[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNwOEhfNwalUTkGY3ojtyHKGqOTtGyD2CqHMEKnZ4px8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":123,"fingerprints":235},"daring-fireball-linked-list","Daring Fireball-style Linked List Plugin","2.7.4","yjsoon","https:\u002F\u002Fprofiles.wordpress.org\u002Fyjsoon\u002F","\u003Cp>This plugin makes your RSS feed behave like Daring Fireball’s linked list posts, and has some extra features to make posting linked lists easier. Also supports Twitter Tools.\u003C\u002Fp>\n\u003Cp>\u003Cem>Part One\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Makes your RSS feed for linked-list posts (indicated using a custom field) behave like \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\" rel=\"nofollow ugc\">Daring Fireball\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To use, set the custom field “linked_list_url” to the desired location on a link post. In your RSS feed, the following will happen:\u003C\u002Fp>\n\u003Cp>(i) the item’s RSS permalink becomes the link destination;\u003Cbr \u002F>\n(ii) the actual permalink to your post is inserted as a star glyph at the end of your post; and\u003Cbr \u002F>\n(iii) a star glyph is added in front of your non-linked-list post titles. Behaviour is customisable in options.\u003C\u002Fp>\n\u003Cp>All three parts are customizable, and you can use different glyphs or text if you’d like. For theme designers, the plugin also provides functions (get_the_permalink_glyph(), the_permalink_glyph(), get_the_linked_list_link(), the_linked_list_link(), get_glyph() and is_linked_list()) to customise your design by checking if the item is a linked list item, getting a permalink with glyph, etc.\u003C\u002Fp>\n\u003Cp>Adapted from Jonathan Penn’s \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fjonathanpenn\u002Fwordpress-linked-list-plugin\" rel=\"nofollow ugc\">WordPress Linked List plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Part Two\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Add link from post content. This feature allows you to set the custom field “linked_list_url” from within the post content. This is especially handy for using with the ‘Press This’ bookmarklet.\u003C\u002Fp>\n\u003Cp>When you activate this feature, the DFLL plugin will look at the first line of your post content for a link anchor, and it’ll set that link as the linked_list_url for your post. For example, the following post content:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=’http:\u002F\u002Fgoogle.com’>Google!!!\u003C\u002Fa>.\u003Cbr \u002F>\n  This is a link post to Google.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>… will have its first line removed, the URL http:\u002F\u002Fgoogle.com passed into the custom field linked_list_url, and will have its first line removed to just end up with the text ‘This is a link post to Google’. The text in the anchor (‘Google!!!’) will be ignored.\u003C\u002Fp>\n\u003Cp>It’s very important to note three requirements: (i) the anchor tag must be in the first line of the post, (ii) the tag must be the only element on that line, and (iii) the line must end in a period. This is the syntax that the ‘Press This’ bookmarklet uses, so you can just hit ‘Press This’ and enter to go to the next line and stop typing.\u003C\u002Fp>\n\u003Cp>Any text in the anchor will be ignored, and the entire first line will be discarded. This also means that if, for whatever, reason, you like posting link anchors that end in periods as the first line of your blog, you shouldn’t activate this checkbox, or you’ll end up with linked list posts by accident!\u003C\u002Fp>\n\u003Cp>This was adapted from \u003Ca href=\"http:\u002F\u002Fhypertext.net\u002Fprojects\u002Fcfsetter\" rel=\"nofollow ugc\">CF Setter by Justin Blanton\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Twitter Tools support\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>If you’re using \u003Ca href=\"http:\u002F\u002Fcrowdfavorite.com\u002Fwordpress\u002Fplugins\u002Ftwitter-tools\u002F\" rel=\"nofollow ugc\">Twitter Tools\u003C\u002Fa>, you can customise your tweets to have your custom glyph or text appear before either your “regular” or linked-list posts.\u003C\u002Fp>\n\u003Cp>Questions or suggestions? Look me up on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fyjsoon\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>When adding a link, create a normal blog post, but add a custom field “linked_list_url” with the desired link URL. The RSS feed item will automatically point to that URL.\u003C\u002Fli>\n\u003Cli>When posting, to insert a link without setting the custom field manually, put your URL wrapped in an anchor tag in the first line, ending with a period. For example: \u003Ca href=”http:\u002F\u002Fyjsoon.com”>Doesn’t matter what’s in here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright (c) 2010-2011 YJ Soon\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining\u003Cbr \u002F>\na copy of this software and associated documentation files (the\u003Cbr \u002F>\n“Software”), to deal in the Software without restriction, including\u003Cbr \u002F>\nwithout limitation the rights to use, copy, modify, merge, publish,\u003Cbr \u002F>\ndistribute, sublicense, and\u002For sell copies of the Software, and to\u003Cbr \u002F>\npermit persons to whom the Software is furnished to do so, subject to\u003Cbr \u002F>\nthe following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be\u003Cbr \u002F>\nincluded in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,\u003Cbr \u002F>\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\u003Cbr \u002F>\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\u003Cbr \u002F>\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\u003Cbr \u002F>\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\u003Cbr \u002F>\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\u003Cbr \u002F>\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","This plugin makes your RSS feed behave like Daring Fireball's linked list posts, and has some extra features to make posting linked lists easier.",40,13447,0,"2011-06-19T15:22:00.000Z","3.1.4","2.7","",[19,20,21,22],"linkblogs","linked-list","links","rss","http:\u002F\u002Fgithub.com\u002Fyjsoon\u002Fdf-style-linked-list_wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaring-fireball-linked-list.2.7.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-05T03:01:48.184Z",[35,56,73,90,108],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":54,"download_link":55,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"add-to-any-subscribe","Subscribe Button by AddToAny",".9.10.0","micropat","https:\u002F\u002Fprofiles.wordpress.org\u002Fmicropat\u002F","\u003Cp>The Subscribe button helps people subscribe to your blog using any feed reader, such as Feedly, The Old Reader, Yahoo!, AOL, and many more RSS readers.\u003C\u002Fp>\n\u003Cp>The button displays AddToAny’s customizable Smart Menu, which places the services visitors use at the top of the menu, based on each visitor’s preferences.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.addtoany.com\u002Fbuttons\u002Ffor\u002Fwebsite\u002Fsubscribe\" title=\"Subscribe button\" rel=\"nofollow ugc\">Subscribe Button\u003C\u002Fa> (standard version)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AddToAny Smart Menu\u003C\u002Fli>\n\u003Cli>Includes all services\u003C\u002Fli>\n\u003Cli>Services updated automatically\u003C\u002Fli>\n\u003Cli>WordPress optimized, localized (i18n)\u003C\u002Fli>\n\u003Cli>Supports WordPress Multisite Networks (MS)\u003C\u002Fli>\n\u003Cli>Many more publisher and user features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-to-any\u002F\" title=\"Share plugin\" rel=\"ugc\">Share Buttons\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Help visitors subscribe to your blog using email or any feed reader, such as Feedly, The Old Reader, Yahoo!, AOL, and many more feed services.",1000,261065,100,2,"2017-11-28T17:32:00.000Z","4.7.32","3.7",[51,52,21,22,53],"button","feed","subscribe","https:\u002F\u002Fwww.addtoany.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-to-any-subscribe.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":45,"downloaded":64,"rating":45,"num_ratings":30,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":17,"tags":68,"homepage":71,"download_link":72,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"remove-amazon-links-from-rss-feed","Remove Amazon Links from RSS Feed","1.4","Phil McDonnell","https:\u002F\u002Fprofiles.wordpress.org\u002Fphilmcdonnell\u002F","\u003Cp>Removes all links to Amazon.com\u002FAmzn.to in the RSS feed so you will be in compliance with Amazon’s Affiliate TOS. According to Amazon you may not use their affiliate links in any email, rss feed, etc. All the original links will still appear within a normal blog post or page.\u003C\u002Fp>\n\u003Cp>*Special thanks to Gretchen Louise (gretchenlouise.com) for alpha\u002Fbeta testing this for me.\u003C\u002Fp>\n","Removes all links to Amazon.com\u002FAmzn.to in the RSS feed.",4919,"2017-07-19T08:55:00.000Z","4.8.28","3.5",[69,70,21,22],"affiliate","amazon","http:\u002F\u002Fphilmcdonnell.com\u002Fprojects\u002Fwordpress\u002Fremove-amazon-links-from-rss-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-amazon-links-from-rss-feed.1.4.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":45,"num_ratings":46,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":17,"tags":86,"homepage":17,"download_link":89,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"rss-links-manager","RSS Links Manager","0.1.2","Tobias Eisenschmidt","https:\u002F\u002Fprofiles.wordpress.org\u002Ftobiaseisenschmidt\u002F","\u003Cp>RSS Links Manager lets you easily customise your RSS links via WordPress’ admin menu. Are you using Feedburner? Just enter your Feedburner URL. Are you using Disqus or Facebook comments instead of WordPress’ internal comment system? Just deactivate the feeds you don’t need – including category, tag and author feeds.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customise your feed links (title, URL, MIME type)\u003C\u002Fli>\n\u003Cli>Remove individual feed links (main feed, comments, extras)\u003C\u002Fli>\n\u003Cli>Directly hooks into WordPress’ wp_head functon\u003C\u002Fli>\n\u003Cli>Multilingual (English and German)\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage and customise your RSS feed links.",80,6698,"2014-12-30T12:00:00.000Z","4.1.42","3.0",[87,52,88,22,74],"customization","feedburner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frss-links-manager.0.1.2.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":100,"tested_up_to":101,"requires_at_least":85,"requires_php":102,"tags":103,"homepage":106,"download_link":107,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"custom-messages-in-rss-feed","Custom Messages In RSS Feed","1.1","Keral Patel","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeralpatel\u002F","\u003Cp>This Plugin allows you to insert custom messages at the start or the end of your blog entry in your RSS feed. Can be useful to put in source links if proper attribution is not being given to your content which is syndicated. You can also put in a small logo or icon of your blog which could link back to your site.\u003C\u002Fp>\n\u003Cp>You can specify the custom text or HTML that you want to add by going to the settings page at : Settings > Message In RSS Feed.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Just go to your Settings > Message In RSS Feed and configure what you would want to insert and where it should be inserted.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Will try and add some more features to this plugin.\u003C\u002Fp>\n","This plugin allows you to insert\u002Fappend custom messages into your RSS feed.",10,2049,"2024-01-17T04:29:00.000Z","6.4.8","7.0",[104,105,52,22],"attribution-links","custom-messages","https:\u002F\u002Fwww.keralpatel.com\u002Fadding-custom-messages-into-rss-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-messages-in-rss-feed.zip",{"slug":109,"name":110,"version":93,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":98,"downloaded":115,"rating":13,"num_ratings":13,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":17,"tags":119,"homepage":121,"download_link":122,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"google-news-links","Google News Links","plumwd","https:\u002F\u002Fprofiles.wordpress.org\u002Fplumwd\u002F","\u003Cp>Google News Links is a plugin that allows the user to specify a Google news feed (rss) and then loads them into WordPress as links. The links can be loaded by manually running the plugin or setting it up on a cron.\u003C\u002Fp>\n","The Google News Links plugin, allows a user to enter a google news rss feed and import the articles from the feed as links.",2113,"2011-09-05T19:43:00.000Z","3.2.1","2.0.2",[120,21,22],"google-news","http:\u002F\u002Fwww.plumeriawebdesign.com\u002Fgoogle-news-links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-news-links.zip",{"attackSurface":124,"codeSignals":172,"taintFlows":222,"riskAssessment":223,"analyzedAt":234},{"hooks":125,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":13,"unprotectedCount":13},[126,132,137,140,144,148,152,156,160,164],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","the_permalink_rss","ensure_rss_linked_list","linked_list.php",64,{"type":133,"name":134,"callback":135,"file":130,"line":136},"filter","the_content","insert_permalink_glyph_rss",78,{"type":133,"name":138,"callback":135,"file":130,"line":139},"the_excerpt_rss",79,{"type":133,"name":141,"callback":142,"file":130,"line":143},"the_title_rss","insert_title_glyph_rss",95,{"type":127,"name":145,"callback":146,"file":130,"line":147},"admin_menu","dfll_menu",106,{"type":127,"name":149,"callback":150,"file":130,"line":151},"admin_init","dfll_init",128,{"type":127,"name":153,"callback":154,"file":130,"line":155},"admin_head-settings_page_dfll","dfll_help",283,{"type":133,"name":157,"callback":158,"priority":30,"file":130,"line":159},"content_save_pre","dfll_customField_getValue",384,{"type":127,"name":161,"callback":162,"priority":46,"file":130,"line":163},"save_post","dfll_customField_setValue",386,{"type":133,"name":165,"callback":166,"file":130,"line":167},"aktt_do_tweet","dfll_tweet",412,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":221},[],{"prepared":13,"raw":13,"locations":175},[],{"escaped":13,"rawEcho":177,"locations":178},20,[179,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,219],{"file":130,"line":180,"context":181},28,"raw output",{"file":130,"line":183,"context":181},38,{"file":130,"line":185,"context":181},58,{"file":130,"line":187,"context":181},60,{"file":130,"line":189,"context":181},136,{"file":130,"line":191,"context":181},143,{"file":130,"line":193,"context":181},150,{"file":130,"line":195,"context":181},158,{"file":130,"line":197,"context":181},165,{"file":130,"line":199,"context":181},173,{"file":130,"line":201,"context":181},180,{"file":130,"line":203,"context":181},188,{"file":130,"line":205,"context":181},195,{"file":130,"line":207,"context":181},203,{"file":130,"line":209,"context":181},219,{"file":130,"line":211,"context":181},227,{"file":213,"line":81,"context":181},"twentyten-dfll-child-theme\\loop.php",{"file":213,"line":215,"context":181},92,{"file":217,"line":218,"context":181},"twentyten-dfll-child-theme\\single.php",41,{"file":217,"line":220,"context":181},47,[],[],{"summary":224,"deductions":225},"The plugin \"daring-fireball-linked-list\" v2.7.4 exhibits a strong security posture in several key areas. The static analysis reveals no identified attack surface points (AJAX, REST API, shortcodes, cron events) that are unprotected, indicating a good effort to limit potential entry points. Furthermore, the absence of dangerous functions, file operations, external HTTP requests, and the exclusive use of prepared statements for SQL queries are positive indicators. The plugin also has a clean vulnerability history with no known CVEs, which suggests a history of secure development or diligent patching.\n\nHowever, a significant concern arises from the static analysis regarding output escaping. With 20 total outputs and 0% properly escaped, there is a high probability of Cross-Site Scripting (XSS) vulnerabilities. This lack of output sanitization means that any data displayed by the plugin, if not inherently safe, could be rendered as executable code in the user's browser. Additionally, the complete absence of nonce checks and capability checks on any potential entry points (even though none were explicitly identified as unprotected) is a weakness. While the attack surface appears zero, if any new entry points were introduced or discovered, they would likely be vulnerable to CSRF and privilege escalation attacks.\n\nIn conclusion, while the plugin boasts a clean history and strong practices in preventing direct exploitation vectors like SQL injection and unprotected endpoints, the critical issue of unescaped output presents a substantial risk. The lack of robust authorization checks, even in the absence of identified endpoints, is also a latent concern. Addressing the output escaping vulnerability should be the immediate priority to improve its overall security.",[226,229,232],{"reason":227,"points":228},"0% of outputs properly escaped",15,{"reason":230,"points":231},"No nonce checks",5,{"reason":233,"points":231},"No capability checks","2026-03-16T22:19:15.006Z",{"wat":236,"direct":241},{"assetPaths":237,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[],[],[],[],{"cssClasses":242,"htmlComments":244,"htmlAttributes":245,"restEndpoints":259,"jsGlobals":260,"shortcodeOutput":261},[243],"glyph",[],[246,247,248,249,250,251,252,253,254,255,256,257,258],"name='dfll_options[link_goes_to]'","name='dfll_options[glyph_after_post]'","name='dfll_options[glyph_after_post_text]'","name='dfll_options[glyph_before_link_title]'","name='dfll_options[glyph_before_link_title_text]'","name='dfll_options[glyph_after_link_title]'","name='dfll_options[glyph_after_link_title_text]'","name='dfll_options[glyph_before_blog_title]'","name='dfll_options[glyph_before_blog_title_text]'","name='dfll_options[use_first_link]'","name='dfll_options[twitter_glyph_before_non_linked_list]'","name='dfll_options[twitter_glyph_before_linked_list]'","id='input1'",[],[],[]]