[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fw10BoWkznyNL3gvHv6nrBFIa3o8O8Ob3KSdvojivn48":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":139,"fingerprints":169},"custom-awurudu-flakes","Sinhala Avurudu Flakes","1.1","Uvindu Anuradha","https:\u002F\u002Fprofiles.wordpress.org\u002Fuvindu94\u002F","\u003Cp>\u003Cstrong>Custom avurudu flakes\u003C\u002Fstrong> adds a delightful falling avurudu flakes effect to your WordPress site, celebrating the Sinhala avurudu festival. Each flake represents a traditional Sri Lankan food item, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Kavum\u003C\u002Fli>\n\u003Cli>Kokis\u003C\u002Fli>\n\u003Cli>Asmi\u003C\u002Fli>\n\u003Cli>Aluwa\u003C\u002Fli>\n\u003Cli>Mung Kavum\u003C\u002Fli>\n\u003Cli>Seeni Murukku\u003C\u002Fli>\n\u003Cli>Banana\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Just activate the plugin to see the festive flakes on every page!\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>Adds a delightful falling Avurudu Flake effect representing traditional Sinhala Avurudu food items to your WordPress site.\u003C\u002Fp>\n","Custom avurudu flakes adds a delightful falling avurudu flakes effect to your WordPress site, celebrating the Sinhala avurudu festival.",10,486,100,2,"2024-10-23T06:21:00.000Z","6.6.5","5.0","",[20,21,22,23,24],"avurudu-flake","festival","new-year","sinhala","sri-lanka","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-awurudu-flakes.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"uvindu94",1,30,88,"2026-04-05T09:59:04.679Z",[38,60,77,99,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":40,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":14,"unpatched_count":27,"last_vuln_date":59,"fetched_at":29},"payhere-payment-gateway","PayHere Payment Gateway","2.4.4","PayHere","https:\u002F\u002Fprofiles.wordpress.org\u002Fpayhere\u002F","\u003Cp>PayHere is a Sri Lankan Payment Gateway Service that enables you to accept payments online from your customers via Visa, MasterCard, Amex, eZcash, mCash & Internet Banking services. You can install this plugin to list PayHere as a payment method in your WooCommerce store.\u003C\u002Fp>\n",2000,53267,90,8,"2026-01-27T11:42:00.000Z","6.9.4","6.4",[53,54,55,24],"online","payhere","payments","https:\u002F\u002Fwww.payhere.lk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpayhere-payment-gateway.2.4.4.zip",98,"2026-01-13 17:29:40",{"slug":61,"name":62,"version":63,"author":61,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":14,"last_updated":70,"tested_up_to":16,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":75,"download_link":76,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"mintpay","Mintpay","2.2.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fmintpay\u002F","\u003Cp>Mintpay, Sri Lanka’s first buy now, pay later platform offers 0% interest and no hidden fees.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>Mintpay WordPress plugin uses the Mintpay API service for processing payments. Please follow the below links for more information.\u003C\u002Fp>\n\u003Cp>Website: https:\u002F\u002Fmintpay.lk\u002F\u003Cbr \u002F>\nTerms & Conditions: https:\u002F\u002Fapp.mintpay.lk\u002Fterms\u002F\u003Cbr \u002F>\nPrivacy Policy: https:\u002F\u002Fapp.mintpay.lk\u002Fprivacy\u002F\u003C\u002Fp>\n","Mintpay, Sri Lanka's first buy now, pay later platform offers 0% interest and no hidden fees.",600,8493,60,"2025-05-28T10:30:00.000Z","4.6","7.0",[74,61,53,55,24],"bnpl","https:\u002F\u002Fmintpay.lk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmintpay.2.2.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":27,"num_ratings":27,"last_updated":87,"tested_up_to":88,"requires_at_least":18,"requires_php":18,"tags":89,"homepage":95,"download_link":96,"security_score":97,"vuln_count":33,"unpatched_count":27,"last_vuln_date":98,"fetched_at":29},"songkick-concerts-and-festivals","Songkick Concerts and Festivals","0.10.1","saleandro","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaleandro\u002F","\u003Cp>This plugin lets you display upcoming or past events for a Songkick user, artist, venue, or metro area on your WordPress blog.\u003C\u002Fp>\n\u003Cp>Events can be displayed by adding the Songkick widget to your template, or by adding the shortcode [songkick_concerts_and_festivals] anywhere in your blog.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Upcoming events for an artist\u003C\u002Fli>\n\u003Cli>Past events for an artist\u003C\u002Fli>\n\u003Cli>Upcoming events for a venue\u003C\u002Fli>\n\u003Cli>Upcoming events for a user\u003C\u002Fli>\n\u003Cli>Past events for a user\u003C\u002Fli>\n\u003Cli>Upcoming events for a metro area. A metro area is a city or a collection of cities that Songkick uses to notify users of concerts near them.\u003C\u002Fli>\n\u003Cli>Widget or shortcode format\u003C\u002Fli>\n\u003Cli>Show events for multiple artists, users, venues, or metro areas.\u003C\u002Fli>\n\u003Cli>Paginated list of events\u003C\u002Fli>\n\u003Cli>HTML markup with support for events as defined by \u003Ca href=\"http:\u002F\u002Fwww.schema.org\u002F\" rel=\"nofollow ugc\">Schema.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin uses a non-commercial Songkick API key. If you have a commercial website, you’ll need your own Songkick API key. Please read through \u003Ca href=\"http:\u002F\u002Fwww.songkick.com\u002Fdeveloper\u002Fapi-terms-of-use\" rel=\"nofollow ugc\">Songkick’s API terms of use\u003C\u002Fa>. Apply for a key here: \u003Ca href=\"http:\u002F\u002Fwww.songkick.com\u002Fdeveloper\" rel=\"nofollow ugc\">Songkick API docs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>This plugin requires PHP 5.6.20 or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>Go to the Settings page to configure default options for the plugin. You can also specify your settings under Plugins\u002FWidget or via shortcode options.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For a user, simply put your username in the admin interface.\u003C\u002Fli>\n\u003Cli>For an artist, you should use the artist’s Songkick id, as shown in the url for your artist page. For example, the url “http:\u002F\u002Fwww.songkick.com\u002Fartists\u002F123-your-name” has the id “123”.\u003C\u002Fli>\n\u003Cli>The same goes for metro areas: “http:\u002F\u002Fwww.songkick.com\u002Fmetro_areas\u002F123-city-name” has the id “123”.\u003C\u002Fli>\n\u003Cli>And venues: “http:\u002F\u002Fwww.songkick.com\u002Fvenues\u002F123-venue-name” has the id “123”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widget\u003C\u002Fh4>\n\u003Cp>Go to the admin Widgets page and simply drag the widget into a sidebar and configure it.\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>Add the shortcode [songkick_concerts_and_festivals] in the content of any blog post.\u003C\u002Fp>\n\u003Cp>When using a shortcode, you can set which artist, venue, metro area, or user you want to display events for, allowing you to show events for different entities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Users:   \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_username songkick_id_type=user]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Artists: \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_artist_id songkick_id_type=artist]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Venues: \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_venue_id songkick_id_type=venue]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Metro areas: \u003Ccode>[songkick_concerts_and_festivals songkick_id=your_metro_area_id songkick_id_type=metro_area]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Override shortcode settings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>gigography=true|false\u003C\u002Fli>\n\u003Cli>number_of_events=integer\u003C\u002Fli>\n\u003Cli>show_pagination=true|false\u003C\u002Fli>\n\u003Cli>no_calendar_style=true|false — removes the calendar style from the event dates\u003C\u002Fli>\n\u003Cli>order=asc|desc – sort order for artist or user events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PHP code\u003C\u002Fh4>\n\u003Cp>You can call the shortcode method directly in your PHP code:\n    \u003C\u002Fp>\n\u003Ch4>Blogs using this plugin\u003C\u002Fh4>\n\u003Cp>Know any blogs using this plugin? Let me know!\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>This is an open source project that I maintain during my spare time. I welcome contributions!\u003C\u002Fp>\n\u003Cp>The code lives on \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fsaleandro\u002Fsongkick-wp-plugin\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. To send your contribution, fork my project, make your lovely changes, and send me a \u003Ca href=\"http:\u002F\u002Fhelp.github.com\u002Fsend-pull-requests\u002F\" rel=\"nofollow ugc\">pull request\u003C\u002Fa>. Thanks 🙂\u003C\u002Fp>\n","This plugin lets you display events for a Songkick user, artist, venue, or metro area on your WordPress blog, as a widget or shortcode.",500,22959,"2025-03-11T09:50:00.000Z","6.7.5",[90,91,92,93,94],"concerts","events","festivals","songkick","widget","http:\u002F\u002Fgithub.com\u002Fsaleandro\u002Fsongkick-wp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsongkick-concerts-and-festivals.0.10.1.zip",91,"2025-02-03 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":13,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":118,"download_link":119,"security_score":120,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"xmas-decoration","Xmas Decoration","1.3","Mr. Meo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeohen1989\u002F","\u003Cp>Marry Christmas! If you want to refesh your website with new look at Christmas, you’ll love it.\u003C\u002Fp>\n\u003Cp>Like my work?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fmrmeo89\" rel=\"nofollow ugc\">By me a coffee\u003C\u002Fa>\u003C\u002Fp>\n","Decoration for your website at Christmas.",200,36098,9,"2020-11-30T15:42:00.000Z","5.3.21","3.4",[114,115,22,116,117],"christmas","decoration","noel","xmas","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxmas-decoration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmas-decoration.zip",85,{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":13,"downloaded":129,"rating":13,"num_ratings":33,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":72,"tags":133,"homepage":137,"download_link":138,"security_score":120,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"feng-custom","Feng Custom","1.2.4","阿锋","https:\u002F\u002Fprofiles.wordpress.org\u002Ffeng1988\u002F","\u003Cp>晨风自定义，友情链接及RSS聚合功能，图片灯箱及网页特效包含节日氛围、雪花飘落、底部运行天数、网页灰色、输入框七彩光子特效等等。\u003C\u002Fp>\n\u003Cp>主要功能\u003C\u002Fp>\n\u003Cul>\n\u003Cli>图片灯箱\u003C\u002Fli>\n\u003Cli>节日氛围（元旦、春节、中秋、国庆）\u003C\u002Fli>\n\u003Cli>网页雪花特效（支持文字、图片）\u003C\u002Fli>\n\u003Cli>显示运行天数\u003C\u002Fli>\n\u003Cli>输入框七彩光子特效\u003C\u002Fli>\n\u003Cli>站点设置为灰色\u003C\u002Fli>\n\u003Cli>第三方链接小尾巴\u003C\u002Fli>\n\u003Cli>链接（友情链接）\u003C\u002Fli>\n\u003Cli>链接RSS聚合\u003C\u002Fli>\n\u003C\u002Ful>\n","晨风自定义，友情链接及RSS聚合功能，图片灯箱及网页特效包含节日氛围、雪花飘落、底部运行天数、网页灰色、输入框七彩光子特效等等。",3745,"2024-02-25T05:14:00.000Z","6.4.8","5.9",[92,134,135,136],"link","rss","theme","https:\u002F\u002Fgitee.com\u002Fouros\u002Ffeng-custom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeng-custom.1.2.4.zip",{"attackSurface":140,"codeSignals":152,"taintFlows":160,"riskAssessment":161,"analyzedAt":168},{"hooks":141,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":27,"unprotectedCount":27},[142],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","wp_enqueue_scripts","uvi_custom_awuruduflakes_enqueue_assets","sinhala-avurudu-flakes.php",78,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":159},[],{"prepared":27,"raw":27,"locations":155},[],{"escaped":157,"rawEcho":27,"locations":158},6,[],[],[],{"summary":162,"deductions":163},"The static analysis of the \"custom-awurudu-flakes\" plugin v1.1 reveals a surprisingly clean codebase from a security perspective. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero-member attack surface. Furthermore, the code signals show a complete absence of dangerous functions, file operations, external HTTP requests, and crucially, a perfect score for SQL query preparation and output escaping. Taint analysis also shows no problematic data flows. The vulnerability history is also empty, indicating a lack of past security issues.\n\nWhile the absence of identified vulnerabilities and a minimal attack surface are strong positives, the complete lack of nonce checks and capability checks across all potential entry points (even though there are none identified) is a significant concern. This suggests that if any entry points were to be introduced in future updates, they might not be properly secured. The current security posture is good due to the lack of existing features, but the foundational security practices regarding authentication and authorization appear to be overlooked, which could lead to issues if the plugin evolves.\n\nIn conclusion, the plugin is currently very secure due to its limited functionality and the apparent diligence in its implementation. However, the absence of any authorization checks, even for the non-existent entry points, is a notable weakness that could be exploited if the plugin's functionality expands. This pattern, of having no entry points and consequently no checks, is a double-edged sword: it's secure now, but it doesn't demonstrate a proactive approach to securing potential future attack vectors. The plugin exhibits strengths in its current state but has a potential weakness in its lack of demonstrated authorization mechanisms.",[164,166],{"reason":165,"points":11},"No nonce checks implemented",{"reason":167,"points":11},"No capability checks implemented","2026-03-17T01:42:52.231Z",{"wat":170,"direct":175},{"assetPaths":171,"generatorPatterns":172,"scriptPaths":173,"versionParams":174},[],[],[],[],{"cssClasses":176,"htmlComments":178,"htmlAttributes":179,"restEndpoints":180,"jsGlobals":181,"shortcodeOutput":182},[177],"awuruduflake",[],[],[],[],[]]