[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4e6TF3WV-pGgr47oS598dIidK4Qc63qDEKr5s0pgIdk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":36,"analysis":37,"fingerprints":143},"dogo-content-widget","DOGO Content Widget","1.1","dogomedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fdogomedia\u002F","\u003Cp>This plugin allows you to place 3 different widgets on your sidebar that fetches the most recent contents from DOGOnews.com, DOGObooks.com, and DOGOmovies.com via RSS feed and displays the corresponding thumbnail images, titles, and descriptions. You can choose whether to show the description below the image, and you change the style of the widget to fit your theme.\u003Cbr \u002F>\nExpose students to current events from DOGOnews.com, the leading source of content for Common Core State Standards ELA, science and social studies.  Share latest book reviews from DOGObooks.com, where kids review and rate books.  And for some fun, share movie reviews by kids from DOGOmovies.com.\u003C\u002Fp>\n","A widget to display thumbnails and titles of the latest DOGOnews, DOGObooks, and DOGOmovies reviews via RSS.",10,1854,100,1,"2012-11-06T06:27:00.000Z","3.4.2","2.8.4","",[20,21,22,23,24],"current-events","dogo-media","dogobooks","dogomovies","dogonews","http:\u002F\u002Fwww.dogonews.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdogo-content-widget.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},30,84,"2026-04-04T14:15:28.820Z",[],{"attackSurface":38,"codeSignals":69,"taintFlows":128,"riskAssessment":129,"analyzedAt":142},{"hooks":39,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":67,"entryPointCount":68,"unprotectedCount":28},[40,45,49,51,53],{"type":41,"name":42,"callback":43,"file":44,"line":33},"action","wp_enqueue_scripts","add_dogo_rss_css","dogo-content-widget.php",{"type":41,"name":46,"callback":47,"file":44,"line":48},"widgets_init","anonymous",383,{"type":41,"name":46,"callback":47,"file":44,"line":50},384,{"type":41,"name":46,"callback":47,"file":44,"line":52},385,{"type":54,"name":55,"callback":47,"file":44,"line":56},"filter","wp_feed_cache_transient_lifetime",387,[],[],[60,63,65],{"tag":24,"callback":61,"file":44,"line":62},"shortcode_handler",319,{"tag":22,"callback":61,"file":44,"line":64},347,{"tag":23,"callback":61,"file":44,"line":66},379,[],3,{"dangerousFunctions":70,"sqlUsage":80,"outputEscaping":82,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":127},[71,74,76,78],{"fn":72,"file":44,"line":48,"context":73},"create_function","add_action( 'widgets_init', create_function('', 'return register_widget(\"DOGOnews_RSS_Widget\");') );",{"fn":72,"file":44,"line":50,"context":75},"add_action( 'widgets_init', create_function('', 'return register_widget(\"DOGObooks_RSS_Widget\");') )",{"fn":72,"file":44,"line":52,"context":77},"add_action( 'widgets_init', create_function('', 'return register_widget(\"DOGOmovies_RSS_Widget\");') ",{"fn":72,"file":44,"line":56,"context":79},"add_filter( 'wp_feed_cache_transient_lifetime', create_function('$a', 'return 600;') );",{"prepared":28,"raw":28,"locations":81},[],{"escaped":14,"rawEcho":83,"locations":84},29,[85,88,90,92,94,96,97,98,99,101,102,103,104,106,107,108,110,112,113,114,116,117,118,120,121,122,124,125,126],{"file":44,"line":86,"context":87},144,"raw output",{"file":44,"line":89,"context":87},157,{"file":44,"line":91,"context":87},166,{"file":44,"line":93,"context":87},170,{"file":44,"line":95,"context":87},221,{"file":44,"line":95,"context":87},{"file":44,"line":95,"context":87},{"file":44,"line":95,"context":87},{"file":44,"line":100,"context":87},222,{"file":44,"line":100,"context":87},{"file":44,"line":100,"context":87},{"file":44,"line":100,"context":87},{"file":44,"line":105,"context":87},224,{"file":44,"line":105,"context":87},{"file":44,"line":105,"context":87},{"file":44,"line":109,"context":87},229,{"file":44,"line":111,"context":87},234,{"file":44,"line":111,"context":87},{"file":44,"line":111,"context":87},{"file":44,"line":115,"context":87},246,{"file":44,"line":115,"context":87},{"file":44,"line":115,"context":87},{"file":44,"line":119,"context":87},262,{"file":44,"line":119,"context":87},{"file":44,"line":119,"context":87},{"file":44,"line":123,"context":87},274,{"file":44,"line":123,"context":87},{"file":44,"line":123,"context":87},{"file":44,"line":123,"context":87},[],[],{"summary":130,"deductions":131},"The \"dogo-content-widget\" v1.1 plugin exhibits a mixed security posture. On the positive side, it has no known vulnerabilities and no untrusted data flows identified in taint analysis. All SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are good security practices. However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function is a major red flag, as it can lead to arbitrary code execution if user-supplied input is used within it without strict sanitization. Furthermore, a very low percentage of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks across its entry points, particularly the shortcodes, means that actions triggered by these shortcodes are not adequately protected against CSRF attacks or unauthorized access. While the vulnerability history is clean, this does not negate the immediate risks identified in the code itself.",[132,135,137,140],{"reason":133,"points":134},"Dangerous function 'create_function' used",15,{"reason":136,"points":11},"Very low output escaping percentage",{"reason":138,"points":139},"Missing nonce checks",8,{"reason":141,"points":139},"Missing capability checks","2026-03-17T01:32:53.577Z",{"wat":144,"direct":151},{"assetPaths":145,"generatorPatterns":147,"scriptPaths":148,"versionParams":149},[146],"\u002Fwp-content\u002Fplugins\u002Fdogo-content-widget\u002Fstyle.css",[],[],[150],"dogo-content-widget\u002Fstyle.css?ver=",{"cssClasses":152,"htmlComments":164,"htmlAttributes":165,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":169},[153,154,155,156,157,158,159,160,161,162,163],"dogoRecommendationWidgetContent","dogoWidget-horizontal","dogoWidget-vertical","dogoRecommendation","dogoImageContainer","cls29h","cls303","img","cls3dp","cls29k","dogo-logo",[],[166],"data-dogo-content-widget-type",[],[],[]]