[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUqf3mWGy5BBqlngHsX6Sttod5y-yU8yMymYUZmY24FA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":55,"analysis":161,"fingerprints":326},"da-reactions","Da Reactions","5.3.4","Daniele Alessandra","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielealessandra\u002F","\u003Cp>This plugin creates some reaction buttons that could be added to content and comments too.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>With this plugin you can:\u003Cbr \u002F>\n* Add reactions to \u003Cstrong>posts\u003C\u002Fstrong>, \u003Cstrong>pages\u003C\u002Fstrong> and \u003Cstrong>attachments\u003C\u002Fstrong>!\u003Cbr \u002F>\n* Add reactions to \u003Cstrong>comments\u003C\u002Fstrong>.\u003Cbr \u002F>\n* Add reactions to \u003Cstrong>single views\u003C\u002Fstrong> and \u003Cstrong>archives\u003C\u002Fstrong>.\u003Cbr \u002F>\n* Add Reactions to \u003Cstrong>topics\u003C\u002Fstrong> and \u003Cstrong>replies\u003C\u002Fstrong> in \u003Cstrong>BBPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Customization\u003C\u002Fh4>\n\u003Cp>Highly customizable:\u003Cbr \u002F>\n* You can choose between 250 \u003Cstrong>included royalty free icons\u003C\u002Fstrong>.\u003Cbr \u002F>\n* You can customize \u003Cstrong>size and color\u003C\u002Fstrong> of every icon.\u003Cbr \u002F>\n* You can \u003Cem>sort\u003C\u002Fem>, \u003Cem>add\u003C\u002Fem>, \u003Cem>remove\u003C\u002Fem> and \u003Cem>edit\u003C\u002Fem> every single reaction.\u003Cbr \u002F>\n* Drag’n drop to order reactions globally.\u003Cbr \u002F>\n* Icon collection to choose your favourite reaction icons.\u003Cbr \u002F>\n* Color picker to customize every icon.\u003Cbr \u002F>\n* Choose your favourite blur effect between Blur, Desaturate ot Opacity.\u003Cbr \u002F>\n* Customize icons choosing effect amount percentage.\u003C\u002Fp>\n\u003Ch4>Widgets\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display most voted contents choosing one or all reactions.\u003C\u002Fli>\n\u003Cli>Display most voted comments choosing one or all reactions.\u003C\u002Fli>\n\u003Cli>Display most voted reaction near content title in widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with localization\u003C\u002Fli>\n\u003Cli>.pot file included\u003C\u002Fli>\n\u003Cli>WPML Ready\u003C\u002Fli>\n\u003Cli>Included sample .po and .mo files (italian translation)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add Reactions to \u003Cstrong>custom post types\u003C\u002Fstrong>, \u003Cstrong>WooCommerce Products\u003C\u002Fstrong> and \u003Cstrong>BuddyPress’ Activities, Groups and Profiles\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Enable or disable reactions for \u003Cstrong>registered user\u003C\u002Fstrong>, \u003Cstrong>unregistered\u003C\u002Fstrong> only, or even for specific user roles!\u003C\u002Fli>\n\u003Cli>Upload your own images to fully customize your visitors experience.\u003C\u002Fli>\n\u003Cli>Gutenberg block to add reactions everywhere into your contents.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin creates some reaction buttons that could be added to content and comments.",400,26351,96,16,"2025-07-07T23:05:00.000Z","6.8.5","6.7","7.4",[20,21,22,23],"engagement","interaction","reactions","social","https:\u002F\u002Fwww.da-reactions-plugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fda-reactions.5.3.4.zip",99,1,0,"2024-10-14 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-49255","da-reactions-authenticated-contributor-stored-cross-site-scripting","Da Reactions \u003C= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Da Reactions plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=5.1.5","5.2.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-10-18 16:57:22",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcbcb1acb-1784-4ba2-83de-0fb89f5bd4d5?source=api-prod",5,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":47,"trust_score":53,"computed_at":54},"danielealessandra",3,1100,90,93,"2026-04-04T06:15:26.837Z",[56,82,104,126,144],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":78,"download_link":79,"security_score":80,"vuln_count":27,"unpatched_count":28,"last_vuln_date":81,"fetched_at":30},"booster-extension","Booster Extension","1.2.2","themeinwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeinwp\u002F","\u003Cp>Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official WordPress repository that promises to provide the features that we offer, however if you install them all, there’s inconsistency in their backend and frontend styles and possible plugin conflicts. That’s why we’ve created Booster Extension, adding all the essentials components for every WordPress blog or magazine.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Social share with share count\u003C\u002Fstrong>\u003Cbr \u002F>\nSharing buttons increase traffic and engagement by helping readers share your posts and pages to their friends on social media. Booster Extension enables your website users to share the content over Facebook, Twitter, LinkedIn, Pinterest and Email. This is the Simplest and Smoothest Social Sharing plugin with an awesome visual appearance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Calculate and Display Read Time\u003C\u002Fstrong>\u003Cbr \u002F>\nDo you want to display estimated post reading time in your WordPress blog posts? Booster Extension let’s you easily add an estimated reading time to your WordPress posts. An estimated reading time encourages users to read a blog post instead of clicking away.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reaction Buttons and Feedback Emoji\u003C\u002Fstrong>\u003Cbr \u002F>\nBooster Extension helps you to collect user feedback using the most spoken language in the world: the emoji. Increase your audience engagement in a fun way for your users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Author Box with Social Profiles\u003C\u002Fstrong>\u003Cbr \u002F>\nBooster Extension adds a responsive author box at the end of your posts, showing the author name, author gravatar and author description. It also adds over 30 social profile fields on WordPress user profile screen, allowing to display the author social icons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like\u002FDislike Post\u003C\u002Fstrong>\u003Cbr \u002F>\nBooster Extension increases the interaction with the WordPress post by enabling likes and dislikes buttons along with the count. You can choose either Thumbs Up\u002FThumbs Down or Smiley\u002FFrown.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>License: GPLv2\nLicense URI: http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official Wor &hellip;",8000,182275,88,7,"2024-04-26T04:40:00.000Z","6.5.8","4.5","5.5",[73,74,75,76,77],"post-like-and-dislike","post-reactions","read-time","share-count","social-share","https:\u002F\u002Fwww.themeinwp.com\u002Fbooster-extension\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbooster-extension.1.2.2.zip",91,"2024-04-29 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":70,"requires_php":95,"tags":96,"homepage":101,"download_link":102,"security_score":103,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"react-and-share","React & Share – Customizable Reaction Buttons","3.6.1","Dekko","https:\u002F\u002Fprofiles.wordpress.org\u002Fdekkoteam\u002F","\u003Cp>This plugin enables WordPress users to integrate React & Share tools on their site easily.\u003Cbr \u002F>\nGet feedback with customizable reaction buttons that allow your readers to give feedback with one anonymous click — trusted by communications teams in companies and government sector.\u003C\u002Fp>\n","Get feedback and see what your readers think about your articles.",50649,68,13,"2023-01-13T14:06:00.000Z","6.1.10","",[97,22,98,99,100],"reaction-buttons","share","share-buttons","social-media","http:\u002F\u002Freactandshare.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freact-and-share.3.6.1.zip",85,{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":50,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":124,"download_link":125,"security_score":103,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wpac-like-system","WPAC Social Tools – Like, React & Share","3.0.3","Mian Shahzad Raza","https:\u002F\u002Fprofiles.wordpress.org\u002Fmianshahzadraza\u002F","\u003Cp>This will add powerful social features to your WordPress website. Engage with your website visitors by giving them the opportunity to react with your content. This plugin will all like dislike buttons with like vs dislike bar or you can add emoji reactions like Facebook.\u003Cbr \u002F>\nBoth visitors and logged-in members can react to your posts. Not only reactions but a social sharing bar as well so no more different plugins.\u003Cbr \u002F>\nThis plugin also has a widget to show most liked or disliked posts anywhere you like.\u003C\u002Fp>\n\u003Cp>This plugin is my first project, so feel free to provide feedback via support forums. You can also contribute to help me improve this open-source project.\u003C\u002Fp>\n\u003Cp>Github repository: If yu want to contribute to this project you can fork this \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpacademy\u002Fwpac-like-system\u002F\" title=\"Github Repository for WPAC Like System\" rel=\"nofollow ugc\">Github Repository\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Like & Dislike Buttons \u003C\u002Fli>\n\u003Cli>Like vs Dislike bar\u003C\u002Fli>\n\u003Cli>Most Liked or Disliked Posts\u003C\u002Fli>\n\u003Cli>Handy shortcodes\u003C\u002Fli>\n\u003Cli>Reaction system with 2 styles of emojis\u003C\u002Fli>\n\u003Cli>Social Sharing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cp>Display Like & Dislike buttons in post or page.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[WPAC_LIKE_SYSTEM]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Return Like\u002FDislike count for current post being viewed.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[WPAC_LIKE_COUNT] [WPAC_DISLIKE_COUNT]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Return Like\u002FDislike count for given post ID.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[WPAC_LIKE_COUNT id=\"123\"] [WPAC_DISLIKE_COUNT id=\"123\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Return Like\u002FDislike count wrapped in a string, use \u003Ccode>%\u003C\u002Fcode> where you want to display count value.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[WPAC_LIKE_COUNT string=\"Liked % times\"] [WPAC_DISLIKE_COUNT string=\"Disliked % times\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Use String with post id\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[WPAC_LIKE_COUNT id=\"123\" string=\"Liked % times\"] [WPAC_DISLIKE_COUNT id=\"123\" string=\"Disiked % times\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Libraries and resources used in this project.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fjquery.com\" rel=\"nofollow ugc\">jQuery\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ffontawesome.com\u002F\" rel=\"nofollow ugc\">FontAwesome\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ffonts.google.com\u002F\" rel=\"nofollow ugc\">Google WebFonts\u003C\u002Fa>\u003C\u002Fp>\n","The Most Simple WordPress Post Like, Dislike & Reaction System with Social Sharing.",300,11433,100,"2020-05-14T17:52:00.000Z","5.4.19","4.0","5.6.0",[120,121,122,22,123],"dislike","like","post-like","social-sharing","https:\u002F\u002Fgithub.com\u002Fwpacademy\u002Fwpac-like-system","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpac-like-system.3.0.3.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":28,"num_ratings":28,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":18,"tags":139,"homepage":95,"download_link":142,"security_score":143,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"awesome-emoji-reactions","Awesome Emoji Reactions","1.0","peakplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeakplugins\u002F","\u003Cp>Awesome Emoji Reactions allows visitors to react to your content with emojis, making site interaction more engaging and fun. Perfect for blogs, news sites, and any content that benefits from quick emotional feedback.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable set of emoji reactions\u003C\u002Fli>\n\u003Cli>Guest reactions support\u003C\u002Fli>\n\u003Cli>Built-in caching for performance\u003C\u002Fli>\n\u003Cli>Gutenberg block integration\u003C\u002Fli>\n\u003Cli>Responsive design\u003C\u002Fli>\n\u003Cli>Clean and intuitive admin interface\u003C\u002Fli>\n\u003Cli>AJAX-powered reactions\u003C\u002Fli>\n\u003Cli>No page reload required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customization Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Choose available emojis\u003C\u002Fli>\n\u003Cli>Customize appearance\u003C\u002Fli>\n\u003Cli>Manage guest access\u003C\u002Fli>\n\u003Cli>Color schemes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Well-documented code\u003C\u002Fli>\n\u003Cli>Hooks and filters\u003C\u002Fli>\n\u003Cli>Custom templates support\u003C\u002Fli>\n\u003Cli>Cache integration\u003C\u002Fli>\n\u003Cli>Security best practices\u003C\u002Fli>\n\u003C\u002Ful>\n","Add emoji reactions to your WordPress posts to increase user engagement and get instant feedback from your audience.",10,573,"2025-01-15T11:31:00.000Z","6.7.5","6.0",[140,141,74,22,23],"emoji","emoji-feedback","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawesome-emoji-reactions.zip",92,{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":134,"downloaded":152,"rating":28,"num_ratings":28,"last_updated":153,"tested_up_to":154,"requires_at_least":155,"requires_php":18,"tags":156,"homepage":159,"download_link":160,"security_score":114,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"emojis-for-posts-and-pages","Emojis for Posts and Pages","1.1.1","Gunjan Jaswal","https:\u002F\u002Fprofiles.wordpress.org\u002Fgunjanjaswal\u002F","\u003Cp>Emojis for Posts and Pages allows your visitors to react to your content with colorful emoji reactions, similar to Facebook’s reaction system. This plugin adds a simple and intuitive reaction system to your posts, pages, or any custom post type.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add emoji reactions to posts, pages, or any custom post type\u003C\u002Fli>\n\u003Cli>Choose from a variety of colorful emoji reactions\u003C\u002Fli>\n\u003Cli>Track reaction counts and statistics\u003C\u002Fli>\n\u003Cli>Display reactions after content or as a floating element\u003C\u002Fli>\n\u003Cli>One reaction per IP address to prevent spam\u003C\u002Fli>\n\u003Cli>Mobile-friendly and responsive design\u003C\u002Fli>\n\u003Cli>Uses Google’s Noto Color Emoji font for consistent cross-platform display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visitors can click on an emoji to react to your content\u003C\u002Fli>\n\u003Cli>Each visitor can only react once per post (based on IP address)\u003C\u002Fli>\n\u003Cli>Visitors can change their reaction by clicking on a different emoji\u003C\u002Fli>\n\u003Cli>Reaction counts are displayed in real-time\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Increase engagement on your blog posts\u003C\u002Fli>\n\u003Cli>Get quick feedback on your content\u003C\u002Fli>\n\u003Cli>Add a fun interactive element to your website\u003C\u002Fli>\n\u003Cli>Understand which content resonates with your audience\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or share any data with external services.\u003C\u002Fp>\n\u003Cp>The following information is stored in your WordPress database:\u003Cbr \u002F>\n* IP addresses of users who react to posts (for preventing multiple reactions from the same user)\u003Cbr \u002F>\n* User IDs of logged-in users who react to posts\u003Cbr \u002F>\n* Reaction choices made by users\u003C\u002Fp>\n\u003Cp>This data is stored solely on your server and is not transmitted elsewhere.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin collects IP addresses to prevent multiple reactions from the same visitor. IP addresses are stored in your WordPress database and are not shared with any third parties.\u003C\u002Fp>\n\u003Cp>If a user is logged in, their user ID is also stored along with their reaction. This allows their reaction to persist across different devices.\u003C\u002Fp>\n\u003Cp>No personal information is collected or shared with external services.\u003C\u002Fp>\n","Add colorful emoji reactions to your WordPress posts and pages, similar to Facebook reactions.",346,"2025-12-05T09:36:00.000Z","6.9.4","5.0",[157,140,158,22,23],"comments","feedback","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femojis-for-posts-and-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femojis-for-posts-and-pages.1.1.1.zip",{"attackSurface":162,"codeSignals":172,"taintFlows":268,"riskAssessment":318,"analyzedAt":325},{"hooks":163,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":171,"entryPointCount":27,"unprotectedCount":28},[],[],[],[167],{"tag":22,"callback":168,"file":169,"line":170},"reactionShortcode","classes\\DaReactions\\Shortcodes.php",8,[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":177,"fileOperations":27,"externalRequests":27,"nonceChecks":263,"capabilityChecks":27,"bundledLibraries":264},[],{"prepared":175,"raw":28,"locations":176},79,[],{"escaped":178,"rawEcho":179,"locations":180},456,40,[181,185,187,190,192,194,196,199,201,204,206,208,210,212,214,216,219,222,223,225,228,231,233,235,236,238,239,240,241,242,244,246,248,250,252,254,256,258,260,262],{"file":182,"line":183,"context":184},"classes\\DaReactions\\Admin.php",401,"raw output",{"file":182,"line":186,"context":184},408,{"file":188,"line":189,"context":184},"classes\\DaReactions\\Lists\\VotesList.php",550,{"file":188,"line":191,"context":184},567,{"file":188,"line":193,"context":184},583,{"file":188,"line":195,"context":184},589,{"file":197,"line":198,"context":184},"classes\\DaReactions\\Pages\\AdminPageAnalytics.php",208,{"file":197,"line":200,"context":184},214,{"file":202,"line":203,"context":184},"classes\\DaReactions\\Pages\\AdminPageImportVotes.php",189,{"file":202,"line":205,"context":184},199,{"file":202,"line":207,"context":184},210,{"file":202,"line":209,"context":184},236,{"file":202,"line":211,"context":184},239,{"file":213,"line":14,"context":184},"classes\\DaReactions\\Pages\\AdminPageVotesList.php",{"file":215,"line":67,"context":184},"classes\\DaReactions\\Pages\\HelpPage.php",{"file":217,"line":218,"context":184},"classes\\DaReactions\\Utils.php",190,{"file":220,"line":221,"context":184},"classes\\DaReactions\\Widgets\\ContentsByReactionWidget.php",64,{"file":220,"line":13,"context":184},{"file":220,"line":224,"context":184},106,{"file":226,"line":227,"context":184},"classes\\DaReactions\\Widgets\\DashboardWidget.php",102,{"file":229,"line":230,"context":184},"templates\\admin\\buttons-settings-add-new.php",2,{"file":232,"line":50,"context":184},"templates\\admin\\buttons-settings-table.php",{"file":232,"line":234,"context":184},4,{"file":232,"line":47,"context":184},{"file":232,"line":237,"context":184},6,{"file":232,"line":67,"context":184},{"file":232,"line":170,"context":184},{"file":232,"line":134,"context":184},{"file":232,"line":14,"context":184},{"file":232,"line":243,"context":184},19,{"file":232,"line":245,"context":184},22,{"file":232,"line":247,"context":184},25,{"file":232,"line":249,"context":184},28,{"file":232,"line":251,"context":184},35,{"file":232,"line":253,"context":184},38,{"file":232,"line":255,"context":184},41,{"file":232,"line":257,"context":184},44,{"file":232,"line":259,"context":184},47,{"file":232,"line":261,"context":184},83,{"file":232,"line":80,"context":184},11,[265],{"name":266,"version":129,"knownCves":267},"Freemius",[],[269,288,297,310],{"entryPoint":270,"graph":271,"unsanitizedCount":27,"severity":40},"displayTable (classes\\DaReactions\\Abstracts\\AbstractAdminListPage.php:24)",{"nodes":272,"edges":285},[273,279],{"id":274,"type":275,"label":276,"file":277,"line":278},"n0","source","$_GET","classes\\DaReactions\\Abstracts\\AbstractAdminListPage.php",31,{"id":280,"type":281,"label":282,"file":277,"line":283,"wp_function":284},"n1","sink","echo() [XSS]",32,"echo",[286],{"from":274,"to":280,"sanitized":287},false,{"entryPoint":289,"graph":290,"unsanitizedCount":27,"severity":296},"\u003CAbstractAdminListPage> (classes\\DaReactions\\Abstracts\\AbstractAdminListPage.php:0)",{"nodes":291,"edges":294},[292,293],{"id":274,"type":275,"label":276,"file":277,"line":278},{"id":280,"type":281,"label":282,"file":277,"line":283,"wp_function":284},[295],{"from":274,"to":280,"sanitized":287},"low",{"entryPoint":298,"graph":299,"unsanitizedCount":28,"severity":296},"loadButtons (classes\\DaReactions\\Ajax.php:225)",{"nodes":300,"edges":307},[301,305],{"id":274,"type":275,"label":302,"file":303,"line":304},"$_POST","classes\\DaReactions\\Ajax.php",231,{"id":280,"type":281,"label":282,"file":303,"line":306,"wp_function":284},232,[308],{"from":274,"to":280,"sanitized":309},true,{"entryPoint":311,"graph":312,"unsanitizedCount":28,"severity":296},"\u003CAjax> (classes\\DaReactions\\Ajax.php:0)",{"nodes":313,"edges":316},[314,315],{"id":274,"type":275,"label":302,"file":303,"line":304},{"id":280,"type":281,"label":282,"file":303,"line":306,"wp_function":284},[317],{"from":274,"to":280,"sanitized":309},{"summary":319,"deductions":320},"The 'da-reactions' v5.3.4 plugin exhibits a generally good security posture, with strengths in its use of prepared statements for SQL queries and a high percentage of properly escaped output. The absence of unauthenticated AJAX handlers and REST API routes, coupled with the presence of nonce and capability checks, indicates an effort to secure its entry points.  However, the presence of two taint flows with unsanitized paths, even without a critical or high severity rating, warrants attention as it suggests potential for input manipulation.  The plugin's vulnerability history shows one medium severity CVE related to Cross-site Scripting, which was patched. While the lack of currently unpatched vulnerabilities is positive, the past occurrence of XSS highlights the importance of continued vigilance in output sanitization and input validation, particularly concerning the identified unsanitized paths.",[321,323],{"reason":322,"points":170},"Taint flows with unsanitized paths",{"reason":324,"points":67},"Past medium severity XSS vulnerability","2026-03-16T19:46:52.115Z",{"wat":327,"direct":354},{"assetPaths":328,"generatorPatterns":340,"scriptPaths":341,"versionParams":342},[329,330,331,332,333,334,335,336,337,338,339],"\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fcss\u002Fda-reactions.css","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fcss\u002Fda-reactions.theme.css","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fbuttons.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fgeneral.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fgraphic.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fimport-votes.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fvotes-list.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fda-reactions.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fda-reactions.admin.js","\u002Fwp-content\u002Fplugins\u002Fda-reactions\u002Fassets\u002Fjs\u002Fda-reactions.frontend.js",[],[339],[343,344,345,346,347,348,349,350,351,352,353],"da-reactions\u002Fassets\u002Fcss\u002Fadmin.css?ver=","da-reactions\u002Fassets\u002Fcss\u002Fda-reactions.css?ver=","da-reactions\u002Fassets\u002Fcss\u002Fda-reactions.theme.css?ver=","da-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fbuttons.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fgeneral.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fgraphic.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fimport-votes.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fadmin\u002Fvotes-list.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fda-reactions.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fda-reactions.admin.js?ver=","da-reactions\u002Fassets\u002Fjs\u002Fda-reactions.frontend.js?ver=",{"cssClasses":355,"htmlComments":360,"htmlAttributes":366,"restEndpoints":370,"jsGlobals":372,"shortcodeOutput":374},[356,357,358,359],"da-reactions-react-button","da-reactions-react-button-wrap","da-reactions-react-button-voters","da-reactions-react-button-voters-list",[361,362,363,364,365],"\u003C!-- START DA_REACTIONS -->","\u003C!-- END DA_REACTIONS -->","\u003C!-- START FREEMIUS -->","\u003C!-- END FREEMIUS -->","\u003C!-- DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE `function_exists` CALL ABOVE TO PROPERLY WORK. -->",[367,368,369],"data-da-reactions-post-id","data-da-reactions-comment-id","data-da-reactions-nonce",[371],"\u002Fwp-json\u002Fda-reactions\u002Fv1\u002Freact",[373],"da_reactions_params",[375,376],"[da_reactions]","[da_reactions_frontend]"]