[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLJ5GHoxyTc_tR4UDnUI-24QEOhimVGyFE2820BPQXdo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":124,"fingerprints":439},"community-cloud","Community Cloud Plugin","2.0","migueljds","https:\u002F\u002Fprofiles.wordpress.org\u002Fmigueljds\u002F","\u003Cp>This plugin displays a ‘tag cloud’ of all the people in your community who have contributed to our blog by commenting.\u003Cbr \u002F>\nThe more comments someone has made on your blog the bigger and bolder their tag. Thus, it’s a tag cloud of community participants for your blog.\u003Cbr \u002F>\nYou also have options to customize the community cloud to your blog and needs.\u003Cbr \u002F>\nPeople can see how big your community is in a more visually impactful way, as well as being able to see who the major contributors are compared to the people who just comment once off.\u003C\u002Fp>\n\u003Ch3>Upgrading\u003C\u002Fh3>\n\u003Cp>If you’re upgrading from a previous version of the community cloud,\u003Cbr \u002F>\nyou’ll need to deactivate and reactivate the plugin after uploading the new files.\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>More Social – This version now includes optional “social” hCards. The plugin will check the website\u002Fblog URL of each of the commenters in your cloud and if they have an hCard it will include it on the commenters link.\u003C\u002Fli>\n\u003Cli>More Efficient – The plugin is a lot more efficient than the last version. The cloud is no longer generate and displayed in real time. The cloud is prebuilt on activation and continually maintained as people comment on your blog.\u003C\u002Fli>\n\u003Cli>More Accurate – Instead of filtering out commenters by name (different people might comment with the same name), comments are now filtered out using commenter’s email address, which is a lot more accurate. There is also an option to exclude, certain link URLs from your cloud.\u003Cbr \u002F>\n1.2.3:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Improved comment count display, to allow comment counts to appear in tooltip text, in the link, or not at all\u003C\u002Fli>\n\u003Cli>removed old url validate function and replaced it with something more simple\u003C\u002Fli>\n\u003Cli>fixed font colors, so if you leave out max. font color and min. font color it falls back to your theme’s default link colors rather than reverting to black\u003Cbr \u002F>\n1.2.2:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added the option to specify your own link seperator character\u003C\u002Fli>\n\u003Cli>Option to display comment authors that haven’t entered website URLs as well as those that have\u003C\u002Fli>\n\u003Cli>Show number of comments author has posted in link tooltip text\u003Cbr \u002F>\n1.2.1:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Allow plugin files to work in any subdirectory. It used to be that the plugin only functioned properly in the plugins\u002Fcommunity_cloud\u002F directory\u003Cbr \u002F>\n1.2:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>added sidebar widget\u003C\u002Fli>\n\u003Cli>added option link back to the author of the plugin\u003C\u002Fli>\n\u003Cli>added the option to set your comment threshold (default 1)\u003C\u002Fli>\n\u003Cli>added option to order your cloud by most recent commenter to earliest, top commenter to lowest, and random (default)\u003Cbr \u002F>\n1.1:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>added mysql_escape_string for security\u003Cbr \u002F>\n1.0:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>initial release\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Have Fun.\u003C\u002Fp>\n\u003Cp>Miguel dos Santos\u003Cbr \u002F>\nYour Group of Web AddiCT(s);\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.webaddict.co.za\u003C\u002Fp>\n","This plugin displays a 'tag cloud' of all the people in your community who have contributed to our blog by commenting.",10,5846,0,"2009-02-14T15:25:00.000Z","2.7","2.1","",[19,20,21,22,23],"cloud","comments","community","sidebar","widget","http:\u002F\u002Fwww.webaddict.co.za\u002F2007\u002F09\u002F04\u002Fcommunity-cloud-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcommunity-cloud.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T16:06:07.941Z",[36,54,73,90,109],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":31,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":52,"download_link":53,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"most-popular-posts","Most Popular Posts","1.6.2","wesg","https:\u002F\u002Fprofiles.wordpress.org\u002Fwesg\u002F","\u003Cp>Most Popular Posts is a basic widget for your sidebar that creates a list of links to the top posts on your blog according to the number of comments on the post. You can customize many aspects of the plugin to fit in your blog.\u003C\u002Fp>\n\u003Cp>Updates include including and excluding categories, reverse the order of comments and incorporation of WordPress widget standards.\u003C\u002Fp>\n\u003Cp>For a complete list of the changes from each version, please visit \u003Ca href=\"http:\u002F\u002Fwww.wesg.ca\u002F2008\u002F08\u002Fwordpress-widget-most-popular\u002F#changelog\" rel=\"nofollow ugc\">the plugin homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For examples and tips on using the plugin, please check \u003Ca href=\"http:\u002F\u002Fwww.wesg.ca\u002F2008\u002F08\u002Fwordpress-widget-most-popular\u002F#examples\" rel=\"nofollow ugc\">the examples\u003C\u002Fa> on the plugin homepage.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Used exclusively as a widget at the current time.\u003C\u002Fp>\n","This is a very simple widget that displays a link to the top commented posts on your blog.",300,51094,40,"2013-02-14T04:23:00.000Z","3.5.2","2.8",[20,51,22,23],"most-popular","http:\u002F\u002Fwww.wesg.ca\u002F2008\u002F08\u002Fwordpress-widget-most-popular\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmost-popular-posts.1.6.2.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":49,"requires_php":17,"tags":68,"homepage":71,"download_link":72,"security_score":64,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"top-commentators-widget","Top Commentators Widget","1.7","Lorna Timbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebgrrrl\u002F","\u003Cp>This plugin creates a widget to show the top commentators in your WP site. Always go back to the Widget settings after each version update to Save your settings. Demo can be found at http:\u002F\u002Fdemo.webgrrrl.net\u003C\u002Fp>\n\u003Cp>The Top Commentators Widget plugin is adapted from Show Top Commentators plugin at Personal Financial Advice, this widget is easier to manage via the control form (no need to edit the PHP file); additional options are also available to make it more flexible. Read the FAQ section on how to customize the widget. Read the Changelog as well as http:\u002F\u002Fwebgrrrl.net\u002Ftags\u002Ftcw for the latest news on this widget.\u003C\u002Fp>\n\u003Cp>This widget is extensively tested with the following settings: Google Chrome 13.0.782.215 m, PHP 5.2.13, Apache 2.2.15 (Win32), MySQL 5.0.51a, WordPress 3.2.1. Further testing and bug report on this widget is greatly welcomed and appreciated.\u003C\u002Fp>\n","Adds a sidebar widget to show the top commentators in your WP site. Demo: http:\u002F\u002Fdemo.webgrrrl.net",200,156008,100,2,"2025-12-20T13:00:00.000Z","6.6.5",[20,69,70,22,23],"gravatar","seo","http:\u002F\u002Fwebgrrrl.net\u002Farchives\u002Fmy-top-commentators-widget-quick-dirty.htm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-commentators-widget.1.7.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":64,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":17,"tags":87,"homepage":17,"download_link":89,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"disqus-recent-comments-widget","Disqus Recent Comments Widget","1.2","Andrew Bartel","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrew-bartel\u002F","\u003Cp>The Disqus Recent Comments Widget plugin will create a configurable widget that will allow you to display comments in any widgetized area of your theme like sidebars and footers.\u003C\u002Fp>\n\u003Cp>You can customize the comment length and date format, filter users and choose from three different markup templates, among other things.  The plugin has full support for custom markup defined with register_sidebars() and should integrate smoothly with most themes in the wp.org repository.\u003C\u002Fp>\n\u003Cp>We try to be very proactive and responsive with support.  So, if you have any issues, please post in the support forums and we’ll do our best to resolve your issue promptly.\u003C\u002Fp>\n\u003Cp>You can follow development here: https:\u002F\u002Fgithub.com\u002Fandrewbartel\u002FDisqus_Recent_Comments\u003C\u002Fp>\n","Disqus has dropped support for their recent comments widget.  This plugin creates a configurable widget that will display your latest Disqus comments.",25099,86,7,"2014-09-22T01:54:00.000Z","4.0.38","3.4.1",[20,88,22,23],"disqus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisqus-recent-comments-widget.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":64,"downloaded":98,"rating":99,"num_ratings":100,"last_updated":17,"tested_up_to":101,"requires_at_least":102,"requires_php":17,"tags":103,"homepage":106,"download_link":107,"security_score":64,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":108},"os-emi-calculator","EMI Calculator","1.0","vkt005","https:\u002F\u002Fprofiles.wordpress.org\u002Fvkt005\u002F","\u003Cp>Use EMI calculator as shortcode in post content or widget area without editing your theme files\u003C\u002Fp>\n\u003Cp>USAGE:\u003Cbr \u002F>\nUse [emicalc format=”full”][\u002Femicalc] OR [emicalc format=”sidebar”][\u002Femicalc] shortcode in your post content to show the EMI calculator without editing your theme files\u003Cbr \u002F>\nEXAMPLE:\u003Cbr \u002F>\n[emicalc format=”full”][\u002Femicalc] OR\u003Cbr \u002F>\nOR\u003Cbr \u002F>\n[emicalc format=”sidebar”][\u002Femicalc]\u003C\u002Fp>\n","Use EMI calculator as shortcode in post content or widget area without editing your theme files",7269,74,3,"3.7.41","2.0.5",[104,20,105,22,23],"calculator","match","http:\u002F\u002Fopensum.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fos-emi-calculator.zip","2026-03-15T10:48:56.248Z",{"slug":110,"name":111,"version":57,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":64,"downloaded":116,"rating":64,"num_ratings":31,"last_updated":117,"tested_up_to":118,"requires_at_least":6,"requires_php":17,"tags":119,"homepage":122,"download_link":123,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"widget-category-cloud","Category Cloud Widget","vertino","https:\u002F\u002Fprofiles.wordpress.org\u002Fvertino\u002F","\u003Cp>The Category Cloud Widget is a widget that displays your categories as a tag cloud in your sidebar.\u003C\u002Fp>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cp>You can see this in action on my site: \u003Ca href=\"http:\u002F\u002Fleekelleher.com\u002Flinklog\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fleekelleher.com\u002Flinklog\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Special Thanks\u003C\u002Fh3>\n\u003Cp>Thank you to Matt Kingston, as this widget was based on his \u003Ca href=\"http:\u002F\u002Fwww.hitormiss.org\u002Fprojects\u002Fweighted-categories\u002F\" rel=\"nofollow ugc\">Weighted Categories\u003C\u002Fa> plugin.\u003Cbr \u002F>\nThanks to \u003Ca href=\"http:\u002F\u002Fwww.minmen.nl\u002F\" rel=\"nofollow ugc\">Peter Hasperhoven\u003C\u002Fa> for introducing the ‘minimum number of posts’ option.\u003C\u002Fp>\n","The Category Cloud Widget is a widget that displays your categories as a tag cloud in your sidebar.",47024,"2008-05-08T12:45:00.000Z","2.3",[120,19,22,121,23],"category","tags","http:\u002F\u002Fleekelleher.com\u002Fwordpress\u002Fplugins\u002Fcategory-cloud-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-category-cloud.zip",{"attackSurface":125,"codeSignals":178,"taintFlows":291,"riskAssessment":416,"analyzedAt":438},{"hooks":126,"ajaxHandlers":170,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":31,"unprotectedCount":31},[127,133,137,140,144,148,153,157,161,165],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","admin_menu","community_cloud_menu","community_cloud.php",129,{"type":128,"name":134,"callback":135,"file":131,"line":136},"comment_post","community_cloud_update",166,{"type":128,"name":138,"callback":135,"file":131,"line":139},"wp_set_comment_status",167,{"type":128,"name":141,"callback":142,"file":131,"line":143},"edit_comment","community_cloud_rebuild",174,{"type":128,"name":145,"callback":146,"file":131,"line":147},"delete_comment","community_cloud_delete_comment",181,{"type":149,"name":150,"callback":151,"file":131,"line":152},"filter","the_content","community_cloud_display",239,{"type":128,"name":154,"callback":155,"file":131,"line":156},"widgets_init","widget_community_cloud_init",294,{"type":149,"name":158,"callback":159,"file":131,"line":160},"wp_print_scripts","community_cloud_add_scripts",308,{"type":128,"name":162,"callback":163,"file":131,"line":164},"wp_head","community_cloud_print_styles",316,{"type":128,"name":166,"callback":167,"file":168,"line":169},"admin_print_scripts","community_cloud_js_admin_header","includes\\common.php",148,[171],{"action":172,"nopriv":173,"callback":172,"hasNonce":173,"hasCapCheck":173,"file":168,"line":174},"community_cloud_ajax_get_hcard_lookup",false,172,[],[],[],{"dangerousFunctions":179,"sqlUsage":193,"outputEscaping":241,"fileOperations":83,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":290},[180,184,189],{"fn":181,"file":168,"line":182,"context":183},"unserialize",102,"return unserialize(wp_remote_fopen('http:\u002F\u002Ftools.microformatic.com\u002Fquery\u002Fphp\u002Fhkit\u002F'.$url));",{"fn":185,"file":186,"line":187,"context":188},"exec","includes\\hkit.class.php",303,"exec(\"tidy -utf8 -indent -asxhtml -numeric -bare -quiet $tmp_file\", $tidy);",{"fn":181,"file":190,"line":191,"context":192},"popup.php",27,"$hcard = unserialize(wp_remote_fopen($url));",{"prepared":100,"raw":194,"locations":195},21,[196,200,203,206,208,211,213,215,217,219,221,223,225,226,227,229,231,233,235,237,239],{"file":197,"line":198,"context":199},"community_cloud-options.php",33,"$wpdb->query() with variable interpolation",{"file":131,"line":201,"context":202},20,"$wpdb->get_var() with variable interpolation",{"file":131,"line":204,"context":205},42,"$wpdb->get_results() with variable interpolation",{"file":131,"line":207,"context":199},97,{"file":131,"line":209,"context":210},135,"$wpdb->get_row() with variable interpolation",{"file":131,"line":212,"context":199},147,{"file":131,"line":214,"context":205},150,{"file":131,"line":216,"context":199},152,{"file":131,"line":218,"context":205},157,{"file":131,"line":220,"context":199},159,{"file":131,"line":222,"context":199},162,{"file":131,"line":224,"context":199},213,{"file":168,"line":46,"context":205},{"file":168,"line":204,"context":210},{"file":168,"line":228,"context":199},44,{"file":168,"line":230,"context":199},47,{"file":168,"line":232,"context":205},62,{"file":168,"line":234,"context":205},70,{"file":168,"line":236,"context":199},79,{"file":168,"line":238,"context":205},182,{"file":168,"line":240,"context":199},194,{"escaped":242,"rawEcho":243,"locations":244},4,24,[245,248,250,251,253,254,256,258,259,261,262,264,266,268,270,272,274,276,278,280,282,284,286,288],{"file":197,"line":246,"context":247},115,"raw output",{"file":197,"line":249,"context":247},123,{"file":197,"line":132,"context":247},{"file":197,"line":252,"context":247},140,{"file":197,"line":216,"context":247},{"file":197,"line":255,"context":247},158,{"file":197,"line":257,"context":247},175,{"file":197,"line":147,"context":247},{"file":197,"line":260,"context":247},187,{"file":197,"line":152,"context":247},{"file":197,"line":263,"context":247},245,{"file":197,"line":265,"context":247},251,{"file":197,"line":267,"context":247},257,{"file":197,"line":269,"context":247},266,{"file":197,"line":271,"context":247},279,{"file":197,"line":273,"context":247},296,{"file":131,"line":275,"context":247},261,{"file":131,"line":277,"context":247},284,{"file":131,"line":279,"context":247},285,{"file":131,"line":281,"context":247},286,{"file":131,"line":283,"context":247},287,{"file":131,"line":285,"context":247},313,{"file":190,"line":287,"context":247},32,{"file":190,"line":289,"context":247},38,[],[292,404],{"entryPoint":293,"graph":294,"unsanitizedCount":402,"severity":403},"\u003Ccommunity_cloud-options> (community_cloud-options.php:0)",{"nodes":295,"edges":386},[296,301,306,309,311,315,317,321,323,326,328,332,334,337,339,343,345,348,350,354,356,360,362,365,367,371,373,377,380,384],{"id":297,"type":298,"label":299,"file":197,"line":300},"n0","source","$_POST['cc_exclude_email']",23,{"id":302,"type":303,"label":304,"file":197,"line":300,"wp_function":305},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":307,"type":298,"label":308,"file":197,"line":243},"n2","$_POST['cc_exclude_url']",{"id":310,"type":303,"label":304,"file":197,"line":243,"wp_function":305},"n3",{"id":312,"type":298,"label":313,"file":197,"line":314},"n4","$_POST['cc_empty_urls']",25,{"id":316,"type":303,"label":304,"file":197,"line":314,"wp_function":305},"n5",{"id":318,"type":298,"label":319,"file":197,"line":320},"n6","$_POST['cc_threshold']",26,{"id":322,"type":303,"label":304,"file":197,"line":320,"wp_function":305},"n7",{"id":324,"type":298,"label":325,"file":197,"line":46},"n8","$_POST['cc_maxtagsize']",{"id":327,"type":303,"label":304,"file":197,"line":46,"wp_function":305},"n9",{"id":329,"type":298,"label":330,"file":197,"line":331},"n10","$_POST['cc_mintagsize']",41,{"id":333,"type":303,"label":304,"file":197,"line":331,"wp_function":305},"n11",{"id":335,"type":298,"label":336,"file":197,"line":204},"n12","$_POST['cc_fontunits']",{"id":338,"type":303,"label":304,"file":197,"line":204,"wp_function":305},"n13",{"id":340,"type":298,"label":341,"file":197,"line":342},"n14","$_POST['cc_maxtagcolour']",43,{"id":344,"type":303,"label":304,"file":197,"line":342,"wp_function":305},"n15",{"id":346,"type":298,"label":347,"file":197,"line":228},"n16","$_POST['cc_mintagcolour']",{"id":349,"type":303,"label":304,"file":197,"line":228,"wp_function":305},"n17",{"id":351,"type":298,"label":352,"file":197,"line":353},"n18","$_POST['cc_show_comment_count']",45,{"id":355,"type":303,"label":304,"file":197,"line":353,"wp_function":305},"n19",{"id":357,"type":298,"label":358,"file":197,"line":359},"n20","$_POST['cc_seperator']",46,{"id":361,"type":303,"label":304,"file":197,"line":359,"wp_function":305},"n21",{"id":363,"type":298,"label":364,"file":197,"line":230},"n22","$_POST['cc_order_by']",{"id":366,"type":303,"label":304,"file":197,"line":230,"wp_function":305},"n23",{"id":368,"type":298,"label":369,"file":197,"line":370},"n24","$_POST['cc_creator_credit']",55,{"id":372,"type":303,"label":304,"file":197,"line":370,"wp_function":305},"n25",{"id":374,"type":298,"label":375,"file":197,"line":376},"n26","$_POST (x5)",50,{"id":378,"type":303,"label":304,"file":197,"line":379,"wp_function":305},"n27",56,{"id":381,"type":298,"label":382,"file":197,"line":383},"n28","$_POST['cc_advanced_hcard']",60,{"id":385,"type":303,"label":304,"file":197,"line":383,"wp_function":305},"n29",[387,388,389,390,391,392,393,394,395,396,397,398,399,400,401],{"from":297,"to":302,"sanitized":173},{"from":307,"to":310,"sanitized":173},{"from":312,"to":316,"sanitized":173},{"from":318,"to":322,"sanitized":173},{"from":324,"to":327,"sanitized":173},{"from":329,"to":333,"sanitized":173},{"from":335,"to":338,"sanitized":173},{"from":340,"to":344,"sanitized":173},{"from":346,"to":349,"sanitized":173},{"from":351,"to":355,"sanitized":173},{"from":357,"to":361,"sanitized":173},{"from":363,"to":366,"sanitized":173},{"from":368,"to":372,"sanitized":173},{"from":374,"to":378,"sanitized":173},{"from":381,"to":385,"sanitized":173},19,"low",{"entryPoint":405,"graph":406,"unsanitizedCount":31,"severity":415},"\u003Cpopup> (popup.php:0)",{"nodes":407,"edges":413},[408,411],{"id":297,"type":298,"label":409,"file":190,"line":410},"$_GET",12,{"id":302,"type":303,"label":412,"file":190,"line":191,"wp_function":181},"unserialize() [Object Injection]",[414],{"from":297,"to":302,"sanitized":173},"high",{"summary":417,"deductions":418},"The community-cloud v2.0 plugin exhibits a concerning security posture due to several critical code vulnerabilities and a lack of fundamental security practices. The static analysis reveals a significant attack surface, with one AJAX handler present and entirely unprotected by authentication checks. This unprotected entry point is a primary concern, as it can be exploited by unauthenticated users.\n\nFurther compounding these issues, the code utilizes dangerous functions like `unserialize` and `exec`, which are prone to abuse if not handled with extreme care. The taint analysis highlights a critical severity flow with unsanitized paths, indicating a potential for remote code execution or other severe compromises. The low percentage of SQL queries using prepared statements and properly escaped output also points to a high risk of SQL injection and cross-site scripting (XSS) vulnerabilities.\n\nThe absence of any recorded CVEs in the vulnerability history might seem positive, but given the numerous critical flaws identified in the static and taint analysis, this is likely a reflection of the plugin not being thoroughly scrutinized or its vulnerabilities not yet being publicly disclosed. The plugin demonstrates a severe disregard for security best practices, making it a high-risk component for any WordPress installation.",[419,421,423,425,428,431,434,436],{"reason":420,"points":11},"Unprotected AJAX handler found",{"reason":422,"points":83},"Dangerous function 'unserialize' used",{"reason":424,"points":83},"Dangerous function 'exec' used",{"reason":426,"points":427},"Critical severity taint flow",15,{"reason":429,"points":430},"Low percentage of prepared SQL statements",8,{"reason":432,"points":433},"Low percentage of properly escaped output",5,{"reason":435,"points":11},"No nonce checks on AJAX handlers",{"reason":437,"points":11},"No capability checks on entry points","2026-03-17T00:32:33.013Z",{"wat":440,"direct":450},{"assetPaths":441,"generatorPatterns":444,"scriptPaths":445,"versionParams":446},[442,443],"\u002Fwp-content\u002Fplugins\u002Fcommunity-cloud\u002Fcommunity_cloud.css","\u002Fwp-content\u002Fplugins\u002Fcommunity-cloud\u002Fcommunity_cloud.js",[],[443],[447,448,449],"community_cloud\u002Fstyle.css?ver=","community_cloud\u002Fcommunity_cloud.css?ver=","community_cloud\u002Fcommunity_cloud.js?ver=",{"cssClasses":451,"htmlComments":452,"htmlAttributes":455,"restEndpoints":460,"jsGlobals":461,"shortcodeOutput":463},[4],[453,454],"\u003C!-- Community Cloud v2.0 by Webaddict -->","\u003C!-- Community Cloud -->",[456,457,458,459],"data-cc-id","data-cc-name","data-cc-url","data-cc-hcard",[],[462],"community_cloud_vars",[464],"[community_cloud]"]