attack surface, the critical findings in taint analysis and the complete lack of output escaping present a considerable risk. The use of 'unserialize' without clear sanitization of the input data is particularly concerning. The current lack of exploitation may be due to the limited attack surface, but the inherent risks are present and should be addressed.",[279,282,285,287,290,292],{"reason":280,"points":281},"High severity taint flows found",15,{"reason":283,"points":284},"Unsanitized paths in taint flows",10,{"reason":286,"points":284},"Dangerous function 'unserialize' used",{"reason":288,"points":289},"0% output escaping",8,{"reason":291,"points":184},"No nonce checks",{"reason":293,"points":184},"No capability checks","2026-03-16T23:05:28.026Z",{"wat":296,"direct":307},{"assetPaths":297,"generatorPatterns":301,"scriptPaths":302,"versionParams":303},[298,299,300],"\u002Fwp-content\u002Fplugins\u002Fcomment-ip-trace\u002Fcss\u002Fcit-style.css","\u002Fwp-content\u002Fplugins\u002Fcomment-ip-trace\u002Fjs\u002Fcit-admin.js","\u002Fwp-content\u002Fplugins\u002Fcomment-ip-trace\u002Fjs\u002Fcit-frontend.js",[],[299,300],[304,305,306],"comment-ip-trace\u002Fcss\u002Fcit-style.css?ver=","comment-ip-trace\u002Fjs\u002Fcit-admin.js?ver=","comment-ip-trace\u002Fjs\u002Fcit-frontend.js?ver=",{"cssClasses":308,"htmlComments":310,"htmlAttributes":312,"restEndpoints":314,"jsGlobals":315,"shortcodeOutput":316},[309],"cit-admin-comment-details",[311],"\u003C!-- $$ Mind is Money $$ -->",[313],"data-cit-admin-comment-details",[],[],[]]