[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQgzlE7o_f23ojFtR-Vfh7fZM_0FVjmOlR2OD8BR5y_I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":148},"contributors-gallery","Contributors Gallery – The Ultimate WordPress Contributors Showcase","1.2.0","Huzaifa Al Mesbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuzaifaalmesbah\u002F","\u003Ch4>WordPress Contributors Gallery – The Ultimate Solution for Showcasing WordPress Contributors\u003C\u002Fh4>\n\u003Cp>Contributors Gallery is the most comprehensive WordPress plugin for displaying and managing WordPress version contributors. Our plugin seamlessly integrates with WordPress.org to showcase contributors through elegant profiles, advanced search capabilities, and dynamic version filtering.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FsomoJEeQcuE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Comprehensive Display\u003C\u002Fstrong>: Show contributors from any WordPress version (3.2 onwards)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Search\u003C\u002Fstrong>: Find specific contributor and view their contribution history\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interactive Version Selector\u003C\u002Fstrong>: Switch between WordPress versions seamlessly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contributor Categories\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Noteworthy Contributors (Core & Contributing Developers)\u003C\u002Fli>\n\u003Cli>Core Contributors (Props)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rich Visual Elements\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Beautiful avatar display for noteworthy contributors\u003C\u002Fli>\n\u003Cli>WordPress.org profile links\u003C\u002Fli>\n\u003Cli>Responsive, modern design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance Optimized\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Built-in 24-hour caching\u003C\u002Fli>\n\u003Cli>AJAX-powered version switching\u003C\u002Fli>\n\u003Cli>Lightweight implementation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Shortcodes\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>Display Contributors List:\u003Cbr \u002F>\n\u003Ccode>[wpcg_contributors]\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Search Contributors:\u003Cbr \u002F>\n\u003Ccode>[wpcg_contributor_search]\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cp>The \u003Ccode>[wpcg_contributors]\u003C\u002Fcode> shortcode accepts the following parameters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>version\u003C\u002Fcode>: Specify WordPress version (e.g., “6.4”)\u003C\u002Fli>\n\u003Cli>\u003Ccode>switcher\u003C\u002Fcode>: Control version selector visibility (“true”\u002F”false”)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Examples:\u003Cbr \u002F>\n    \u003Ccode>[wpcg_contributors version=\"6.4\"]\u003Cbr \u002F>\n[wpcg_contributors switcher=\"false\"]\u003Cbr \u002F>\n[wpcg_contributors version=\"6.4\" switcher=\"false\"]\u003Cbr \u002F>\n[wpcg_contributors version=\"6.4\" switcher=\"true\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Check out our other Plugins\u003C\u002Fh3>\n\u003Cp>– \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-password-protect\u002F\" rel=\"ugc\">Smart Password Protect\u003C\u002Fa>\u003C\u002Fstrong> – Secure your WordPress site with password protection and IP whitelisting.\u003Cbr \u002F>\n– \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frandom-quote\u002F\" rel=\"ugc\">Random Quote\u003C\u002Fa>\u003C\u002Fstrong> – \u003Cem>Display a random quote on your site, inspiring visitors with fresh content every time they refresh the page.\u003C\u002Fem>\u003Cbr \u002F>\n– \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fredirect-after-logout\u002F\" rel=\"ugc\">Redirect After Logout\u003C\u002Fa>\u003C\u002Fstrong> – \u003Cem>Seamlessly redirect users to a custom page after logging out, enhancing user experience on your WordPress site.\u003C\u002Fem>\u003Cbr \u002F>\n– \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproduct-spotlight-badge\u002F\" rel=\"ugc\">Product Spotlight Badge\u003C\u002Fa>\u003C\u002Fstrong> – Highlight special products with a customizable spotlight badge on your WooCommerce store.\u003C\u002Fp>\n","Display WordPress contributors beautifully with live profiles, avatars, and powerful search. Showcase the people who make WordPress great.",0,643,"2025-02-11T20:39:00.000Z","6.7.5","5.2","7.2",[18,4,19,20],"contributor-showcase","wordpress-credits","wordpress-contributors","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontributors-gallery\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontributors-gallery.1.2.0.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":23,"computed_at":33},"huzaifaalmesbah",10,400,97,30,"2026-04-04T06:15:25.351Z",[],{"attackSurface":36,"codeSignals":78,"taintFlows":89,"riskAssessment":139,"analyzedAt":147},{"hooks":37,"ajaxHandlers":51,"restRoutes":66,"shortcodes":67,"cronEvents":76,"entryPointCount":77,"unprotectedCount":11},[38,44,48],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","plugins_loaded","init","contributors-gallery.php",32,{"type":39,"name":45,"callback":46,"file":47,"line":43},"wp_enqueue_scripts","enqueue_scripts","includes\\Controllers\\ContributorsController.php",{"type":39,"name":45,"callback":46,"file":49,"line":50},"includes\\Controllers\\SearchController.php",64,[52,58,60,64],{"action":53,"nopriv":54,"callback":55,"hasNonce":56,"hasCapCheck":54,"file":47,"line":57},"wpcg_load_contributors",false,"load_contributors",true,33,{"action":53,"nopriv":56,"callback":55,"hasNonce":56,"hasCapCheck":54,"file":47,"line":59},34,{"action":61,"nopriv":54,"callback":62,"hasNonce":56,"hasCapCheck":54,"file":49,"line":63},"wpcg_search_contributor","handle_search_request",62,{"action":61,"nopriv":56,"callback":62,"hasNonce":56,"hasCapCheck":54,"file":49,"line":65},63,[],[68,72],{"tag":69,"callback":70,"file":47,"line":71},"wpcg_contributors","render_shortcode",31,{"tag":73,"callback":74,"file":49,"line":75},"wpcg_contributor_search","render_search_form",61,[],6,{"dangerousFunctions":79,"sqlUsage":80,"outputEscaping":83,"fileOperations":11,"externalRequests":86,"nonceChecks":87,"capabilityChecks":11,"bundledLibraries":88},[],{"prepared":81,"raw":11,"locations":82},4,[],{"escaped":84,"rawEcho":11,"locations":85},54,[],3,2,[],[90,115,125],{"entryPoint":91,"graph":92,"unsanitizedCount":113,"severity":114},"load_contributors (includes\\Controllers\\ContributorsController.php:97)",{"nodes":93,"edges":110},[94,99,103],{"id":95,"type":96,"label":97,"file":47,"line":98},"n0","source","$_POST",101,{"id":100,"type":101,"label":102,"file":47,"line":98},"n1","transform","→ get_contributors_data()",{"id":104,"type":105,"label":106,"file":107,"line":108,"wp_function":109},"n2","sink","wp_remote_get() [SSRF]","includes\\Services\\ApiService.php",41,"wp_remote_get",[111,112],{"from":95,"to":100,"sanitized":54},{"from":100,"to":104,"sanitized":54},1,"medium",{"entryPoint":116,"graph":117,"unsanitizedCount":113,"severity":114},"\u003CContributorsController> (includes\\Controllers\\ContributorsController.php:0)",{"nodes":118,"edges":122},[119,120,121],{"id":95,"type":96,"label":97,"file":47,"line":98},{"id":100,"type":101,"label":102,"file":47,"line":98},{"id":104,"type":105,"label":106,"file":107,"line":108,"wp_function":109},[123,124],{"from":95,"to":100,"sanitized":54},{"from":100,"to":104,"sanitized":54},{"entryPoint":126,"graph":127,"unsanitizedCount":113,"severity":114},"\u003CSearchController> (includes\\Controllers\\SearchController.php:0)",{"nodes":128,"edges":136},[129,131,133],{"id":95,"type":96,"label":97,"file":49,"line":130},193,{"id":100,"type":101,"label":132,"file":49,"line":130},"→ get_profile_data()",{"id":104,"type":105,"label":106,"file":134,"line":135,"wp_function":109},"includes\\Services\\ProfileService.php",35,[137,138],{"from":95,"to":100,"sanitized":54},{"from":100,"to":104,"sanitized":54},{"summary":140,"deductions":141},"The 'contributors-gallery' plugin version 1.2.0 exhibits a strong security posture in several key areas. The static analysis indicates robust implementation of prepared statements for all SQL queries and complete output escaping, which significantly mitigates risks of SQL injection and cross-site scripting (XSS).  The absence of known vulnerabilities in its history further reinforces this positive assessment.  However, there are areas for improvement. The presence of three unsanitized path flows identified in the taint analysis is a notable concern, even though they are not classified as critical or high severity. This suggests potential for information disclosure or unintended file access if these paths are manipulated by an attacker. Additionally, while nonce checks are present, they are not applied to all AJAX handlers, leaving them potentially vulnerable to CSRF attacks.\n\nOverall, the plugin demonstrates good development practices regarding data sanitization and output handling. The lack of historical vulnerabilities is a positive indicator of ongoing security awareness. The primary concerns stem from the identified unsanitized path flows and the incomplete nonce protection on AJAX endpoints. These represent potential entry points that, while not currently exploited or critically flagged, could be leveraged by attackers. Addressing these specific weaknesses would further enhance the plugin's security, moving it towards a more secure and resilient state.",[142,144],{"reason":143,"points":29},"Unsanitized path flows found",{"reason":145,"points":146},"Missing nonce checks on some AJAX handlers",5,"2026-03-17T06:41:43.850Z",{"wat":149,"direct":158},{"assetPaths":150,"generatorPatterns":155,"scriptPaths":156,"versionParams":157},[151,152,153,154],"\u002Fwp-content\u002Fplugins\u002Fcontributors-gallery\u002Fassets\u002Fcss\u002Fwpcg-styles.css","\u002Fwp-content\u002Fplugins\u002Fcontributors-gallery\u002Fassets\u002Fjs\u002Fwpcg-contributors-handler.js","\u002Fwp-content\u002Fplugins\u002Fcontributors-gallery\u002Fassets\u002Fcss\u002Fwpcg-search-styles.css","\u002Fwp-content\u002Fplugins\u002Fcontributors-gallery\u002Fassets\u002Fjs\u002Fwpcg-search-handler.js",[],[],[],{"cssClasses":159,"htmlComments":172,"htmlAttributes":173,"restEndpoints":176,"jsGlobals":178,"shortcodeOutput":181},[160,161,162,163,164,165,166,167,168,169,170,171],"wpcg-gallery","wpcg-gallery__container","wpcg-gallery__version-switcher","wpcg-contributors__search-form","wpcg-contributors__search-input","wpcg-contributors__search-button","wpcg-contributors__results","wpcg-contributors__list","wpcg-contributors__item","wpcg-contributors__avatar","wpcg-contributors__name","wpcg-contributors__role",[],[174,175],"data-version","data-nonce",[177],"\u002Fwp-json\u002Fwpcg\u002Fv1\u002Fcontributors",[179,180],"wpcg_ajax","wpcg_search_ajax",[182,183],"[wpcg_contributors]","[wpcg_contributor_search]"]