[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsUoRl1yidewjJHd3r3nXl7Dcl08XF5hWhwaXngM7RYs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":114,"fingerprints":216},"comments-leaderboard","Comments Leaderboard","1.1","kolakube","https:\u002F\u002Fprofiles.wordpress.org\u002Falexmangini\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fkolakube.com\u002Fcomments-leaderboard\u002F\" rel=\"nofollow ugc\">The Comments Leaderboard\u003C\u002Fa> was carefully designed to add a new twist to rewarding the top commentators on your blog and create a more addicting comment experience for your readers.\u003C\u002Fp>\n\u003Cp>Each month, the 5 most active commenters throughout your blog will be listed and ranked from most comments posted to the least.\u003C\u002Fp>\n\u003Cp>…but simply ranking on the Leaderboard isn’t enough.\u003C\u002Fp>\n\u003Cp>The lower their rank, the less visible their name will appear on the Leaderboards beautiful color spectrum (tip: you can even set a custom color to match your theme).\u003C\u002Fp>\n\u003Cp>For their name and website link to get maximum exposure, they must outrank the competition by posting the most comments.\u003C\u002Fp>\n\u003Cp>The overall leader gets a medal next to their name at the top of the list for the highest amount of visibility and prestige throughout your community.\u003C\u002Fp>\n\u003Cp>But sadly, there is no comfort at the top.\u003C\u002Fp>\n\u003Cp>The total amount of comments each leader posted for the month is displayed next to their name, making it easy for other commenters to overtake the top spot.\u003C\u002Fp>\n\u003Cp>The Comments Leaderboard is the perfect way to reward your most engaging readers and fits perfectly in your blog’s sidebar. Simply drag the Widget into place, write a title and description text, pick a color and your blog is ready for some serious comment action.\u003C\u002Fp>\n\u003Cp>Just remember, keep your posts quality and you will attract quality comments.\u003C\u002Fp>\n\u003Cp>Let the games begin!\u003C\u002Fp>\n","Let the games begin! The Comments Leaderboard ranks your top commentators in a way that's sure to spark competition throughout your community.",10,3493,100,2,"","4.8.28","3.8",[19,20,21,22],"comments-list","top-commentators","top-commenters","top-comments","https:\u002F\u002Fkolakube.com\u002Fcomments-leaderboard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-leaderboard.zip",0,null,"2026-03-15T14:44:11.924Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"alexmangini",5,750,94,30,90,"2026-04-04T15:31:29.267Z",[38,60,80,98],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":34,"downloaded":46,"rating":13,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":15,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":59},"top-contributors","Top Contributors","1.4.1","blueinstyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fblueinstyle\u002F","\u003Cp>Display your top commenters or authors in a widget, or you can display anywhere on your blog by pasting this code into your theme: \u003Ccode>\u003C?php if(function_exists('jme_top_contributors')) { jme_top_contributors(); } ?>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Version 1.4 includes many user requested features. Check \u003Ca href=\"http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Ftop-contributors-plugin-wordpress\u002F\" rel=\"nofollow ugc\">plugin webpage\u003C\u002Fa> for details on the update.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>List your top commenters or authors with the option to display their Gravatar, and several other options.\u003C\u002Fli>\n\u003Cli>Choose from 2 formats of the widget, with complete control of styles via css.\u003C\u002Fli>\n\u003Cli>Exclude users from the list by email address.\u003C\u002Fli>\n\u003Cli>The list uses a cache system for improved performance. List updates only when a post or comment is added, or options updated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Extra Feature\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add a special Icon next to each of your Top Commenter’s name in their comments to give them a little special recognition for being a regular contributor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Support and Feature request forum at http:\u002F\u002Fjustmyecho.com\u002Fforums\u002F\u003C\u002Fp>\n","Display your top commenters or authors in a widget.",11508,1,"2011-04-10T16:46:00.000Z","3.1.4","2.8",[52,53,54,21,55],"commenters","gravatars","plugins","widgets","http:\u002F\u002Fjustmyecho.com\u002F2010\u002F07\u002Ftop-contributors-plugin-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-contributors.1.4.1.zip",85,"2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":11,"downloaded":68,"rating":13,"num_ratings":14,"last_updated":69,"tested_up_to":70,"requires_at_least":17,"requires_php":15,"tags":71,"homepage":15,"download_link":79,"security_score":58,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":59},"change-comment-parent","Change Comment Parent","1.0.0","Dmitriy Amirov","https:\u002F\u002Fprofiles.wordpress.org\u002Fintellectsys\u002F","\u003Cp>Simple plug-in for editing the parent comments to any user comments. Use it to edit the threaded structure comments.\u003C\u002Fp>\n","Simple plug-in for editing the parent comments to any user comments. Use it to edit the threaded structure comments.",1740,"2015-12-15T02:36:00.000Z","4.4.34",[72,73,74,19,75,76,77,78],"child","comment","comments","nested","parent","threated","tree-comment","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-comment-parent.1.0.0.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":25,"num_ratings":25,"last_updated":89,"tested_up_to":49,"requires_at_least":90,"requires_php":15,"tags":91,"homepage":95,"download_link":96,"security_score":58,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":97},"influential-commenters","Influential Commenters","1","graemeboy","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraemeboy\u002F","\u003Cp>This is a plugin that I made that shows your top 100 most influential commenters on your WordPress blog, ordered by Alexa Rank (a somewhat accurate reflection of a site’s popularity). It also shows the number of Facebook Shares, and name and email address of the author, so that you can quickly get into contact with him or her. It also shows when last they commented on your blog.\u003C\u002Fp>\n\u003Cp>It takes some time for the data to load, so please be patient.\u003C\u002Fp>\n\u003Cp>I imagine that bloggers would use this to find out which other influential bloggers have recently been interested in their site, and then they’d be able to get into contact with them, saying something like:\u003C\u002Fp>\n\u003Cp>“Hey John,\u003C\u002Fp>\n\u003Cp>I noticed that you posted a comment on my site the other day, and I just thought I’d send you a quick email to let you know that I like the content you’ve been posting. Perhaps we could write a guest post for each other sometime? I think that would suit both of our audiences well.\u003C\u002Fp>\n\u003Cp>Kind regards,\u003Cbr \u002F>\nGraeme”\u003C\u002Fp>\n","This plugin shows your top 100 most influential commenters on your Wordpress blog, ordered by Alexa Rank.",1697,"2012-07-14T05:32:00.000Z","2.0.2",[92,52,93,94,21],"alexa","facebook-shares","google-backlinks","http:\u002F\u002Fwww.graemeboy.com\u002Finfluential-commenters","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfluential-commenters.zip","2026-03-15T14:54:45.397Z",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":11,"downloaded":106,"rating":25,"num_ratings":25,"last_updated":107,"tested_up_to":108,"requires_at_least":17,"requires_php":15,"tags":109,"homepage":112,"download_link":113,"security_score":58,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":59},"kento-top-commenters","Kento Top Commenters","1.0","PluginsPoint","https:\u002F\u002Fprofiles.wordpress.org\u002Fkentothemes\u002F","\u003Cp>Display top Commentators or contributer list by comment count.\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three Diffrent Style.\u003C\u002Fli>\n\u003Cli>Add Anywhere via widgets.\u003C\u002Fli>\n\u003Cli>Comments Count.\u003C\u002Fli>\n\u003Cli>Unlimited Commentators List.\u003C\u002Fli>\n\u003C\u002Ful>\n","Top Commentators list By Count Comments",1726,"2015-06-09T05:33:00.000Z","4.2.39",[20,110,111],"top-commentators-widget","top-contributor","http:\u002F\u002Fkentothemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkento-top-commenters.zip",{"attackSurface":115,"codeSignals":135,"taintFlows":202,"riskAssessment":203,"analyzedAt":215},{"hooks":116,"ajaxHandlers":131,"restRoutes":132,"shortcodes":133,"cronEvents":134,"entryPointCount":25,"unprotectedCount":25},[117,123,127],{"type":118,"name":119,"callback":120,"file":121,"line":122},"action","load-widgets.php","admin_enqueue","comments-leaderboard.php",43,{"type":118,"name":124,"callback":125,"file":121,"line":126},"wp_enqueue_scripts","enqueue",46,{"type":118,"name":128,"callback":129,"file":121,"line":130},"widgets_init","comments_leaderboard_widget",298,[],[],[],[],{"dangerousFunctions":136,"sqlUsage":137,"outputEscaping":142,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":201},[],{"prepared":25,"raw":47,"locations":138},[139],{"file":121,"line":140,"context":141},271,"$wpdb->get_results() with variable interpolation",{"escaped":31,"rawEcho":143,"locations":144},31,[145,148,149,151,153,155,157,159,161,163,165,167,169,171,173,175,176,178,180,181,183,185,186,188,190,191,193,195,196,198,200],{"file":121,"line":146,"context":147},91,"raw output",{"file":121,"line":13,"context":147},{"file":121,"line":150,"context":147},106,{"file":121,"line":152,"context":147},115,{"file":121,"line":154,"context":147},124,{"file":121,"line":156,"context":147},125,{"file":121,"line":158,"context":147},127,{"file":121,"line":160,"context":147},128,{"file":121,"line":162,"context":147},130,{"file":121,"line":164,"context":147},131,{"file":121,"line":166,"context":147},139,{"file":121,"line":168,"context":147},147,{"file":121,"line":170,"context":147},150,{"file":121,"line":172,"context":147},175,{"file":121,"line":174,"context":147},177,{"file":121,"line":174,"context":147},{"file":121,"line":177,"context":147},183,{"file":121,"line":179,"context":147},185,{"file":121,"line":179,"context":147},{"file":121,"line":182,"context":147},191,{"file":121,"line":184,"context":147},193,{"file":121,"line":184,"context":147},{"file":121,"line":187,"context":147},201,{"file":121,"line":189,"context":147},202,{"file":121,"line":189,"context":147},{"file":121,"line":192,"context":147},208,{"file":121,"line":194,"context":147},210,{"file":121,"line":194,"context":147},{"file":121,"line":197,"context":147},216,{"file":121,"line":199,"context":147},218,{"file":121,"line":199,"context":147},[],[],{"summary":204,"deductions":205},"The 'comments-leaderboard' plugin v1.1 presents a concerning security posture despite a seemingly clean vulnerability history.  The static analysis reveals a significant lack of fundamental security practices. Notably, 100% of SQL queries are not using prepared statements, which is a major risk for SQL injection vulnerabilities.  Furthermore, only 14% of output escaping is properly implemented, leaving a large attack surface for cross-site scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks on any entry points, coupled with the lack of authentication checks on AJAX handlers and permission callbacks for REST API routes (even though there are zero entry points currently), indicates a developer who may not be familiar with WordPress security best practices. The zero taint analysis flows are likely a reflection of the limited entry points and the fact that the analysis might not have been able to reach critical code paths due to the lack of observable input handling. The absence of past vulnerabilities is positive but does not negate the inherent risks identified in the current code. The plugin's current strengths lie in its small attack surface and lack of file operations or external HTTP requests, but these are overshadowed by the critical weaknesses in data handling and security control implementation.",[206,208,211,213],{"reason":207,"points":11},"SQL queries not using prepared statements",{"reason":209,"points":210},"Low percentage of properly escaped output",8,{"reason":212,"points":31},"No nonce checks",{"reason":214,"points":31},"No capability checks","2026-03-16T23:33:43.034Z",{"wat":217,"direct":226},{"assetPaths":218,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[219,220],"\u002Fwp-content\u002Fplugins\u002Fcomments-leaderboard\u002Fassets\u002Fcomments-leaderboard.css","\u002Fwp-content\u002Fplugins\u002Fcomments-leaderboard\u002Fassets\u002Fcomments-leaderboard.js",[],[220],[224,225],"comments-leaderboard\u002Fassets\u002Fcomments-leaderboard.css?ver=","comments-leaderboard\u002Fassets\u002Fcomments-leaderboard.js?ver=",{"cssClasses":227,"htmlComments":241,"htmlAttributes":249,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":254},[228,229,230,231,232,233,234,235,236,237,238,239,240],"leaderboard-head","leaderboard-title","small-title","leaderboard-desc","leaderboard-leaders","leader-tile","leader-tile-","leader-tile-inner","leader-avatar","leader-count","leader-name","leaderboard-footer","cl-bg-color",[242,243,244,245,246,247,248],"\u003C!-- Title -->","\u003C!-- Description -->","\u003C!-- Leaderboard -->","\u003C!-- Exclude Names -->","\u003C!-- Color Picker -->","\u003C!-- No Leaders Message -->","\u003C!-- Footer -->",[250],"data-field_id=\"color\"",[],[253],"comments_leaderboard_color_picker",[]]