[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCOWqxOo0_mhEitN2XEviBPuygMEk84az9QPrsH7SIWE":3,"$f2MIvSVhQEFkyl7JR8PXp6p7o_65hOwk6S-VHRbxsQ70":99,"$fnijHC3vFuKmitYEqqLrth_OgKNTWG0Co73XYb7vLf8A":104},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"discovery_status":22,"vulnerabilities":23,"developer":24,"crawl_stats":20,"alternatives":32,"analysis":33,"fingerprints":76},"customizable-post-listings","Customizable Post Listings","1.5","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Display Recent Posts, Recently Commented Posts, Recently Modified Posts, Random Posts, and other post listings using the post information of your choosing in an easily customizable manner.  You can narrow post searches by specifying categories and\u002For authors, among other things.\u003C\u002Fp>\n","Display Recent Posts, Recently Commented Posts, Recently Modified Posts, Random Posts, and other post listings using the post information of your choosing in an easily customizable manner.  You can narrow post searches by specifying categories and\u002For authors, among other things.",700,31464,0,"2016-11-21T04:36:00.000Z","",[],"http:\u002F\u002Fwww.coffee2code.com\u002Fwp-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomizable-post-listings.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},"coffee2code",63,91830,88,374,71,"2026-05-19T23:10:22.488Z",[],{"attackSurface":34,"codeSignals":40,"taintFlows":61,"riskAssessment":62,"analyzedAt":75},{"hooks":35,"ajaxHandlers":36,"restRoutes":37,"shortcodes":38,"cronEvents":39,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":41,"sqlUsage":42,"outputEscaping":53,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":60},[],{"prepared":43,"raw":44,"locations":45},3,2,[46,50],{"file":47,"line":48,"context":49},"customizable-post-listings.php",247,"$wpdb->get_row() with variable interpolation",{"file":47,"line":51,"context":52},267,"$wpdb->get_results() with variable interpolation",{"escaped":54,"rawEcho":55,"locations":56},4,1,[57],{"file":47,"line":58,"context":59},474,"raw output",[],[],{"summary":63,"deductions":64},"The customizable-post-listings plugin v1.5 exhibits a strong security posture based on the provided static analysis. There are no identified critical or high-severity taint flows, dangerous functions, or file operations. The plugin also demonstrates good practices regarding SQL query safety, with a significant majority using prepared statements, and efficient output escaping.  The absence of known CVEs and a clean vulnerability history further reinforce its secure state.\n\nHowever, a key concern arises from the complete lack of capability checks and nonce verification across all identified entry points, which are reported as zero. While the attack surface is currently zero, any future addition of entry points (AJAX, REST API, shortcodes, cron jobs) without proper authentication and authorization mechanisms would present a significant security risk. The plugin's reliance on a non-existent attack surface for its current security rating is a potential future vulnerability waiting to happen should functionality be added without adhering to security best practices.\n\nIn conclusion, the plugin is currently in a very secure state with no apparent active vulnerabilities. Its strengths lie in its clean code and lack of historical issues. The primary weakness is the complete absence of security checks (nonces, capabilities) across potential entry points, which, while not exploitable now due to the zero attack surface, represents a substantial risk if the plugin's functionality expands without implementing these crucial security measures.",[65,68,70,73],{"reason":66,"points":67},"No capability checks on entry points",15,{"reason":69,"points":67},"No nonce checks on entry points",{"reason":71,"points":72},"SQL queries without prepared statements",5,{"reason":74,"points":44},"Output not properly escaped","2026-03-16T19:22:25.397Z",{"wat":77,"direct":88},{"assetPaths":78,"generatorPatterns":82,"scriptPaths":83,"versionParams":84},[79,80,81],"\u002Fwp-content\u002Fplugins\u002Fcustomizable-post-listings\u002Fcss\u002Fc2c-cpl-frontend.css","\u002Fwp-content\u002Fplugins\u002Fcustomizable-post-listings\u002Fcss\u002Fc2c-cpl-admin.css","\u002Fwp-content\u002Fplugins\u002Fcustomizable-post-listings\u002Fjs\u002Fc2c-cpl-admin.js",[],[81],[85,86,87],"customizable-post-listings\u002Fcss\u002Fc2c-cpl-frontend.css?ver=","customizable-post-listings\u002Fcss\u002Fc2c-cpl-admin.css?ver=","customizable-post-listings\u002Fjs\u002Fc2c-cpl-admin.js?ver=",{"cssClasses":89,"htmlComments":91,"htmlAttributes":92,"restEndpoints":93,"jsGlobals":94,"shortcodeOutput":95},[90],"c2c-cpl-frontend",[],[],[],[],[96,97,98],"c2c_get_recent_posts","c2c_get_random_posts","c2c_get_recently_commented",{"error":100,"url":101,"statusCode":102,"statusMessage":103,"message":103},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcustomizable-post-listings\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":44,"versions":105},[106,113],{"version":6,"download_url":107,"svn_tag_url":108,"released_at":20,"has_diff":109,"diff_files_changed":110,"diff_lines":20,"trac_diff_url":111,"vulnerabilities":112,"is_current":100},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomizable-post-listings.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcustomizable-post-listings\u002Ftags\u002F1.5\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcustomizable-post-listings%2Ftags%2Fv1.1&new_path=%2Fcustomizable-post-listings%2Ftags%2F1.5",[],{"version":114,"download_url":115,"svn_tag_url":116,"released_at":20,"has_diff":109,"diff_files_changed":117,"diff_lines":20,"trac_diff_url":20,"vulnerabilities":118,"is_current":109},"v1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomizable-post-listings.v1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcustomizable-post-listings\u002Ftags\u002Fv1.1\u002F",[],[]]