[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzMGYjvaJLB3fTIUNZAk1Uehwh-VHZex5qf9j1joCcYI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":143,"fingerprints":328},"decent-comments","Decent Comments","3.0.2","itthinx","https:\u002F\u002Fprofiles.wordpress.org\u002Fitthinx\u002F","\u003Cp>\u003Cstrong>Decent Comments shows what people say.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Decent Comments plugin helps you show comments on your site in a neat way. It lets you display comments along with avatars of the people who wrote them and previews of what they said. This makes your site more engaging for visitors.\u003C\u002Fp>\n\u003Cp>If you want to show comments along with their author’s avatars \u003Cem>and\u003C\u002Fem> an excerpt of their comment, recent comments on any of your posts, posts from certain categories and other criteria … then this might just be the right plugin for you.\u003C\u002Fp>\n\u003Cp>The plugin provides configurable blocks, widgets, shortcodes and an API to display comments in sensible ways. This includes author avatars, links, comment excerpts …\u003C\u002Fp>\n\u003Cp>Anywhere you place comments, by means of its block, widget, shortcode or by using its API, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Show an excerpt or the full comment. You can choose to not show the comment as well.\u003C\u002Fli>\n\u003Cli>Determine the number of words shown for excerpts.\u003C\u002Fli>\n\u003Cli>Set your kind of ellipsis.\u003C\u002Fli>\n\u003Cli>Set the number of comments to show.\u003C\u002Fli>\n\u003Cli>Show the author’s avatar and determine its size.\u003C\u002Fli>\n\u003Cli>Sort by author email, author URL, content (what’s said in the comment), date, karma or post … in ascending or descending order.\u003C\u002Fli>\n\u003Cli>Show comments for the current post or for a specific post.\u003C\u002Fli>\n\u003Cli>Show comments for a specific post type.\u003C\u002Fli>\n\u003Cli>Show comments for posts in specific categories, for specific tags, … (more precisely: the ability to show comments from posts related to one or more terms in a chosen taxonomy).\u003C\u002Fli>\n\u003Cli>Show comments for a set of posts and\u002For excluding a set of posts.\u003C\u002Fli>\n\u003Cli>and more to come … got suggestions?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fdocs.itthinx.com\u002Fdocument\u002Fdecent-comments\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> pages for details.\u003C\u002Fp>\n\u003Cp>Feedback is welcome. If you need help, have problems, want to leave feedback or want to provide constructive criticism, please do so at the \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\u002Fplugins\u002Fdecent-comments\" rel=\"nofollow ugc\">Decent Comments\u003C\u002Fa> plugin page.\u003C\u002Fp>\n\u003Cp>Please try to solve problems there before you rate this plugin or say it doesn’t work. There goes a \u003Cem>lot\u003C\u002Fem> of work into providing you with free quality plugins! Please appreciate that and help with your feedback. Thanks!\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"https:\u002F\u002Fx.com\u002Fitthinx\" rel=\"nofollow ugc\">@itthinx on X\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fmastodon.social\u002F@itthinx\" rel=\"nofollow ugc\">@itthinx on Mastodon\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fitthinx\u002F\" rel=\"nofollow ugc\">@itthinx on Reddit\u003C\u002Fa> for news and updates on this and other plugins and tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Catalan translation provided by \u003Ca href=\"https:\u002F\u002Fwww.ibidemgroup.com\" rel=\"nofollow ugc\">Ibidem Group\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese translation provided by Francesco from \u003Ca href=\"https:\u002F\u002Fwww.in-cina.com\" rel=\"nofollow ugc\">in Cina\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French translation provided by Thomas Mur from \u003Ca href=\"https:\u002F\u002Fwww.creapage.net\" rel=\"nofollow ugc\">Creapage.net\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German translation provided by the author \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\" rel=\"nofollow ugc\">itthinx\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian translation provided by Francesco from \u003Ca href=\"https:\u002F\u002Fwww.in-cina.com\" rel=\"nofollow ugc\">in Cina\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Lithuanian translation provided by Vincent G from \u003Ca href=\"https:\u002F\u002Fwww.Host1Free.com\" rel=\"nofollow ugc\">Host1Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portuguese translation provided by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Ftopcasinowagering\" rel=\"ugc\">TopCasinoWagering\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russion translation provided by \u003Ca href=\"https:\u002F\u002Farahis.com\" rel=\"nofollow ugc\">Igor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish translation provided by \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\" rel=\"nofollow ugc\">itthinx\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.ibidem-translations.com\" rel=\"nofollow ugc\">Ibidem Translations\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Many thanks!\u003C\u002Fp>\n","Decent Comments shows what people say. A more engaging way to show comments.",2000,115635,92,20,"2026-01-06T14:18:00.000Z","6.9.4","6.5","7.4",[20,21,22,23,24],"comment","comments","discussion","feedback","shortcode","https:\u002F\u002Fwww.itthinx.com\u002Fplugins\u002Fdecent-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdecent-comments.3.0.2.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},27,22680,97,3,98,"2026-04-04T03:38:35.337Z",[40,64,83,103,123],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":28,"last_vuln_date":63,"fetched_at":30},"no-page-comment","No Page Comment","1.3.1","Seth Alling","https:\u002F\u002Fprofiles.wordpress.org\u002Fsethta\u002F","\u003Cp>Up until recently, WordPress gave two options: You could either disable comments and trackbacks by default for all pages and posts, or you could have them active by default. In WordPress version 4.3, this finally changed so comments are always disabled on new pages.\u003C\u002Fp>\n\u003Cp>While the new change makes it easier for many of the sites, it make it harder for people who need to get the reverse and enable comments on all pages, or if they need to change the default for a custom post type. This plugin allows you to choose whether comments are enabled or disabled by default on all new posts, pages and custom post types, while still giving the ability to individually enable comments on posts or pages.\u003C\u002Fp>\n\u003Cp>Also, this plugin provides a way to quickly disable all comments or pingbacks for a specific custom post type. It directly interacts with your database to modify the status, so it is highly recommended that you backup your database first. There shouldn’t be any issues using this feature, but it’s always good to play it safe.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\" title=\"No Page Comment Development on Github\" rel=\"nofollow ugc\">View No Page Comment Development on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\u002Fissues\" title=\"Report an Issue about No Page Comment on Github\" rel=\"nofollow ugc\">Please Report any Issues about No Page Comment on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=5WWP2EDSCAJR4\" title=\"Donate to support the No Page Comment Plugin development\" rel=\"nofollow ugc\">Donate to Support No Page Comment Development\u003C\u002Fa>\u003C\u002Fp>\n","An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.",10000,250545,96,23,"2025-11-17T15:09:00.000Z","6.8.5","6.2",[21,56,22,57,58],"custom-post-types","pages","posts","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-page-comment.zip",99,2,"2022-09-21 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":48,"downloaded":72,"rating":27,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":59,"download_link":81,"security_score":82,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wpsimpletools-disable-comments","Disable Comments","1.0.4","wordpresssimpletools","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpresssimpletools\u002F","\u003Cp>Completely disables comments functionality from backend and frontend:\u003Cbr \u002F>\n* Hides existing comments\u003Cbr \u002F>\n* Close comments on the front-end\u003Cbr \u002F>\n* Disable support for comments, trackbacks and ping\u003Cbr \u002F>\n* Redirects any user trying to access comments page\u003Cbr \u002F>\n* Removes comments metabox from dashboard\u003Cbr \u002F>\n* Removes comments links from admin bar\u003Cbr \u002F>\n* Removes comments page in menu\u003Cbr \u002F>\n* Completely disables comments API\u003C\u002Fp>\n","Completely disables comments functionality from backend and frontend. Just install it, nothing to configure!",25834,4,"2021-04-14T12:52:00.000Z","5.7.15","4.0","5.0.0",[21,79,22,80],"disable-comments","remove-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpsimpletools-disable-comments.zip",85,{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":13,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":18,"tags":97,"homepage":101,"download_link":102,"security_score":82,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"better-recent-comments","Better Recent Comments","1.2.0","Kestrel","https:\u002F\u002Fprofiles.wordpress.org\u002Fkestrelwp\u002F","\u003Cp>The default Recent Comments widget is somewhat limited. Better Recent Comments improves on this by providing a more flexible widget with options to show the user’s actual comment, as well as show avatars and the ability to show or hide the comment date.\u003C\u002Fp>\n\u003Cp>As well as the widget, there’s a handy shortcode you can use to display your recent comments. This is useful if you need to display comments somewhere other than your sidebar or footer, such as on your homepage. Simply add the shortcode \u003Ccode>[better_recent_comments]\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>That’s not all! The plugin is also WPML compatible, which means that the comments will be restricted to those in the current language. The default WordPress widget will list all recent comments, regardless of language, so you might end up with comments for German-language posts in the sidebar of your English site. Better Recent Comments solves this and makes sure the comments are for the current language only.\u003C\u002Fp>\n\u003Cp>Translations currently provided in Spanish, French and Italian.\u003C\u002Fp>\n\u003Cp>View the full \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fkb-categories\u002Fbetter-recent-comments-kb\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> in our Knowledge Base.\u003C\u002Fp>\n\u003Cp>Options available with the shortcode:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>format\u003C\u002Fcode> – the format of each recent comment. This option uses ‘placeholders’ which are substituted with the actual data when the comments are displayed. See the FAQs for details.\u003C\u002Fli>\n\u003Cli>\u003Ccode>number\u003C\u002Fcode> – the number of comments to display. Default: 5 comments\u003C\u002Fli>\n\u003Cli>\u003Ccode>date_format\u003C\u002Fcode> – the date and time format to use. Like WordPress, this uses a PHP date format. It defaults to ‘M j, H:i’. See \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002FPHP-Date-Format.pdf\" rel=\"nofollow ugc\">this cheat sheet\u003C\u002Fa> for a full list of date and time options.\u003C\u002Fli>\n\u003Cli>\u003Ccode>avatar_size\u003C\u002Fcode> – the size of the avatar in pixels. Only used if you have included {avatar} in your comment format (see ‘format’ option). Default: 50\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_status\u003C\u002Fcode> – the status of posts to retrieve comments for. Defaults to ‘publish’. Can be a single status or a comma-separated list, or ‘any’ to show comments for all post statuses.\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_type\u003C\u002Fcode> – the post type to retrieve comments for. Accepts a single or multiple post types (e.g. ‘post’ or ‘post, dlp_document’) or ‘any’ to show comments for all post types. Default: ‘any’\u003C\u002Fli>\n\u003Cli>\u003Ccode>excerpts\u003C\u002Fcode> – set to ‘true’ to show an excerpt of the comment (limited to 20 words), or ‘false’ to show the full comment. Default: true\u003C\u002Fli>\n\u003Cli>\u003Ccode>replies\u003C\u002Fcode> – set to ‘true’ to also show responses to comments, or ‘false’ to only see the top level comments. Default: true\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides an improved Recent Comments widget and a shortcode to display your recent comments on any post or page.",3000,66663,17,"2024-03-28T02:06:00.000Z","6.5.8","6.0",[98,21,24,99,100],"avatar","widget","wpml","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-recent-comments.1.2.0.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":59,"tags":117,"homepage":121,"download_link":122,"security_score":82,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-first-letter-avatar","WP First Letter Avatar","2.2.8","DanielAGW","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanielagw\u002F","\u003Cp>WP First Letter Avatar \u003Cstrong>sets custom avatars for users without Gravatar\u003C\u002Fstrong>. The avatar will be a first letter of the user’s name. You can also configure the plugin to use any other letter to set custom avatar.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar includes a set of \u003Cstrong>beautiful, colorful letter avatars\u003C\u002Fstrong> in many sizes. Optimal size will be chosen by the plugin in order to display high quality avatar and not download, for example, big 512px avatars when only 48px is needed… \u003Cstrong>PSD template\u003C\u002Fstrong> for avatar is also included.\u003C\u002Fp>\n\u003Cp>You can also create your own avatar set by creating new directory next to \u003Cem>‘default’\u003C\u002Fem> folder and following the naming convention from \u003Cem>‘default’\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>By default, custom avatar will be set only to users without Gravatars, but you can change that in settings and not use Gravatar at all.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar helps you \u003Cstrong>bring more colors\u003C\u002Fstrong> into your blog. Plus, your readers will be more \u003Cstrong>willing to comment on your posts\u003C\u002Fstrong>, since they can actually relate to these avatars much better than to Mystery Person.\u003C\u002Fp>\n\u003Cp>All images were compressed using the fantastic \u003Ca href=\"https:\u002F\u002Ftinypng.com\u002F\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>, so avatars are \u003Cstrong>incredibly light and ultra-high quality\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>WP First Letter Avatar is also available \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDev49net\u002Fwp-first-letter-avatar\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility with other plugins\u003C\u002Fh4>\n\u003Cp>WP First Letter Avatar is fully compatible with \u003Ca href=\"https:\u002F\u002Fbbpress.org\u002F\" rel=\"nofollow ugc\">bbPress\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.gvectors.com\u002Fwpdiscuz\u002F\" rel=\"nofollow ugc\">wpDiscuz\u003C\u002Fa>. For \u003Ca href=\"https:\u002F\u002Fbuddypress.org\u002F\" rel=\"nofollow ugc\">BuddyPress\u003C\u002Fa> compatibility please use my other plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-first-letter-avatar\u002F\" rel=\"ugc\">BuddyPress First Letter Avatar\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>WP First Letter Avatar requires at least PHP 5.4. It \u003Cstrong>does not work properly\u003C\u002Fstrong> on PHP 5.3.x and earlier.\u003C\u002Fp>\n","Set custom avatars for users with no Gravatar. The avatar will be the first (or any other) letter of user's name on a colorful background.",67403,94,33,"2017-03-11T22:26:00.000Z","4.7.32","4.6",[118,119,21,120,22],"avatars","change-avatar","custom-avatar","http:\u002F\u002Fdev49.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-first-letter-avatar.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":13,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"comments-shortcode","Comments Shortcode","1.1","Sirius Pro","https:\u002F\u002Fprofiles.wordpress.org\u002Fsiriusproio\u002F","\u003Cp>This plugin allows you to display comments and comment form anywhere in WordPress. The comments list can be displayed for WordPress pages and posts without modifying the code and it works with most of the available themes. Just install and activate this plugin and use [sp_comments_block] shortcode anywhere in WordPress to display comments list and comment form.\u003C\u002Fp>\n\u003Cp>Read more about this plugin on \u003Ca href=\"https:\u002F\u002Fsiriuspro.pl\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa> blog.\u003C\u002Fp>\n","This plugin allows you to use a shortcode anywhere to display comments on WordPress pages and posts along with the comment form.",1000,8438,9,"2024-11-30T14:28:00.000Z","6.7.5","3.0","5.6.20",[20,21,139,140,24],"field","form","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomments-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-shortcode.zip",{"attackSurface":144,"codeSignals":206,"taintFlows":317,"riskAssessment":318,"analyzedAt":327},{"hooks":145,"ajaxHandlers":187,"restRoutes":188,"shortcodes":197,"cronEvents":204,"entryPointCount":36,"unprotectedCount":205},[146,152,156,161,165,169,172,175,179,182,184],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","init","decent_comments_block_init","blocks\\class-decent-comments-blocks.php",35,{"type":147,"name":153,"callback":153,"priority":154,"file":150,"line":155},"the_post",10,36,{"type":157,"name":158,"callback":158,"priority":154,"file":159,"line":160},"filter","comments_clauses","class-decent-comment.php",79,{"type":147,"name":162,"callback":162,"file":163,"line":164},"rest_api_init","class-decent-comments-rest.php",31,{"type":147,"name":166,"callback":166,"file":167,"line":168},"wp_print_styles","class-decent-comments-widget.php",56,{"type":147,"name":170,"callback":170,"priority":154,"file":167,"line":171},"comment_post",59,{"type":147,"name":173,"callback":173,"priority":154,"file":167,"line":174},"transition_comment_status",62,{"type":157,"name":176,"callback":176,"priority":154,"file":177,"line":178},"plugin_action_links","class-decent-comments.php",34,{"type":147,"name":180,"callback":180,"file":177,"line":181},"widgets_init",39,{"type":147,"name":148,"callback":148,"file":177,"line":183},40,{"type":147,"name":185,"callback":185,"file":177,"line":186},"admin_menu",41,[],[189],{"namespace":190,"route":191,"methods":192,"callback":194,"permissionCallback":195,"file":163,"line":196},"decent-comments\u002Fv1","\u002Fcomments",[193],"GET","decent_comments_rest_endpoint","__return_true",38,[198,202],{"tag":4,"callback":199,"file":200,"line":201},"decent_comments","class-decent-comments-shortcode.php",46,{"tag":199,"callback":199,"file":200,"line":203},47,[],1,{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":210,"fileOperations":28,"externalRequests":28,"nonceChecks":205,"capabilityChecks":205,"bundledLibraries":316},[],{"prepared":133,"raw":28,"locations":209},[],{"escaped":151,"rawEcho":211,"locations":212},51,[213,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314],{"file":167,"line":214,"context":215},274,"raw output",{"file":167,"line":217,"context":215},448,{"file":167,"line":219,"context":215},449,{"file":167,"line":221,"context":215},455,{"file":167,"line":223,"context":215},456,{"file":167,"line":225,"context":215},462,{"file":167,"line":227,"context":215},463,{"file":167,"line":229,"context":215},466,{"file":167,"line":231,"context":215},474,{"file":167,"line":233,"context":215},475,{"file":167,"line":235,"context":215},478,{"file":167,"line":237,"context":215},493,{"file":167,"line":239,"context":215},494,{"file":167,"line":241,"context":215},496,{"file":167,"line":243,"context":215},499,{"file":167,"line":245,"context":215},520,{"file":167,"line":247,"context":215},522,{"file":167,"line":249,"context":215},531,{"file":167,"line":251,"context":215},532,{"file":167,"line":253,"context":215},538,{"file":167,"line":255,"context":215},539,{"file":167,"line":257,"context":215},545,{"file":167,"line":259,"context":215},546,{"file":167,"line":261,"context":215},552,{"file":167,"line":263,"context":215},553,{"file":167,"line":265,"context":215},559,{"file":167,"line":267,"context":215},560,{"file":167,"line":269,"context":215},566,{"file":167,"line":271,"context":215},567,{"file":167,"line":273,"context":215},573,{"file":167,"line":275,"context":215},574,{"file":167,"line":277,"context":215},580,{"file":167,"line":279,"context":215},581,{"file":167,"line":281,"context":215},587,{"file":167,"line":283,"context":215},588,{"file":167,"line":285,"context":215},594,{"file":167,"line":287,"context":215},595,{"file":167,"line":289,"context":215},601,{"file":167,"line":291,"context":215},602,{"file":167,"line":293,"context":215},608,{"file":167,"line":295,"context":215},609,{"file":167,"line":297,"context":215},615,{"file":167,"line":299,"context":215},616,{"file":167,"line":301,"context":215},630,{"file":167,"line":303,"context":215},631,{"file":167,"line":305,"context":215},639,{"file":167,"line":307,"context":215},640,{"file":167,"line":309,"context":215},646,{"file":167,"line":311,"context":215},647,{"file":177,"line":313,"context":215},154,{"file":177,"line":315,"context":215},162,[],[],{"summary":319,"deductions":320},"The 'decent-comments' v3.0.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and avoids dangerous functions, file operations, and external HTTP requests. The vulnerability history is clean, with no recorded CVEs, suggesting a history of responsible development or minimal previous exposure. However, there are notable concerns, particularly regarding the REST API. One REST API route is exposed without a permission callback, creating a potential entry point for unauthorized access or manipulation. While the static analysis shows a low number of total entry points, this unprotected REST API endpoint is a significant weakness. Furthermore, only 41% of output escaping is properly done, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is outputted without sufficient sanitization. The single nonce check and capability check, while present, might not be sufficient to protect all critical functionalities given the unescaped output percentage.",[321,324],{"reason":322,"points":323},"REST API route without permission callback",15,{"reason":325,"points":326},"Low percentage of properly escaped output",8,"2026-03-16T18:37:05.979Z",{"wat":329,"direct":342},{"assetPaths":330,"generatorPatterns":336,"scriptPaths":337,"versionParams":338},[331,332,333,334,335],"\u002Fwp-content\u002Fplugins\u002Fdecent-comments\u002Fbuild\u002Findex.asset.php","\u002Fwp-content\u002Fplugins\u002Fdecent-comments\u002Fbuild\u002Findex.js","\u002Fwp-content\u002Fplugins\u002Fdecent-comments\u002Fbuild\u002Feditor.css","\u002Fwp-content\u002Fplugins\u002Fdecent-comments\u002Fbuild\u002Fview.js","\u002Fwp-content\u002Fplugins\u002Fdecent-comments\u002Fbuild\u002Fblock.json",[],[332,334],[339,340,341],"decent-comments\u002Fbuild\u002Findex.js?ver=","decent-comments\u002Fbuild\u002Fview.js?ver=","decent-comments\u002Fbuild\u002Feditor.css?ver=",{"cssClasses":343,"htmlComments":345,"htmlAttributes":346,"restEndpoints":349,"jsGlobals":350,"shortcodeOutput":353},[344],"wp-block-decent-comments-decent-comments",[],[347,348],"data-post-types","data-current-id",[],[351,352],"decentCommentsEdit","decentCommentsView",[]]