[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxbdBhhvgj0WxaGlQOMO-HOZH-BC5YpLLhKM03cMiqQM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":139,"fingerprints":376},"dj-on-air-widget","DJ On Air Widget","0.2.6","Tony Zeoli","https:\u002F\u002Fprofiles.wordpress.org\u002Ftonyzeoli\u002F","\u003Cp>The DJ On-Air Widget adds a “Dj Shifts” field to user profiles that allows the to be scheduled for on-air shifts on an hourly basis and provides a sidebar widget that displays any user(s) scheduled for the current hour.\u003C\u002Fp>\n","Sidebar widget that displays the name, avatar, and profile link of a user scheduled to be \"on-air\" during the current hour.",10,8436,0,"2020-06-26T15:55:00.000Z","3.3.2","3.2.0","",[19,20,21,22],"dj","music","radio","scheduling","http:\u002F\u002Fnlb-creations.com\u002F2011\u002F09\u002F02\u002Fwordpress-plugin-dj-on-air-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdj-on-air-widget.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"tonyzeoli",3,1060,94,90,84,"2026-04-05T18:21:36.763Z",[38,59,81,102,120],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":17,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"meks-audio-player","Meks Audio Player","1.3","Meks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmekshq\u002F","\u003Cp>Easily enhance your podcast, music or any audio on the website. Meks Audio Player is first created as a support for our \u003Ca href=\"https:\u002F\u002Fmekshq.com\u002Fdemo\u002Fmegaphone\" rel=\"nofollow ugc\">Megaphone theme\u003C\u002Fa> but now it can be used on any WordPres website. The plugin will automatically detect audio inside the content and play it in a full-featured sticky audio player. Several smart options are provided to fine-tune the functionality as you wish. Perfect for personal podcasts, podcasting networks, radio stations or music websites.\u003C\u002Fp>\n\u003Cp>Meks Audio Player WordPress plugin is created by \u003Ca href=\"https:\u002F\u002Fmekshq.com\" rel=\"nofollow ugc\">Meks\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Color options to style the player to your personal taste and theme design\u003C\u002Fli>\n\u003Cli>Player Timestamps block ( Navigate audio with timestamps. Set the timestamp and the equivalent title\u002Fname. )\u003C\u002Fli>\n\u003Cli>Options to fully customize the player controls that you like to display: play\u002Fpause, skip back, jump forward, duration\u002Fprogress bar, current time, duration time, mute\u002Fvolume, playback speed…\u003C\u002Fli>\n\u003Cli>No setup required, it simply detects your existing audio inside the content\u003C\u002Fli>\n\u003Cli>Supports WordPress native audio block and audio shortcode\u003C\u002Fli>\n\u003Cli>Works on post and pages as well as all other registered custom post types on the website\u003C\u002Fli>\n\u003Cli>Hooks and filters provided for an elegant way to modify the plugin through your own WordPress theme or a plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More features?\u003C\u002Fh3>\n\u003Cp>By using the plugin with our \u003Ca href=\"https:\u002F\u002Fmekshq.com\u002Fdemo\u002Fmegaphone\" rel=\"nofollow ugc\">Megaphone WordPress theme\u003C\u002Fa>, you can also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get more styling options\u003C\u002Fli>\n\u003Cli>Display the post title inside the player\u003C\u002Fli>\n\u003Cli>Autodetect third-party embeds (i.e. SoundCloud, Spotify, YouTube, etc…)\u003C\u002Fli>\n\u003Cli>Run the player from any page on the website (not only from single posts but from archives too)\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily enhance your podcast, music or any audio files with a full-featured and customizable sticky audio player.",1000,32104,80,5,"2024-07-29T12:20:00.000Z","6.6.5","5.5",[54,20,55,56,21],"audio","player","podcast","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeks-audio-player.zip",92,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":67,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":17,"download_link":80,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"radiojar-player","Radiojar Audio Player","1.4","Radiojar","https:\u002F\u002Fprofiles.wordpress.org\u002Fradiojar\u002F","\u003Cp>\u003Cstrong>Important Note: \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is only functional for stations operating under \u003Ca href=\"\u002F\u002Fwww.radiojar.com\u002F\" rel=\"nofollow ugc\">Radiojar\u003C\u002Fa>.\u003Cbr \u002F>\nIt’s the simplest way to add your Radiojar station’s player to your WordPress site using widget or shortcode [rj-player].\u003Cbr \u002F>\nFill in your station’s stream name, select the player of your preference and have the player into your site or post easily.\u003Cbr \u002F>\nAn advanced selection for Ajaxify is also provided, for uninterrupted playback during the user’s navigation in the site.\u003C\u002Fp>\n\u003Cp>For details on Ajaxify, kindly refer to  \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fajaxify-wordpress-site\u002F\" rel=\"ugc\">Ajaxify WordPress Site(AWS)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Radiojar Audio Player in 3 steps:\u003C\u002Fh3>\n\u003Cp>1: Install Radiojar Audio Player plug-in.\u003Cbr \u002F>\n2: Fill in the stream name.\u003Cbr \u002F>\n3: Just drag the widget or added to any post\u002Fpage using shortcode [rj-player].\u003C\u002Fp>\n","Audio player plugin for Radiojar platform , just by dragging the widget or added shortcode [rj-player].",100,6965,1,"2020-06-10T11:24:00.000Z","5.4.19","4.8","5.6.33",[75,76,77,78,79],"audio-player","mp3-player","music-player","radiojar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fradiojar-player.1.4.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":67,"num_ratings":31,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"serverless-radio","Serverless Radio","0.9.0","Sandeep Verma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsvnlabs\u002F","\u003Cp>\u003Cstrong>Serverless Radio\u003C\u002Fstrong> is a lightweight plugin that allows you to stream MP3 files in linear fashion — just like AutoDJ — without needing a VPS or dedicated streaming server. You can run a complete radio station from a standard shared hosting environment!\u003C\u002Fp>\n\u003Cp>This plugin provides a JavaScript-powered linear stream from a public MP3 folder. Schedule your playlist, embed a player on your site, and start gaining listeners across the globe — even without going live.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Internet radio stations\u003Cbr \u002F>\n– Podcasts\u003Cbr \u002F>\n– Continuous audio playback\u003Cbr \u002F>\n– Time-based playlists from hosted MP3s\u003C\u002Fp>\n\u003Ch3>🔥 Key Highlights\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No VPS or dedicated server needed\u003C\u002Fli>\n\u003Cli>Auto-generates playlist from your public MP3 folder\u003C\u002Fli>\n\u003Cli>Works like AutoDJ in “virtual mode”\u003C\u002Fli>\n\u003Cli>Allows you to schedule linear playback\u003C\u002Fli>\n\u003Cli>Embed player anywhere with iframe\u003C\u002Fli>\n\u003Cli>Show current, last, and next song info\u003C\u002Fli>\n\u003Cli>Built-in playlist drag-and-drop customization\u003C\u002Fli>\n\u003Cli>Includes YouTube demo and live example\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>🎥 \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=pCRiilDDyVY\" rel=\"nofollow ugc\">Watch Demo on YouTube\u003C\u002Fa>\u003Cbr \u002F>\n🔊 \u003Ca href=\"https:\u002F\u002Fwww.serverlessradio.com\u002Fdemo\u002F\" rel=\"nofollow ugc\">Try Live Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Linear MP3 streaming via public folder\u003C\u002Fli>\n\u003Cli>Supports public MP3 folder URLs\u003C\u002Fli>\n\u003Cli>Automatically scans MP3 files and their durations\u003C\u002Fli>\n\u003Cli>Add\u002Fremove items from playlist manually\u003C\u002Fli>\n\u003Cli>Embed radio player using iframe\u003C\u002Fli>\n\u003Cli>Shareable and customizable player\u003C\u002Fli>\n\u003Cli>Display song metadata: Current \u002F Last \u002F Next\u003C\u002Fli>\n\u003Cli>Drag-and-drop playlist sorting\u003C\u002Fli>\n\u003Cli>Social sharing integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to Create a Serverless Radio\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload your MP3 files to a public directory.\u003C\u002Fli>\n\u003Cli>Use that directory URL in plugin settings.\u003C\u002Fli>\n\u003Cli>The plugin will auto-scan and build a playlist from the MP3 files.\u003C\u002Fli>\n\u003Cli>You can reorder and manage the playlist using drag-and-drop.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The MP3 folder must be publicly accessible with direct file links.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help or have a question? Contact us:\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwww.serverlessradio.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.serverlessradio.com\u002Fcontact\u002F\u003C\u002Fa>\u003C\u002Fp>\n","A serverless MP3 linear streaming plugin that lets you create AutoDJ-like playlists from public MP3 folders — no VPS required.",50,5015,"2026-03-05T16:30:00.000Z","6.8.5","5.0","5.6",[75,96,97,98,99],"autodj","mp3-linear-playback","mp3-podcast-player","serverless-radio-player","https:\u002F\u002Fwww.serverlessradio.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserverless-radio.0.9.0.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":94,"tags":115,"homepage":17,"download_link":119,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"playme","PlayMe","0.2.8","ERA404","https:\u002F\u002Fprofiles.wordpress.org\u002Fera404\u002F","\u003Cp>Embeddable Song Request Form for Radio Stations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Designed for Radio Stations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PlayMe was requested by a radio station deejay and built to best serve both the studio and the listeners.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Listeners may provide their name, the artist\u002Fsong name, and a dedication (or comments), to make realtime requests to Radio Stations and Deejays.\u003C\u002Fli>\n\u003Cli>The form is easily embeddable using the shortcode \u003Cstrong>[playme]\u003C\u002Fstrong> and can optionally require Google’s reCAPTCHA to verify requests before they’re submitted. Put “[playme]” on its own line in the page content (using Text View) to position the PlayMe form where you want it to appear on your page.\u003C\u002Fli>\n\u003Cli>On the backend, requests are shown in a list that refreshes passively every minute, and can be dismissed\u002Fhidden once the request has been addressed.\u003C\u002Fli>\n\u003Cli>For privacy, the only information captured (apart from what’s entered in the submission form) is an IP Address, to offer some insight to site owners about those who are submitting song requests. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>3rd Party Services\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Be advised about the 3rd Party services used by this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>: Optionally, site owners may configure PlayMe to use \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Frecaptcha\u002Fanswer\u002F6080904?hl=en\" title=\"What is Google's reCAPTCHA?\" rel=\"nofollow ugc\">Google’s reCAPTCHA\u003C\u002Fa> service to help minimize abuse of the Song Request form. More information about this service can be found on Google’s \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy?hl=en\" title=\"Google Privacy Policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" title=\"Google Terms of Service\" rel=\"nofollow ugc\">terms of service\u003C\u002Fa> of use. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>WhatIsMyIPAddress.com\u003C\u002Fstrong>: PlayMe offers a link for site owners to quickly discover\u002Freview the geographic location on record associated with the IP address of the submitter of the Song Request (IP-to-Location). This service is provided by a 3rd Party. More information about \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\" title=\"The WhatIsMyIPAddress Website\" rel=\"nofollow ugc\">WhatIsMyIPAddress.com\u003C\u002Fa> can be found on its \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\" title=\"The WhatIsMyIPAddress Website\" rel=\"nofollow ugc\">website\u003C\u002Fa>, its \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\u002Fprivacy-policy\" title=\"The WhatIsMyIPAddress Privacy Policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>, and its \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\u002Fterms-of-use\" title=\"The WhatIsMyIPAddress Terms of Use\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Embeddable Song Request Form for Radio Stations",30,2723,"2025-01-06T22:57:00.000Z","6.7.5","3.2.1",[20,21,116,117,118],"request","song","station","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplayme.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":67,"num_ratings":69,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":137,"download_link":138,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"spinitron-player","Spinitron Player","1.0.9","Razorfrog Web Design","https:\u002F\u002Fprofiles.wordpress.org\u002Frazorfrog\u002F","\u003Cp>The Spinitron Player plugin integrates live streaming and playlist data from Spinitron into WordPress sites, offering listeners real-time track information and audio streaming. Designed for ease of use and customization, it provides radio stations with a straightforward solution to share their live content and connect with audiences online.\u003C\u002Fp>\n\u003Ch3>Third-Party Service Integration\u003C\u002Fh3>\n\u003Cp>This plugin makes use of the Spinitron API to fetch and display live radio show and playlist information. The integration with Spinitron’s services is essential for providing up-to-date content within the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Spinitron Website: https:\u002F\u002Fspinitron.com\u002F\u003C\u002Fli>\n\u003Cli>Spinitron API Documentation: https:\u002F\u002Fspinitron.github.io\u002Fv2api\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Legal and Privacy\u003C\u002Fh3>\n\u003Cp>Please review Spinitron’s Terms of Use and Privacy Policy to understand the data usage and legal considerations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>terms of Service: https:\u002F\u002Fforum.spinitron.com\u002Ftos\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fforum.spinitron.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using the Spinitron Player plugin, you agree to comply with these terms and acknowledge the data interactions with Spinitron’s services.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>The following shortcodes are available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[spinitron_player]\u003C\u002Fcode> – For Spinitron live player interface.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[spinitron_play_button]\u003C\u002Fcode> – For stream play button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We will be working on new UI options in future releases.\u003C\u002Fp>\n","A streaming player for radio stations using Spinitron, with live data integration.",20,2348,"2025-12-09T23:21:00.000Z","6.9.4","5.2","7.2",[20,55,21,135,136],"spinitron","stream","https:\u002F\u002Frazorfrog.com\u002Fspinitron-player\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspinitron-player.1.0.9.zip",{"attackSurface":140,"codeSignals":183,"taintFlows":324,"riskAssessment":361,"analyzedAt":375},{"hooks":141,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":181,"entryPointCount":182,"unprotectedCount":13},[142,148,152,155,159,162,166],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","init","dj_set_globals","dj-on-air.php",33,{"type":143,"name":149,"callback":150,"file":146,"line":151},"show_user_profile","dj_show_extra_profile_fields",242,{"type":143,"name":153,"callback":150,"file":146,"line":154},"edit_user_profile",243,{"type":143,"name":156,"callback":157,"file":146,"line":158},"personal_options_update","dj_save_extra_profile_fields",437,{"type":143,"name":160,"callback":157,"file":146,"line":161},"edit_user_profile_update",438,{"type":143,"name":163,"callback":164,"file":146,"line":165},"admin_menu","dj_admin_menu",588,{"type":143,"name":167,"callback":168,"file":146,"line":169},"widgets_init","anonymous",687,[],[],[173,177],{"tag":174,"callback":175,"file":146,"line":176},"dj-widget","dj_show_widget",88,{"tag":178,"callback":179,"file":146,"line":180},"dj-schedule","dj_schedule",172,[],2,{"dangerousFunctions":184,"sqlUsage":194,"outputEscaping":207,"fileOperations":13,"externalRequests":13,"nonceChecks":69,"capabilityChecks":69,"bundledLibraries":323},[185,189,191],{"fn":186,"file":146,"line":187,"context":188},"unserialize",132,"$shifts = unserialize($shifts[0]);",{"fn":186,"file":146,"line":190,"context":188},269,{"fn":192,"file":146,"line":169,"context":193},"create_function","add_action( 'widgets_init', create_function('', 'return register_widget(\"DJ_Widget\");') );",{"prepared":13,"raw":195,"locations":196},4,[197,200,203,205],{"file":146,"line":198,"context":199},123,"$wpdb->get_results() with variable interpolation",{"file":146,"line":201,"context":202},137,"$wpdb->get_row() with variable interpolation",{"file":146,"line":204,"context":199},227,{"file":146,"line":206,"context":202},233,{"escaped":13,"rawEcho":208,"locations":209},73,[210,213,215,217,218,219,221,222,223,225,226,227,229,230,231,233,234,235,237,238,239,241,242,243,245,247,249,250,251,253,254,255,257,258,259,261,262,263,265,266,267,269,270,271,273,274,275,277,279,280,281,283,285,286,288,290,291,293,295,296,297,299,301,303,305,307,309,311,313,315,317,319,321],{"file":146,"line":211,"context":212},279,"raw output",{"file":146,"line":214,"context":212},291,{"file":146,"line":216,"context":212},327,{"file":146,"line":216,"context":212},{"file":146,"line":216,"context":212},{"file":146,"line":220,"context":212},328,{"file":146,"line":220,"context":212},{"file":146,"line":220,"context":212},{"file":146,"line":224,"context":212},329,{"file":146,"line":224,"context":212},{"file":146,"line":224,"context":212},{"file":146,"line":228,"context":212},330,{"file":146,"line":228,"context":212},{"file":146,"line":228,"context":212},{"file":146,"line":232,"context":212},332,{"file":146,"line":232,"context":212},{"file":146,"line":232,"context":212},{"file":146,"line":236,"context":212},333,{"file":146,"line":236,"context":212},{"file":146,"line":236,"context":212},{"file":146,"line":240,"context":212},335,{"file":146,"line":240,"context":212},{"file":146,"line":240,"context":212},{"file":146,"line":244,"context":212},351,{"file":146,"line":246,"context":212},355,{"file":146,"line":248,"context":212},407,{"file":146,"line":248,"context":212},{"file":146,"line":248,"context":212},{"file":146,"line":252,"context":212},408,{"file":146,"line":252,"context":212},{"file":146,"line":252,"context":212},{"file":146,"line":256,"context":212},409,{"file":146,"line":256,"context":212},{"file":146,"line":256,"context":212},{"file":146,"line":260,"context":212},410,{"file":146,"line":260,"context":212},{"file":146,"line":260,"context":212},{"file":146,"line":264,"context":212},412,{"file":146,"line":264,"context":212},{"file":146,"line":264,"context":212},{"file":146,"line":268,"context":212},413,{"file":146,"line":268,"context":212},{"file":146,"line":268,"context":212},{"file":146,"line":272,"context":212},415,{"file":146,"line":272,"context":212},{"file":146,"line":272,"context":212},{"file":146,"line":276,"context":212},466,{"file":146,"line":278,"context":212},467,{"file":146,"line":278,"context":212},{"file":146,"line":278,"context":212},{"file":146,"line":282,"context":212},472,{"file":146,"line":284,"context":212},473,{"file":146,"line":284,"context":212},{"file":146,"line":287,"context":212},479,{"file":146,"line":289,"context":212},480,{"file":146,"line":289,"context":212},{"file":146,"line":292,"context":212},486,{"file":146,"line":294,"context":212},487,{"file":146,"line":294,"context":212},{"file":146,"line":294,"context":212},{"file":146,"line":298,"context":212},506,{"file":146,"line":300,"context":212},519,{"file":146,"line":302,"context":212},522,{"file":146,"line":304,"context":212},533,{"file":146,"line":306,"context":212},538,{"file":146,"line":308,"context":212},540,{"file":146,"line":310,"context":212},543,{"file":146,"line":312,"context":212},549,{"file":146,"line":314,"context":212},556,{"file":146,"line":316,"context":212},605,{"file":146,"line":318,"context":212},618,{"file":146,"line":320,"context":212},637,{"file":146,"line":322,"context":212},667,[],[325,350],{"entryPoint":326,"graph":327,"unsanitizedCount":13,"severity":349},"dj_admin_options (dj-on-air.php:591)",{"nodes":328,"edges":345},[329,334,339,343],{"id":330,"type":331,"label":332,"file":146,"line":333},"n0","source","$_POST['dj_time_settings']",614,{"id":335,"type":336,"label":337,"file":146,"line":333,"wp_function":338},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":340,"type":331,"label":341,"file":146,"line":342},"n2","$_POST['dj_default_name']",615,{"id":344,"type":336,"label":337,"file":146,"line":342,"wp_function":338},"n3",[346,348],{"from":330,"to":335,"sanitized":347},true,{"from":340,"to":344,"sanitized":347},"low",{"entryPoint":351,"graph":352,"unsanitizedCount":13,"severity":349},"\u003Cdj-on-air> (dj-on-air.php:0)",{"nodes":353,"edges":358},[354,355,356,357],{"id":330,"type":331,"label":332,"file":146,"line":333},{"id":335,"type":336,"label":337,"file":146,"line":333,"wp_function":338},{"id":340,"type":331,"label":341,"file":146,"line":342},{"id":344,"type":336,"label":337,"file":146,"line":342,"wp_function":338},[359,360],{"from":330,"to":335,"sanitized":347},{"from":340,"to":344,"sanitized":347},{"summary":362,"deductions":363},"The dj-on-air-widget plugin v0.2.6 presents a mixed security posture. While the static analysis reveals a small attack surface with no immediately apparent unprotected entry points for AJAX or REST API, several code signals raise significant concerns. The presence of dangerous functions like `unserialize` and `create_function` is a major red flag, as these can be exploited if user-controlled data is passed to them without proper sanitization. Furthermore, all SQL queries are executed without prepared statements, creating a substantial risk of SQL injection vulnerabilities. The complete lack of output escaping for all identified outputs is another critical weakness, exposing the site to Cross-Site Scripting (XSS) attacks.\n\nThe plugin's vulnerability history is currently clean, with no recorded CVEs. This might suggest a lack of past exploitation or a history of diligent patching by developers. However, the static analysis findings indicate that even without known historical vulnerabilities, the code itself contains fundamental security flaws that could be exploited. The limited number of entry points is a positive, but it does not mitigate the inherent risks posed by the insecure coding practices identified.\n\nIn conclusion, despite a clean vulnerability history, the plugin exhibits critical security weaknesses due to the use of dangerous functions, unescaped outputs, and raw SQL queries. These issues represent a significant risk of exploitation, and immediate remediation is strongly advised. The absence of known vulnerabilities should not be mistaken for a secure codebase given the identified static analysis findings.",[364,367,369,371,373],{"reason":365,"points":366},"Dangerous functions used (unserialize, create_function)",15,{"reason":368,"points":11},"SQL queries not using prepared statements",{"reason":370,"points":366},"No proper output escaping",{"reason":372,"points":49},"Limited capability checks (1\u002F2 entry points)",{"reason":374,"points":49},"Limited nonce checks (1\u002F2 entry points)","2026-03-17T00:11:12.371Z",{"wat":377,"direct":384},{"assetPaths":378,"generatorPatterns":380,"scriptPaths":381,"versionParams":382},[379],"\u002Fwp-content\u002Fplugins\u002Fdj-on-air-widget\u002Fstyles\u002Fdjonair.css",[],[],[383],"dj-on-air-widget\u002Fstyles\u002Fdjonair.css?ver=",{"cssClasses":385,"htmlComments":399,"htmlAttributes":401,"restEndpoints":403,"jsGlobals":404,"shortcodeOutput":405},[386,387,388,389,390,391,392,393,394,395,396,397,398],"on-air-embedded","on-air-list","on-air-dj","on-air-dj-avatar","clear","default-dj","on-air-dj-schedule-day-block","on-air-dj-schedule-day-title","on-air-dj-schedule-time-list","on-air-dj-schedule-time-item","on-air-no-dj","scheduled-dj","on-air-dj-id-",[400],"\u003C!-- Use nonce for verification -->",[402],"id=\"meta_inner\"",[],[],[406,407,408,409,410,411,412],"\u003Cdiv class=\"on-air-embedded\">","\u003Ch3 class=\"on-air-dj-schedule-day-title\">","\u003Cul class=\"on-air-dj-schedule-time-list\">","\u003Cli class=\"on-air-dj-schedule-time-item\">","\u003Cul class=\"on-air-dj-schedule-dj-list\">","\u003Cli class=\"on-air-dj-schedule-dj-item on-air-no-dj\">","\u003Cli class=\"on-air-dj-schedule-dj-item scheduled-dj"]