[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0nRcLN5MwVdzstaS2IZ5_gf-AtBt-wv9vYGCSmhf7Mo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":125,"fingerprints":204},"dice-widget","Dice Roller","1.4","kevinodie","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinodie\u002F","\u003Cp>Adds a simple dice roller widget that you can add to your sidebar\u003C\u002Fp>\n","Adds a simple dice roller widget that you can add to your sidebar",10,3262,0,"2016-03-31T15:20:00.000Z","4.4.34","3.0.1","",[19,20,21,22,23],"dice","random","roller","sidebar","widget","http:\u002F\u002Fwww.korpg.com\u002Fblog\u002Fdice-roller-wordpress-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdice-widget.1.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-05T09:19:54.141Z",[36,57,75,92,108],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"advanced-random-posts-widget","Advanced Random Posts Widget","2.2.1","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatrya\u002F","\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This plugin is no longer supported, please use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frecent-posts-widget-extended\u002F\" rel=\"ugc\">Recent posts widget Extended\u003C\u002Fa> instead.\u003C\u002Fp>\n\u003Cp>This plugin will enable a custom, flexible and advanced random posts. It allows you to display a list of random posts via shortcode or widget with thumbnail, excerpt and post date, also you can display it from all or specific or multiple taxonomy.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow you to set title url.\u003C\u002Fli>\n\u003Cli>Display thumbnails, with customizable size and alignment.\u003C\u002Fli>\n\u003Cli>Display excerpt, with customizable length.\u003C\u002Fli>\n\u003Cli>Display from all, specific or multiple category.\u003C\u002Fli>\n\u003Cli>Display from all, specific or multiple tag.\u003C\u002Fli>\n\u003Cli>Display from all, specific or multiple taxonomy.\u003C\u002Fli>\n\u003Cli>Display post date.\u003C\u002Fli>\n\u003Cli>Display post modified date.\u003C\u002Fli>\n\u003Cli>Post types.\u003C\u002Fli>\n\u003Cli>Post status.\u003C\u002Fli>\n\u003Cli>Allow you to set custom css class per widget.\u003C\u002Fli>\n\u003Cli>Add custom html or text before and\u002For after random posts.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support Me\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Purchase or download my \u003Ca href=\"https:\u002F\u002Fwp.idenovasi.com\u002F\" rel=\"nofollow ugc\">WordPress themes\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Purchase my \u003Ca href=\"https:\u002F\u002Fwww.fiverr.com\u002Fidenovasi\" rel=\"nofollow ugc\">Services\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Try another \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fidenovasi\u002F#content-plugins\" rel=\"nofollow ugc\">WordPress plugin\u003C\u002Fa> from me.\u003C\u002Fli>\n\u003Cli>Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fidenovasi\u002Fadvanced-random-posts-widget\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shorcode Explanation\u003C\u002Fh3>\n\u003Cp>Explanation of shortcode options:\u003C\u002Fp>\n\u003Cp>Basic shortcode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display 10 random posts\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw limit=\"10\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display with thumbnail and set the size\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw thumbnail=\"true\" thumbnail_size=\"arpw-thumbnail\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display posts based on category by id\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw thumbnail=\"true\" cat=\"10\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display portfolio post type\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw post_type=\"portfolio\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Here’s the full default shortcode arguments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>title=\"\"\noffset=\"\"\nlimit=\"5\"\npost_type=\"post\"\npost_status=\"publish\"\nignore_sticky=\"1\"\ntaxonomy=\"\"\ncat=\"\"\ntag=\"\"\nthumbnail=\"false\"\nthumbnail_size=\"arpw-thumbnail\"\nthumbnail_align=\"left\"\nexcerpt=\"false\"\nexcerpt_length=\"10\"\ndate=\"false\"\ndate_modified=\"false\"\ndate_relative=\"false\"\ncss_class=\"\"\nbefore=\"\"\nafter=\"\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Provides flexible and advanced random posts. Display it via shortcode or widget with thumbnails, post excerpt, and much more!",10000,216217,80,39,"2023-08-05T11:11:00.000Z","6.1.10","4.5",[52,22,53,23,54],"random-posts","thumbnail","widgets","https:\u002F\u002Fgithub.com\u002Fidenovasi\u002Fadvanced-random-posts-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-random-posts-widget.2.2.1.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"random-related-posts","Random Related Posts","1.0","ray.viljoen","https:\u002F\u002Fprofiles.wordpress.org\u002Frayviljoen\u002F","\u003Cp>The plugin provides a sidebar widget with customisable title and number of related posts to display.\u003Cbr \u002F>\nThe widget will display a random list of x number of posts ( selected in widget options ) together with a small tag including the publish date and author.\u003Cbr \u002F>\nIf used outside of a specific category the widget will default to all categories, whilst still displaying the selected number of random posts.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"http:\u002F\u002Fwww.catn.com\" rel=\"nofollow ugc\">PHP Hosting Experts CatN\u003C\u002Fa>\u003C\u002Fp>\n","A simple sidebar widget to include a custom number of posts from the same category as the current post.",40,6042,"2011-04-27T13:57:00.000Z","3.1.4","3.0",[71,52,72,22,23],"customisable","related-posts","http:\u002F\u002Fcatn.com\u002Fcommunity\u002Fplugins\u002Frandom-related-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-related-posts.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":32,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":17,"tags":87,"homepage":90,"download_link":91,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-random-quote","WP Random Quote","1.0.3","sabirmostofa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsabirmostofa\u002F","\u003Cp>Display a random quote provided by QOTD.org in your sidebar as a widget or in a page\u002Fpost using a shortcode. For more info:www.qotd.org\u002Fwp-plugin.html\u003C\u002Fp>\n\u003Cp>The main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>As many \u003Cstrong>widgets\u003C\u002Fstrong> as you need\u003C\u002Fli>\n\u003Cli>Font sizes can be configured\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Optional \u003Cstrong>automatic rotation\u003C\u002Fstrong> of the quotes\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Shortcodes\u003C\u002Fstrong> can be used to add one quote or series of quotes to your posts and pages. The shortcodes come with a set of individual options as well and, if needed, they can be extended to apply everywhere on the blog, allowing random words for the tagline, the category names, the post titles etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Display a random quote provided by QOTD.org in your sidebar as a widget or in a page\u002Fpost using a shortcode. For more info:www.qotd.org\u002Fwp-plugin.html",5773,"2015-01-19T23:59:00.000Z","4.1.42","2.8",[88,20,89,22,23],"quotes","random-quotes","http:\u002F\u002Fwww.qotd.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-random-quote.1.0.3.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":11,"downloaded":100,"rating":13,"num_ratings":13,"last_updated":101,"tested_up_to":86,"requires_at_least":102,"requires_php":17,"tags":103,"homepage":106,"download_link":107,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"daily-fitness-tips","Daily Fitness Tips","1.7","SimonTurner","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimonturner\u002F","\u003Cp>This widget will add daily fitness tips to your blog giving it new fresh content and hopefully helping your readers to keep in shape.  All \u003Ca href=\"http:\u002F\u002Fwww.workoutbox.com\u002Fworkouts\u002F\" rel=\"nofollow ugc\">workout routines\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.workoutbox.com\u002Fexercises\u002F\" rel=\"nofollow ugc\">exercises\u003C\u002Fa> are provided by the personal training team at \u003Ca href=\"http:\u002F\u002Fwww.workoutbox.com\" rel=\"nofollow ugc\">WorkoutBOX\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaily-fitness-tips.zip\" rel=\"nofollow ugc\">Download Now!\u003C\u002Fa>\u003C\u002Fp>\n","This widget will add daily fitness tips to your blog giving it new fresh content and hopefully helping your readers to keep in shape.",7057,"2010-08-24T07:06:00.000Z","1.3",[104,20,105,22,23],"admin","rss","http:\u002F\u002Fwww.workoutbox.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaily-fitness-tips.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":11,"downloaded":116,"rating":13,"num_ratings":13,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":17,"tags":120,"homepage":123,"download_link":124,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"lj-random-or-recent","LJ Random Or Recent","0.4","littlejon","https:\u002F\u002Fprofiles.wordpress.org\u002Flittlejon\u002F","\u003Cp>LJ Random or Recent is a WordPress plugin\u002Fwidget that allows you to display a list of Random or Recent posts depending of the type of pages that is being displayed. This plugin can also assist your site for SEO by digging up and making your older content relevant.\u003C\u002Fp>\n\u003Cp>The idea was taken from the iNove theme which by default has a similar setup in the sidebar, I just wanted a little bit more functionality plus the ability to put the widget anywhere on the page with any theme.\u003C\u002Fp>\n","LJ Random or Recent is a Wordpress widget that will display a list of Random or Recent posts depending of the type of pages that is being displayed.",2693,"2009-10-21T01:29:00.000Z","2.8.5","2.7.1",[121,20,122,22,23],"posts","recent","http:\u002F\u002Fwww.thelazysysadmin.net\u002Fsoftware\u002Fwordpress-plugins\u002Flj-random-or-recent\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flj-random-or-recent.0.4.zip",{"attackSurface":126,"codeSignals":138,"taintFlows":191,"riskAssessment":192,"analyzedAt":203},{"hooks":127,"ajaxHandlers":134,"restRoutes":135,"shortcodes":136,"cronEvents":137,"entryPointCount":13,"unprotectedCount":13},[128],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","widgets_init","load_dice_widget","dice_widget.php",18,[],[],[],[],{"dangerousFunctions":139,"sqlUsage":140,"outputEscaping":142,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":190},[],{"prepared":13,"raw":13,"locations":141},[],{"escaped":13,"rawEcho":143,"locations":144},27,[145,148,150,152,154,156,157,158,160,162,163,164,166,168,169,171,173,174,175,177,179,180,182,184,185,187,189],{"file":132,"line":146,"context":147},69,"raw output",{"file":132,"line":149,"context":147},123,{"file":132,"line":151,"context":147},150,{"file":132,"line":153,"context":147},187,{"file":132,"line":155,"context":147},188,{"file":132,"line":155,"context":147},{"file":132,"line":155,"context":147},{"file":132,"line":159,"context":147},193,{"file":132,"line":161,"context":147},194,{"file":132,"line":161,"context":147},{"file":132,"line":161,"context":147},{"file":132,"line":165,"context":147},199,{"file":132,"line":167,"context":147},200,{"file":132,"line":167,"context":147},{"file":132,"line":170,"context":147},212,{"file":132,"line":172,"context":147},213,{"file":132,"line":172,"context":147},{"file":132,"line":172,"context":147},{"file":132,"line":176,"context":147},217,{"file":132,"line":178,"context":147},218,{"file":132,"line":178,"context":147},{"file":132,"line":181,"context":147},225,{"file":132,"line":183,"context":147},226,{"file":132,"line":183,"context":147},{"file":132,"line":186,"context":147},234,{"file":132,"line":188,"context":147},235,{"file":132,"line":188,"context":147},[],[],{"summary":193,"deductions":194},"The \"dice-widget\" v1.4 plugin exhibits a mixed security posture. On one hand, the static analysis indicates a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, there are no dangerous functions, SQL queries that are not using prepared statements, file operations, external HTTP requests, or bundled libraries. This suggests good development practices in these specific areas.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 27 total outputs and 0% properly escaped, this plugin presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by the widget, if not rigorously sanitized by the calling context, could be exploited to inject malicious scripts. The absence of nonce and capability checks on the identified entry points, though few, also contributes to potential security weaknesses. The vulnerability history being clean is a positive sign, but it does not negate the critical flaws identified in the code analysis.\n\nIn conclusion, while the plugin has avoided common pitfalls like unpatched CVEs or raw SQL queries, the pervasive lack of output escaping is a severe security flaw that requires immediate attention. The absence of checks on entry points further exacerbates this risk. The overall security posture is weakened by these critical oversights, despite the otherwise lean attack surface and use of prepared statements.",[195,198,201],{"reason":196,"points":197},"Unescaped output on all outputs",15,{"reason":199,"points":200},"Missing capability checks on entry points",5,{"reason":202,"points":200},"Missing nonce checks on entry points","2026-03-17T00:31:42.892Z",{"wat":205,"direct":214},{"assetPaths":206,"generatorPatterns":209,"scriptPaths":210,"versionParams":211},[207,208],"\u002Fwp-content\u002Fplugins\u002Fdice-widget\u002Fdice_widget.css","\u002Fwp-content\u002Fplugins\u002Fdice-widget\u002Fdice_widget.js",[],[208],[212,213],"dice_widget\u002Fdice_widget.css?ver=","dice_widget\u002Fdice_widget.js?ver=",{"cssClasses":215,"htmlComments":217,"htmlAttributes":218,"restEndpoints":220,"jsGlobals":221,"shortcodeOutput":222},[216],"Dice",[],[219],"id=\"dice-widget\"",[],[],[223,224,225,226,227],"\u003Cp>Result: %de%d = %d (%d explosions)\u003C\u002Fp>","\u003Cp>Result: %de%d+%%d = %d (%d explosions)\u003C\u002Fp>","\u003Cp>Result: %dd%d = %d\u003C\u002Fp>","\u003Cp>Result: %dd%d+%%d = %d\u003C\u002Fp>","\u003Cem>\u003Ccenter>\u003Ca href=\"http:\u002F\u002Fwww.korpg.com\" rel=\"nofollow\">korpg\u003C\u002Fa>\u003C\u002Fcenter>\u003C\u002Fem>"]