[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fj8VgE-N0CNbKz2BPMVAUEgZ57CxYM3AlXdpjrXatgkc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":55,"fingerprints":160},"f2-tag-cloud-widget","F2 Tag Cloud Widget","0.3.2","fsquared","https:\u002F\u002Fprofiles.wordpress.org\u002Ffsquared\u002F","\u003Cp>F2 Tag Cloud Widegt is an enhanced tag cloud widget that provides some\u003Cbr \u002F>\nadditional options compared to the default widget provided with WordPress.\u003Cbr \u002F>\nThe additional options are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>minimum tag text size\u003C\u002Fli>\n\u003Cli>maximum tag text size\u003C\u002Fli>\n\u003Cli>maximum tag count\u003C\u002Fli>\n\u003Cli>tag cloud format\u003C\u002Fli>\n\u003Cli>tag ordering\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These are all options provided by the tag cloud functions within WordPress,\u003Cbr \u002F>\nbut for some reason are not exposed by their own widget. The full details\u003Cbr \u002F>\nof these options are explained in the main WordPress documentation.\u003C\u002Fp>\n\u003Cp>In addition, there are additional options now available to control the\u003Cbr \u002F>\ntypography of tags with greater precision.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>tag cloud alignment – left, center, right or theme default (default)\u003C\u002Fli>\n\u003Cli>tag padding – defaults to 0\u003C\u002Fli>\n\u003C\u002Ful>\n","A tag cloud widget which exposes more of the internal Wordpress tagcloud options.",500,12239,100,2,"2022-01-05T14:22:00.000Z","5.8.13","2.8","",[20],"tags-widget","http:\u002F\u002Fwww.fsquared.co.uk\u002Fsoftware\u002Ff2-tagcloud\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ff2-tag-cloud-widget.0.3.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},800,30,84,"2026-04-04T14:42:05.747Z",[34],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":13,"downloaded":42,"rating":43,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":18,"tags":48,"homepage":53,"download_link":54,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"custom-tag-widget","Tag Widget","1.0.4","Clay McIlrath","https:\u002F\u002Fprofiles.wordpress.org\u002Fclaymcilrath\u002F","\u003Cp>Options in widget:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set number of tags to display\u003C\u002Fli>\n\u003Cli>Specify min and max posts to be displayed\u003C\u002Fli>\n\u003Cli>Specify font size ranges like a cloud\u003C\u002Fli>\n\u003Cli>Choose format for widget (list, flat, dropdown)\u003C\u002Fli>\n\u003Cli>Font size display unit (px, pt, em, percent)\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable Tags or Categories\u003C\u002Fli>\n\u003Cli>Show empty\u003C\u002Fli>\n\u003Cli>Display post count\u003C\u002Fli>\n\u003Cli>Sort by and Sort Order\u003C\u002Fli>\n\u003C\u002Ful>\n","A more customizable solution than the default wordpress tag cloud.",9077,20,1,"2013-04-12T02:26:00.000Z","3.5.2","2.3",[49,50,51,20,52],"custom-tags","tag-widget","tags","widgets","http:\u002F\u002Fincbrite.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-tag-widget.zip",{"attackSurface":56,"codeSignals":68,"taintFlows":152,"riskAssessment":153,"analyzedAt":159},{"hooks":57,"ajaxHandlers":64,"restRoutes":65,"shortcodes":66,"cronEvents":67,"entryPointCount":24,"unprotectedCount":24},[58],{"type":59,"name":60,"callback":61,"file":62,"line":63},"action","widgets_init","closure","f2-tagcloud.php",357,[],[],[],[],{"dangerousFunctions":69,"sqlUsage":70,"outputEscaping":72,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":151},[],{"prepared":24,"raw":24,"locations":71},[],{"escaped":73,"rawEcho":74,"locations":75},6,37,[76,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149],{"file":62,"line":77,"context":78},95,"raw output",{"file":62,"line":80,"context":78},96,{"file":62,"line":82,"context":78},106,{"file":62,"line":84,"context":78},111,{"file":62,"line":86,"context":78},116,{"file":62,"line":88,"context":78},129,{"file":62,"line":90,"context":78},131,{"file":62,"line":92,"context":78},137,{"file":62,"line":94,"context":78},139,{"file":62,"line":96,"context":78},146,{"file":62,"line":98,"context":78},148,{"file":62,"line":100,"context":78},154,{"file":62,"line":102,"context":78},156,{"file":62,"line":104,"context":78},162,{"file":62,"line":106,"context":78},164,{"file":62,"line":108,"context":78},166,{"file":62,"line":110,"context":78},168,{"file":62,"line":112,"context":78},174,{"file":62,"line":114,"context":78},176,{"file":62,"line":116,"context":78},179,{"file":62,"line":118,"context":78},181,{"file":62,"line":120,"context":78},187,{"file":62,"line":122,"context":78},189,{"file":62,"line":124,"context":78},191,{"file":62,"line":126,"context":78},193,{"file":62,"line":128,"context":78},195,{"file":62,"line":130,"context":78},201,{"file":62,"line":132,"context":78},203,{"file":62,"line":134,"context":78},205,{"file":62,"line":136,"context":78},207,{"file":62,"line":138,"context":78},209,{"file":62,"line":140,"context":78},211,{"file":62,"line":142,"context":78},217,{"file":62,"line":144,"context":78},219,{"file":62,"line":146,"context":78},226,{"file":62,"line":148,"context":78},228,{"file":62,"line":150,"context":78},236,[],[],{"summary":154,"deductions":155},"The static analysis of f2-tag-cloud-widget v0.3.2 reveals a generally good security posture regarding direct attack vectors.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the plugin's external attack surface. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is a positive sign.  All SQL queries are reported as using prepared statements, which is excellent practice. However, a significant concern arises from the output escaping, where only 14% of the 43 total outputs are properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not sufficiently sanitized before being displayed on the frontend.  The taint analysis shows no identified flows, which is positive, but this is based on an analysis of zero flows, making its effectiveness uncertain.  The vulnerability history is also clean, with no known CVEs. While this is encouraging, the lack of historical vulnerabilities, coupled with the identified output escaping issue, could indicate that the plugin has not been subjected to thorough security testing or that vulnerabilities have gone unnoticed.  Overall, the plugin's lack of complex entry points is a strength, but the poor output escaping presents a tangible and significant risk that needs immediate attention.",[156],{"reason":157,"points":158},"Low percentage of properly escaped output",15,"2026-03-16T19:36:18.107Z",{"wat":161,"direct":167},{"assetPaths":162,"generatorPatterns":164,"scriptPaths":165,"versionParams":166},[163],"\u002Fwp-content\u002Fplugins\u002Ff2-tag-cloud-widget\u002Ff2-tagcloud.php",[],[],[],{"cssClasses":168,"htmlComments":170,"htmlAttributes":190,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":214},[169],"tagcloud",[171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189],"Main Tag Cloud widget class; extends the standard WP_Widget class.","This is a fairly simple widget, derived from the standard WP provided","version. However, in this case we expose more of the options available","to the wp_tag_cloud() function.","Tag cloud defaults; used in various functions, thus the class defn.","Constructor - registers widget to the system.","Build the array of widget options.","And simply call the parental constructor.","Widget display logic.","Expand out the arguments into local variables.","Get the title, applying a sensible default.","And then generate the actual output - header first.","The actual content.","Render the tagcloud, applying alignment if required.","Output the tagcloud, adding in any padding requirements.","And then the footer.","Widget setup form.","And parse in any that we've been passed.","Now render the form.",[191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211],"for=\"f2-tagcloud-title\"","id=\"f2-tagcloud-title\"","name=\"f2-tagcloud-title\"","for=\"f2-tagcloud-smallest\"","id=\"f2-tagcloud-smallest\"","name=\"f2-tagcloud-smallest\"","for=\"f2-tagcloud-largest\"","id=\"f2-tagcloud-largest\"","name=\"f2-tagcloud-largest\"","for=\"f2-tagcloud-number\"","id=\"f2-tagcloud-number\"","name=\"f2-tagcloud-number\"","for=\"f2-tagcloud-format\"","id=\"f2-tagcloud-format\"","name=\"f2-tagcloud-format\"","for=\"f2-tagcloud-orderby\"","id=\"f2-tagcloud-orderby\"","name=\"f2-tagcloud-orderby\"","for=\"f2-tagcloud-order\"","id=\"f2-tagcloud-order\"","name=\"f2-tagcloud-order\"",[],[],[]]