[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5gxkTX9p8S6uowFVW7V22kZqPSKBp4drw1PSDiBHWSA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":120,"fingerprints":241},"express-posts","Express Posts","1.3.0","Grant Mangham","https:\u002F\u002Fprofiles.wordpress.org\u002Fvancoder\u002F","\u003Cp>Express posts provides a widget to display either a subset of posts, the children of a page or its siblings.\u003C\u002Fp>\n\u003Cp>The widget provides three modes.\u003C\u002Fp>\n\u003Cp>\u003Cem>Subset\u003C\u002Fem> will list a given number of posts from your selected categories. Date, date format, and excerpt are all optional.\u003C\u002Fp>\n\u003Cp>\u003Cem>Children\u003C\u002Fem> and \u003Cem>siblings\u003C\u002Fem> modes will list the immediate children or siblings of a page, respectively. You can include a placeholder in the widget title as a substitute for the parent page title. You can also choose to show or hide the widget on specific generations of pages, allowing extra flexibility on shared sidebars.\u003C\u002Fp>\n\u003Cp>In common with all of my plugins, Express Posts strives to follow best practice in WordPress coding. If you spy a bug or see room for improvement, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpress-posts\" rel=\"ugc\">let me know\u003C\u002Fa>.\u003C\u002Fp>\n","Express posts provides a widget to display either a subset of posts, the children of a page or its siblings.",10,2929,100,1,"2016-04-13T16:40:00.000Z","4.5.33","3.2.1","",[20,21,22,23,24],"children","pages","posts","sidebar","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpress-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-posts.1.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"vancoder",30,84,"2026-04-04T06:17:37.596Z",[38,55,76,93,105],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":18,"short_description":44,"active_installs":45,"downloaded":46,"rating":35,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":18,"tags":50,"homepage":53,"download_link":54,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"per-page-sidebars","Per Page Sidebars","2.0.3","Brian Layman","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrianlayman\u002F","The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.",1000,67740,"2018-03-14T19:32:00.000Z","4.9.29","3.1",[21,22,51,52],"sidebars","widgets","http:\u002F\u002FTheCodeCave.com\u002Fplugins\u002Fper-page-sidebars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-sidebars.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":72,"download_link":73,"security_score":74,"vuln_count":14,"unpatched_count":14,"last_vuln_date":75,"fetched_at":30},"query-posts","Query Posts","0.3.2","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>The \u003Cem>Query Posts\u003C\u002Fem> widget was written to allow users that don’t know their way around PHP to easily show posts in any way they’d like.  It’s like having a cool WordPress developer as a friend ready to do your bidding.  Seriously.\u003C\u002Fp>\n\u003Cp>The widget has over 40 options to choose from.  You can list posts by category, tag, custom taxonomies, author, date, time, name, or anything you can imagine.  You can choose to show the full content, excerpts, or even a simple list.  You can order the posts in all sorts of ways.  Oh, and you can even show pages.\u003C\u002Fp>\n\u003Cp>This is the widget that keeps users out of the code and gives them the ability to display items on their site how they want.\u003C\u002Fp>\n","A WordPress widget that gives you unlimited control over showing posts and pages.",900,78613,74,3,"2017-11-28T21:28:00.000Z","3.0.5","3.0",[71,21,22,23,24],"page","http:\u002F\u002Fjustintadlock.com\u002Farchives\u002F2009\u002F03\u002F15\u002Fquery-posts-widget-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-posts.0.3.2.zip",63,"2025-09-28 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":35,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":91,"download_link":92,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"per-page-widgets","Per Page Widgets","0.0.7","Internet123","https:\u002F\u002Fprofiles.wordpress.org\u002Finternet123\u002F","\u003Cp>Control widget areas on a per-page \u002F per-post basis.\u003C\u002Fp>\n\u003Cp>Gives you the ability to show or hide individual widget areas on each page \u002F post as well as completely substituting the widgets shown in a specific widget area on a specific page or post.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>The plugin has not been tested below version 3.3.\u003C\u002Fp>\n","Control widget areas on a per-page \u002F per-post basis.",300,16944,5,"2012-07-02T14:07:00.000Z","3.4.2","3.3",[21,22,51,52],"http:\u002F\u002Fwww.i123.dk\u002Fwordpress-plugin-per-page-widgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-widgets.0.0.7.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":34,"downloaded":101,"rating":13,"num_ratings":14,"last_updated":102,"tested_up_to":17,"requires_at_least":69,"requires_php":18,"tags":103,"homepage":18,"download_link":104,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"post-to-sidebar","Post To Sidebar","1.1.4","dmallon","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmallon\u002F","\u003Cp>The Post To Sidebar plugin makes it easy to display post content in the sidebar areas of your site. Once the widget is activated, a multi-select dropdown of all your published pages appears on post editing screens. Select the pages upon which you want the post to be displayed and the post will appear on those pages.\u003C\u002Fp>\n\u003Cp>There are options to hide the post title in the output and to show the content as an excerpt.\u003C\u002Fp>\n","A WordPress plugin\u002Fwidget that gives you the ability to put content (posts and custom post types) in your sidebar.",14027,"2011-11-02T13:08:00.000Z",[21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-to-sidebar.1.1.5.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":11,"downloaded":113,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":118,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":119},"galaxius-custom-sidebars","Galaxius Custom Sidebars","1.1","galaxiusmons","https:\u002F\u002Fprofiles.wordpress.org\u002Fgalaxiusmons\u002F","\u003Cp>This allows you to quickly create a unique sidebar for any post, page, category page or for all posts belonging to a category. You simply enter a name for the sidebar when you create or edit a post, page or category. Browse to Appearance -> Widgets, find your new sidebar and add some widgets to it.\u003C\u002Fp>\n","Allows quick creation of unique sidebars for posts, pages and categories.",1806,"3.6.1","3.5.1",[117,21,22,51,52],"custom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgalaxius-custom-sidebars.1.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":121,"codeSignals":137,"taintFlows":233,"riskAssessment":234,"analyzedAt":240},{"hooks":122,"ajaxHandlers":133,"restRoutes":134,"shortcodes":135,"cronEvents":136,"entryPointCount":28,"unprotectedCount":28},[123,129],{"type":124,"name":125,"callback":126,"file":127,"line":128},"action","admin_print_scripts-widgets.php","express_posts_scripts","express-posts.php",33,{"type":124,"name":130,"callback":131,"file":127,"line":132},"widgets_init","closure",320,[],[],[],[],{"dangerousFunctions":138,"sqlUsage":139,"outputEscaping":141,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":232},[],{"prepared":28,"raw":28,"locations":140},[],{"escaped":142,"rawEcho":143,"locations":144},9,54,[145,148,150,152,154,156,158,159,160,162,163,164,166,167,168,170,171,172,174,175,176,178,180,181,183,184,185,187,189,190,192,194,195,197,199,200,202,204,206,207,208,210,212,213,215,216,218,220,222,224,225,227,228,230],{"file":127,"line":146,"context":147},124,"raw output",{"file":127,"line":149,"context":147},141,{"file":127,"line":151,"context":147},147,{"file":127,"line":153,"context":147},167,{"file":127,"line":155,"context":147},170,{"file":127,"line":157,"context":147},199,{"file":127,"line":157,"context":147},{"file":127,"line":157,"context":147},{"file":127,"line":161,"context":147},200,{"file":127,"line":161,"context":147},{"file":127,"line":161,"context":147},{"file":127,"line":165,"context":147},202,{"file":127,"line":165,"context":147},{"file":127,"line":165,"context":147},{"file":127,"line":169,"context":147},203,{"file":127,"line":169,"context":147},{"file":127,"line":169,"context":147},{"file":127,"line":173,"context":147},204,{"file":127,"line":173,"context":147},{"file":127,"line":173,"context":147},{"file":127,"line":177,"context":147},207,{"file":127,"line":179,"context":147},208,{"file":127,"line":179,"context":147},{"file":127,"line":182,"context":147},210,{"file":127,"line":182,"context":147},{"file":127,"line":182,"context":147},{"file":127,"line":186,"context":147},212,{"file":127,"line":188,"context":147},213,{"file":127,"line":188,"context":147},{"file":127,"line":191,"context":147},220,{"file":127,"line":193,"context":147},221,{"file":127,"line":193,"context":147},{"file":127,"line":196,"context":147},227,{"file":127,"line":198,"context":147},228,{"file":127,"line":198,"context":147},{"file":127,"line":201,"context":147},230,{"file":127,"line":203,"context":147},241,{"file":127,"line":205,"context":147},246,{"file":127,"line":205,"context":147},{"file":127,"line":205,"context":147},{"file":127,"line":209,"context":147},252,{"file":127,"line":211,"context":147},253,{"file":127,"line":211,"context":147},{"file":127,"line":214,"context":147},260,{"file":127,"line":214,"context":147},{"file":127,"line":217,"context":147},266,{"file":127,"line":219,"context":147},271,{"file":127,"line":221,"context":147},280,{"file":127,"line":223,"context":147},281,{"file":127,"line":223,"context":147},{"file":127,"line":226,"context":147},288,{"file":127,"line":226,"context":147},{"file":127,"line":229,"context":147},294,{"file":127,"line":231,"context":147},299,[],[],{"summary":235,"deductions":236},"The static analysis of express-posts v1.3.0 reveals an exceptionally clean attack surface with zero identified entry points, including AJAX handlers, REST API routes, shortcodes, and cron events. This suggests a well-contained plugin architecture.  The code also demonstrates good practices by exclusively using prepared statements for all SQL queries and avoiding file operations and external HTTP requests.  However, a significant concern arises from the low percentage of properly escaped output (14%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly in the browser without proper sanitization.\n\nThe absence of any recorded CVEs and no history of vulnerabilities is a positive indicator. Combined with the zero taint flows, this suggests the plugin has historically been developed with security in mind or has not yet been subjected to extensive security audits that would uncover deeper issues.  Despite the lack of known vulnerabilities and a minimal attack surface, the poor output escaping is a critical weakness that leaves the plugin susceptible to XSS attacks. Therefore, while the plugin has strengths in its limited attack surface and SQL handling, the unescaped output represents a significant security risk that must be addressed.",[237],{"reason":238,"points":239},"Low output escaping percentage",15,"2026-03-17T01:10:07.996Z",{"wat":242,"direct":249},{"assetPaths":243,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[244],"\u002Fwp-content\u002Fplugins\u002Fexpress-posts\u002Fexpress-posts.js",[],[244],[248],"express-posts\u002Fexpress-posts.js?ver=",{"cssClasses":250,"htmlComments":254,"htmlAttributes":255,"restEndpoints":259,"jsGlobals":260,"shortcodeOutput":261},[251,252,253],"express_posts-subset","express_posts-children","express_posts-siblings",[],[256,257,258],"id=\"express_posts-1\"","id=\"express_posts-2\"","id=\"express_posts-3\"",[],[],[262],"\u003Cdiv class=\"footer\">"]