[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBp_8AYl10PF4Y8RcEiqp63wxaRTOXKf3T08pOUdq8kg":3,"$fpI3OD84k8s4vCqhbb6g0rRtxXJ5WpV8QQyMdTtRqovE":393,"$ffmqoK475a9gO55aMK-xMbpYlBhTybHQ4SZszzieeAZg":398},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":97,"fingerprints":374},"cryptocurrency-coin-prices","Crypto Coin Market Prices","1.0.1","MyBitcoin","https:\u002F\u002Fprofiles.wordpress.org\u002Fmybitcoin\u002F","\u003Cp>MyBitcoin Cryptocurrency Coin Market Prices widget is a lightweight, easy to use option for setting up a bitcoin and altcoin exchange rate option with customizable coin number amounts, prices in USD, Market Caps, 24 hour trading volumes and a weekly chart graph to show all the major stats per cryptocurrency with full shortcode support for any area or thin space within the website.\u003C\u002Fp>\n\u003Cp>To see \u003Cstrong>live version\u003C\u002Fstrong> of cryptocurrency coin prices plugin, visit the sidebar of \u003Ca href=\"https:\u002F\u002Fbitcoinexchangeguide.com\u002F\" rel=\"nofollow ugc\">bitcoinexchangeguide.com\u003C\u002Fa> to see the coin market cap data display in action.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coin Market Cap Pricing Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sleek, Minimal Live Coin Price Market Cap and Trading Volume Data\u003C\u002Fli>\n\u003Cli>Shows US Dollar Currency Rates Table for All Top Cryptocurrencies or Specific Tokens\u003C\u002Fli>\n\u003Cli>Create and Manage Beautiful Rich View Settings with Adjustable Auto-Update Intervals\u003C\u002Fli>\n\u003Cli>Adaptive Font Scale Percentage for Small Sidebar and Widget Areas\u003C\u002Fli>\n\u003Cli>Multi-option Coin Market Data Provider for Crypto Price Rates; CoinCap, CoinMarketCap\u003C\u002Fli>\n\u003Cli>Hyperlinkable Coin Links URL Template with On\u002FOff Option\u003C\u002Fli>\n\u003Cli>Available as both Shortcode and Widget Location, No HTML Knowledge is Required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Data providers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin retrieves a data from external cryptocurrency data sources through their API:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>CoinCap\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Official site: \u003Ca href=\"https:\u002F\u002Fcoincap.io\" rel=\"nofollow ugc\">coincap.io\u003C\u002Fa>. Legals: \u003Ca href=\"https:\u002F\u002Fstatic.coincap.io\u002Fdocuments\u002Fterms_of_service.pdf\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fstatic.coincap.io\u002Fdocuments\u002Fprivacy_policy.pdf\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>CoinMarketCap\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Official site: \u003Ca href=\"https:\u002F\u002Fcoinmarketcap.com\" rel=\"nofollow ugc\">coinmarketcap.com\u003C\u002Fa>. Legals: \u003Ca href=\"https:\u002F\u002Fcoinmarketcap.com\u002Fterms\u002F\" rel=\"nofollow ugc\">Terms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fcoinmarketcap.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Requirements\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP 5.4 or higher.\u003C\u002Fli>\n\u003Cli>WordPress 4.0 or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy to use option for setting up a bitcoin and altcoin exchange rate.",10,6251,0,"2019-04-17T19:16:00.000Z","5.1.22","4.0","5.4",[19,20,21,22,23],"bitcoin-prices","coin-prices","crypto-coin-prices","crypto-prices","cryptocurrency-prices","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptocurrency-coin-prices","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptocurrency-coin-prices.1.0.1.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"mybitcoin",1,30,84,"2026-05-20T08:06:59.308Z",[38,61,80],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cryptowp","Crypto Price Widgets – CryptoWP","1.3.3","kolakube","https:\u002F\u002Fprofiles.wordpress.org\u002Falexmangini\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fcryptowp.com\u002F\" rel=\"nofollow ugc\">CryptoWP\u003C\u002Fa> is a lightweight plugin that makes it easy to manage and display cryptocurrency coin prices and other information on your website.\u003C\u002Fp>\n\u003Cp>See CryptoWP’s top features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Import and manage coins from the \u003Cstrong>Crypto Dashboard\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Link your pages to coin prices\u003C\u002Fli>\n\u003Cli>Refresh coin data every 15 minutes\u003C\u002Fli>\n\u003Cli>Show coin prices in 30 currencies\u003C\u002Fli>\n\u003Cli>Easy to use shortcode and Crypto widget\u003C\u002Fli>\n\u003Cli>Plain text, List, and Grid layout templates\u003C\u002Fli>\n\u003Cli>Calculate coin value of any USD\u002Ffiat currency value\u003C\u002Fli>\n\u003Cli>Developer friendly features and API\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003Cli>Pro feature on the way \u003Ca href=\"https:\u002F\u002Fcryptowp.com\u002F\" rel=\"nofollow ugc\">(see more →)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>NOTE:\u003C\u002Fstrong> Loving CryptoWP? Leave a review to help speed up development!\u003C\u002Fp>\n\u003Cp>Through the beautifully designed \u003Cstrong>Crypto Dashboard\u003C\u002Fstrong> you can import key data about your favorite cryptocurrencies to your site with ease.\u003C\u002Fp>\n\u003Cp>Coin prices update in the background of your site every 15 minutes to always show the latest data from the markets.\u003C\u002Fp>\n\u003Cp>CryptoWP comes with a drag-and-drop Widget and the \u003Ccode>[crypto]\u003C\u002Fcode> shortcode to instantly display your imported coin prices data on your site.\u003C\u002Fp>\n\u003Cp>To show coin data in versatile ways, use the built-in \u003Cstrong>Grid\u003C\u002Fstrong>, \u003Cstrong>List\u003C\u002Fstrong>, and \u003Cstrong>Text\u003C\u002Fstrong> templates (more coming soon).\u003C\u002Fp>\n\u003Cp>Unlike most cryptocurrency plugins, CryptoWP does not take over your admin panel with ads and bloated features and does not overwork your database by storing vast amounts of unused coin data.\u003C\u002Fp>\n\u003Cp>CryptoWP only saves relevant coin data from the coins you choose to import to you site through the Crypto Dashboard. CryptoWP gets all coin data from the \u003Ca href=\"https:\u002F\u002Fcryptocompare.com\u002F\" rel=\"nofollow ugc\">CryptoCompare API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>While we actively maintain this plugin for bug fixes and new features, we cannot offer support for any downtime by the CryptoCompare API. CryptoWP will never display a watermark of any kind on your website.\u003C\u002Fp>\n\u003Cp>New features coming soon in \u003Ca href=\"https:\u002F\u002Fcryptowp.com\u002F\" rel=\"nofollow ugc\">CryptoWP Pro →\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin to show the latest Bitcoin, Ethereum, and other cryptocurrency widgets on your website.",700,30568,100,12,"2026-03-27T19:17:00.000Z","6.8.5","3.5","5.2.4",[55,56,22,57,58],"bitcoin","crypto","cryptocurrency","ethereum","https:\u002F\u002Fcryptowp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptowp.1.3.3.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":13,"downloaded":69,"rating":13,"num_ratings":13,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"crypto-price-ticker-coinlore","Crypto Price Widgets – Live Cryptocurrency Prices by CoinLore","2.0","coinlore","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoinlore\u002F","\u003Cp>Crypto Price Widgets by CoinLore allows you to display live cryptocurrency prices, market capitalization, and coin data directly on your WordPress website.\u003C\u002Fp>\n\u003Cp>Easily embed:\u003C\u002Fp>\n\u003Cp>• Single Coin Price Widgets (Bitcoin, Ethereum, XRP, BNB, Dogecoin and more)\u003Cbr \u002F>\n• Live Crypto Ticker\u003Cbr \u002F>\n• Cryptocurrency Market Cap Tables\u003Cbr \u002F>\n• Custom coin lists\u003C\u002Fp>\n\u003Cp>Supports 15,000+ cryptocurrencies powered by CoinLore’s real-time crypto market data.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.coinlore.com\u002Fcrypto-widgets\" rel=\"nofollow ugc\">DEMO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Fully compatible with:\u003Cbr \u002F>\n• Gutenberg blocks\u003Cbr \u002F>\n• Shortcodes\u003Cbr \u002F>\n• Classic Editor\u003Cbr \u002F>\n• Page builders\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>• Live cryptocurrency prices (WebSocket powered)\u003Cbr \u002F>\n• 15,000+ coins supported\u003Cbr \u002F>\n• Server-side rendering for SEO compatibility\u003Cbr \u002F>\n• Native Gutenberg block support\u003Cbr \u002F>\n• Shortcode generator\u003Cbr \u002F>\n• Lightweight and performance optimized\u003Cbr \u002F>\n• Secure and SSL compatible\u003Cbr \u002F>\n• Mobile responsive design\u003Cbr \u002F>\n• No cryptojacking. No mining scripts.\u003Cbr \u002F>\n• Clean, fast JavaScript with no heavy frameworks\u003C\u002Fp>\n\u003Ch3>Security & Performance\u003C\u002Fh3>\n\u003Cp>Built with performance and security in mind:\u003C\u002Fp>\n\u003Cp>• Optimized caching layer\u003Cbr \u002F>\n• Minimal dependencies\u003Cbr \u002F>\n• WordPress coding best practices\u003Cbr \u002F>\n• Sanitized inputs and escaped output\u003Cbr \u002F>\n• Designed for financial and YMYL-sensitive content\u003C\u002Fp>\n\u003Ch3>Widget Types\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Single Coin Price Widget\u003C\u002Fli>\n\u003Cli>Live Crypto Ticker\u003C\u002Fli>\n\u003Cli>Cryptocurrency Table\u003C\u002Fli>\n\u003Cli>Custom Coin Lists\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>All widgets are fully customizable.\u003C\u002Fp>\n\u003Ch3>Gutenberg Blocks\u003C\u002Fh3>\n\u003Cp>This plugin includes native server-rendered Gutenberg blocks:\u003C\u002Fp>\n\u003Cp>• Crypto Price Block\u003Cbr \u002F>\n• Crypto Ticker Block\u003Cbr \u002F>\n• Crypto Table Block\u003C\u002Fp>\n\u003Cp>Blocks are rendered on the server for maximum SEO compatibility.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Official Website:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.coinlore.com\u002F\" rel=\"nofollow ugc\">CoinLore\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Widget Documentation:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.coinlore.com\u002Fcrypto-widgets\" rel=\"nofollow ugc\">Crypto Widgets Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Email:\u003Cbr \u002F>\ncontact@coinlore.com\u003C\u002Fp>\n","Crypto Price Widgets by CoinLore allows you to display live cryptocurrency prices, market capitalization, and coin data directly on your WordPress web …",1227,"2026-02-25T00:28:00.000Z","6.9.4","5.8","7.4",[75,22,76,57,77],"bitcoin-price","crypto-ticker","ethereum-price","https:\u002F\u002Fwww.coinlore.com\u002Fcrypto-widgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrypto-price-ticker-coinlore.2.0.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":13,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":71,"requires_at_least":72,"requires_php":90,"tags":91,"homepage":90,"download_link":95,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":96},"live-crypto-prices","Live Crypto Prices","1.0.4","Muhammad Haris","https:\u002F\u002Fprofiles.wordpress.org\u002Fmharisart\u002F","\u003Cp>Live Crypto Prices allows you to display real-time cryptocurrency prices on your WordPress site using the CoinGecko API.\u003C\u002Fp>\n\u003Cp>The plugin provides multiple display formats including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live scrolling ticker\u003C\u002Fli>\n\u003Cli>Price list\u003C\u002Fli>\n\u003Cli>Advanced price table\u003C\u002Fli>\n\u003Cli>Multi-currency tab view\u003C\u002Fli>\n\u003Cli>Simple shortcode-based integration\u003C\u002Fli>\n\u003Cli>Dark and light modes\u003C\u002Fli>\n\u003Cli>Automatic price updates\u003C\u002Fli>\n\u003Cli>Secure and lightweight implementation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No API key is required because CoinGecko provides a free public API.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Basic ticker shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wlcp_ticker]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Price list:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wlcp_list]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Price table:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wlcp_table]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Tabbed crypto view:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wlcp_tabs]\u003Ch3>External Services\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin connects to the CoinGecko API (https:\u002F\u002Fwww.coingecko.com\u002F) to retrieve live cryptocurrency price data that is displayed on the website via shortcodes.\u003Cbr \u002F>\nThe plugin sends HTTP GET requests to the CoinGecko API when the shortcode is rendered on the frontend or when price data is refreshed. The requests may include cryptocurrency identifiers and currency parameters required to fetch the relevant price information.\u003Cbr \u002F>\nNo personal user data is sent to CoinGecko. The API requests are made server-side using WordPress HTTP functions.\u003C\u002Fp>\n\u003Cp>CoinGecko API:\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fwww.coingecko.com\u002Fen\u002Fterms\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fwww.coingecko.com\u002Fen\u002Fprivacy\u003C\u002Fp>\n","Live cryptocurrency prices using the CoinGecko API with ticker, tables, lists, and shortcode-based display options.",158,"2026-01-22T14:47:00.000Z","",[92,22,93,57,94],"coingecko","crypto-table","price-ticker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-crypto-prices.1.0.4.zip","2026-04-06T09:54:40.288Z",{"attackSurface":98,"codeSignals":161,"taintFlows":321,"riskAssessment":358,"analyzedAt":373},{"hooks":99,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":160,"entryPointCount":33,"unprotectedCount":13},[100,107,110,115,118,122,125,128,131,134,137,140,143,146,149],{"type":101,"name":102,"callback":103,"priority":104,"file":105,"line":106},"filter","plugin_locale","anonymous",1000,"Cmn\\Gen.php",2163,{"type":101,"name":108,"callback":103,"priority":13,"file":105,"line":109},"load_textdomain_mofile",2165,{"type":111,"name":112,"callback":103,"file":113,"line":114},"action","admin_notices","Cmn\\Plugin.php",171,{"type":101,"name":116,"callback":103,"priority":11,"file":113,"line":117},"site_transient_update_plugins",174,{"type":111,"name":119,"callback":120,"file":113,"line":121},"plugins_loaded","closure",176,{"type":111,"name":123,"callback":103,"file":113,"line":124},"admin_action_cryptocurrency_prices_act",196,{"type":101,"name":126,"callback":120,"file":113,"line":127},"removable_query_args",198,{"type":111,"name":129,"callback":120,"file":113,"line":130},"admin_init",206,{"type":111,"name":132,"callback":120,"file":113,"line":133},"admin_enqueue_scripts",213,{"type":101,"name":135,"callback":103,"priority":13,"file":113,"line":136},"do_parse_request",234,{"type":101,"name":138,"callback":103,"priority":11,"file":113,"line":139},"plugins_update_check_locales",235,{"type":111,"name":141,"callback":120,"file":113,"line":142},"admin_action_cryptocurrency_prices_api",239,{"type":111,"name":144,"callback":120,"file":113,"line":145},"admin_footer",307,{"type":101,"name":147,"callback":103,"priority":11,"file":113,"line":148},"admin_footer_text",518,{"type":111,"name":150,"callback":151,"file":152,"line":49},"widgets_init","cryptocurrency_prices\\OnWidgetsInit","main.php",[],[],[156],{"tag":157,"callback":158,"file":152,"line":159},"cryptocurrency_prices","cryptocurrency_prices\\OnShortcode",13,[],{"dangerousFunctions":162,"sqlUsage":166,"outputEscaping":169,"fileOperations":319,"externalRequests":33,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":320},[163],{"fn":164,"file":105,"line":133,"context":165},"unserialize","$v = @unserialize( $data );",{"prepared":167,"raw":13,"locations":168},2,[],{"escaped":170,"rawEcho":171,"locations":172},41,75,[173,176,178,180,182,184,186,188,190,192,194,195,197,199,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,251,252,253,255,257,259,261,263,265,267,269,271,273,275,278,280,281,283,285,287,289,291,293,295,296,298,300,302,304,306,308,310,311,313,315,317],{"file":113,"line":174,"context":175},216,"raw output",{"file":113,"line":177,"context":175},449,{"file":113,"line":179,"context":175},467,{"file":113,"line":181,"context":175},473,{"file":113,"line":183,"context":175},480,{"file":113,"line":185,"context":175},492,{"file":113,"line":187,"context":175},562,{"file":113,"line":189,"context":175},859,{"file":113,"line":191,"context":175},892,{"file":113,"line":193,"context":175},897,{"file":113,"line":193,"context":175},{"file":113,"line":196,"context":175},1147,{"file":113,"line":198,"context":175},1148,{"file":113,"line":198,"context":175},{"file":113,"line":201,"context":175},1150,{"file":113,"line":203,"context":175},1153,{"file":113,"line":205,"context":175},1154,{"file":113,"line":207,"context":175},1167,{"file":113,"line":209,"context":175},1539,{"file":113,"line":211,"context":175},1573,{"file":113,"line":213,"context":175},1587,{"file":113,"line":215,"context":175},1598,{"file":113,"line":217,"context":175},1648,{"file":113,"line":219,"context":175},1650,{"file":113,"line":221,"context":175},1662,{"file":113,"line":223,"context":175},1687,{"file":113,"line":225,"context":175},1689,{"file":113,"line":227,"context":175},1691,{"file":113,"line":229,"context":175},1694,{"file":113,"line":231,"context":175},1696,{"file":113,"line":233,"context":175},1698,{"file":113,"line":235,"context":175},1699,{"file":113,"line":237,"context":175},1700,{"file":113,"line":239,"context":175},1702,{"file":113,"line":241,"context":175},1709,{"file":113,"line":243,"context":175},1710,{"file":113,"line":245,"context":175},1762,{"file":113,"line":247,"context":175},1763,{"file":249,"line":250,"context":175},"Cmn\\Ui.php",413,{"file":249,"line":250,"context":175},{"file":249,"line":250,"context":175},{"file":249,"line":254,"context":175},561,{"file":249,"line":256,"context":175},563,{"file":249,"line":258,"context":175},632,{"file":249,"line":260,"context":175},633,{"file":249,"line":262,"context":175},646,{"file":249,"line":264,"context":175},708,{"file":249,"line":266,"context":175},750,{"file":249,"line":268,"context":175},751,{"file":249,"line":270,"context":175},758,{"file":249,"line":272,"context":175},976,{"file":249,"line":274,"context":175},980,{"file":276,"line":277,"context":175},"common.php",18,{"file":276,"line":279,"context":175},59,{"file":152,"line":279,"context":175},{"file":152,"line":282,"context":175},60,{"file":152,"line":284,"context":175},69,{"file":152,"line":286,"context":175},71,{"file":152,"line":288,"context":175},76,{"file":152,"line":290,"context":175},78,{"file":152,"line":292,"context":175},79,{"file":152,"line":294,"context":175},81,{"file":152,"line":48,"context":175},{"file":152,"line":297,"context":175},132,{"file":152,"line":299,"context":175},135,{"file":152,"line":301,"context":175},137,{"file":152,"line":303,"context":175},138,{"file":152,"line":305,"context":175},141,{"file":152,"line":307,"context":175},155,{"file":152,"line":309,"context":175},163,{"file":152,"line":114,"context":175},{"file":152,"line":312,"context":175},179,{"file":152,"line":314,"context":175},193,{"file":152,"line":316,"context":175},202,{"file":152,"line":318,"context":175},207,5,[],[322,341],{"entryPoint":323,"graph":324,"unsanitizedCount":33,"severity":340},"_on_admin_action_act (Cmn\\Plugin.php:1476)",{"nodes":325,"edges":337},[326,331],{"id":327,"type":328,"label":329,"file":113,"line":330},"n0","source","$_REQUEST",1514,{"id":332,"type":333,"label":334,"file":113,"line":335,"wp_function":336},"n1","sink","wp_redirect() [Open Redirect]",1516,"wp_redirect",[338],{"from":327,"to":332,"sanitized":339},false,"medium",{"entryPoint":342,"graph":343,"unsanitizedCount":167,"severity":340},"\u003CPlugin> (Cmn\\Plugin.php:0)",{"nodes":344,"edges":355},[345,346,347,351],{"id":327,"type":328,"label":329,"file":113,"line":330},{"id":332,"type":333,"label":334,"file":113,"line":335,"wp_function":336},{"id":348,"type":328,"label":349,"file":113,"line":350},"n2","$_SERVER",1216,{"id":352,"type":333,"label":353,"file":113,"line":209,"wp_function":354},"n3","echo() [XSS]","echo",[356,357],{"from":327,"to":332,"sanitized":339},{"from":348,"to":352,"sanitized":339},{"summary":359,"deductions":360},"The \"cryptocurrency-coin-prices\" v1.0.1 plugin exhibits a mixed security posture.  On the positive side, it has no known historical vulnerabilities (CVEs) and its SQL queries are properly handled with prepared statements. The attack surface appears minimal with only one shortcode, and importantly, there are no unauthenticated entry points identified in the static analysis.  However, significant concerns arise from the code signals. The presence of the `unserialize` function is a critical risk, as it can lead to Remote Code Execution if used with untrusted input.  Furthermore, a worrying 65% of output is not properly escaped, potentially exposing the site to Cross-Site Scripting (XSS) vulnerabilities. The absence of any nonce checks or capability checks on its single entry point is also a major oversight, leaving it vulnerable to various forms of attacks.\n\nWhile the lack of historical CVEs might suggest a good development history, it does not negate the immediate risks identified in the static analysis. The taint analysis, showing flows with unsanitized paths, further reinforces the concern that improper handling of data could lead to vulnerabilities.  The plugin's strengths lie in its clean vulnerability history and secure SQL practices. Its weaknesses are concentrated in critical areas like the use of `unserialize` without proper sanitization, inadequate output escaping, and a complete lack of authorization checks on its sole entry point, which collectively represent a significant security risk.",[361,364,367,369,371],{"reason":362,"points":363},"Dangerous function unserialize used",15,{"reason":365,"points":366},"Output escaping is insufficient (35% proper)",8,{"reason":368,"points":11},"No nonce checks",{"reason":370,"points":11},"No capability checks",{"reason":372,"points":49},"Taint flows with unsanitized paths","2026-03-16T23:50:32.933Z",{"wat":375,"direct":382},{"assetPaths":376,"generatorPatterns":378,"scriptPaths":379,"versionParams":380},[377],"\u002Fwp-content\u002Fplugins\u002Fcryptocurrency-coin-prices\u002Fui\u002Fcss\u002Fadmin.css",[],[],[381],"cryptocurrency-coin-prices\u002Fui\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":383,"htmlComments":385,"htmlAttributes":386,"restEndpoints":388,"jsGlobals":389,"shortcodeOutput":391},[384],"cryptocurrency-coin-prices-settings-wrap",[],[387],"data-cryptocurrency_prices_widget_id",[],[390],"cryptocurrency_prices_options",[392],"[cryptocurrency_coin_prices]",{"error":394,"url":395,"statusCode":396,"statusMessage":397,"message":397},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcryptocurrency-coin-prices\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":167,"versions":399},[400,405],{"version":6,"download_url":25,"svn_tag_url":401,"released_at":27,"has_diff":339,"diff_files_changed":402,"diff_lines":27,"trac_diff_url":403,"vulnerabilities":404,"is_current":394},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcryptocurrency-coin-prices\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcryptocurrency-coin-prices%2Ftags%2F1.0&new_path=%2Fcryptocurrency-coin-prices%2Ftags%2F1.0.1",[],{"version":406,"download_url":407,"svn_tag_url":408,"released_at":27,"has_diff":339,"diff_files_changed":409,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":410,"is_current":339},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptocurrency-coin-prices.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcryptocurrency-coin-prices\u002Ftags\u002F1.0\u002F",[],[]]