[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPLYmjzINaObayPZ8rCRFqRkSn5waMz6cLMxhs5zexEU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":137,"fingerprints":167},"favicon-images-for-comments","Favicon Images for Comments","1.0","Amit Agarwal","https:\u002F\u002Fprofiles.wordpress.org\u002Flabnol\u002F","\u003Cp>Favicon Images for WordPress Comments lets you add favicon images to your blog comments using the URL of your visitor’s website.\u003C\u002Fp>\n\u003Cp>See a live demo at \u003Ca href=\"http:\u002F\u002Fwww.labnol.org\u002F\" rel=\"nofollow ugc\">Digital Inspiration\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The favicon image is generated dynamically using Google Favicon generator.\u003C\u002Fp>\n","Favicon Images for WordPress Comments lets you add favicons next to your blog comments using the site URL of the commentator.",10,2910,0,"2008-09-04T04:41:00.000Z","2.6.1","2.0","",[19,20,21,22,23],"comments","favicon","gravatar","pictures","userpics","http:\u002F\u002Fwww.labnol.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffavicon-images-for-comments.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"labnol",2,40,30,84,"2026-04-04T10:56:04.393Z",[38,59,80,98,120],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":35,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"comment-image","Comment Image","1.2.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Comment Image enables blog readers to attach an image while leaving their comments.\u003Cbr \u002F>\nSupported formats are JPG, PNG, GIF.\u003C\u002Fp>\n\u003Cp>Uploaded images are inserted below the comment text as thumbnail (of configurable max dimensions) and linked to the original pictures.\u003C\u002Fp>\n\u003Cp>File selection field can be injected automatically or added manually.\u003C\u002Fp>\n\u003Cp>Original pictures and their thumbnails are stored in a separate folder for easy management.\u003C\u002Fp>\n\u003Cp>See the official \u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image\" rel=\"nofollow ugc\">Comment Image\u003C\u002Fa> page for more.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable readers to attach an image to their comments.",1000,40981,6,"2021-08-28T08:40:00.000Z","5.8.13","4.6","5.6",[54,19,55,56,22],"attachments","gif","images","http:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fcomment-image","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-image.1.2.3.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":78,"download_link":79,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"easygravatars","Easy Gravatars","1.3","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>This plugin allows you to automatically add Gravatars for commenters to your\u003Cbr \u002F>\ntheme, if your theme does not already support them.\u003C\u002Fp>\n\u003Cp>According to the Gravatar.com website, Gravatars are Globally Recognized\u003Cbr \u002F>\nAvatars, or an “avatar image that follows you from weblog to weblog\u003Cbr \u002F>\nappearing beside your name when you comment on gravatar enabled sites.”\u003Cbr \u002F>\nYou register with the Gravatar server, and upload an image which you will\u003Cbr \u002F>\nuse as your avatar. The gravatar image is keyed to your email address, so\u003Cbr \u002F>\nthat it is unique to you.\u003C\u002Fp>\n\u003Cp>This plugin will display gravatars for the people who comment on your posts.\u003Cbr \u002F>\nYou do not need to modify any of your template files — just activate the\u003Cbr \u002F>\nplugin, and it will add gravatars to your comments template automatically.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Based on a code snippet from Matt Mullenweg:\u003Cbr \u002F>\n  http:\u002F\u002Fphotomatt.net\u002F2007\u002F10\u002F20\u002Fgravatar-enabled\u002F\u003Cbr \u002F>\n  http:\u002F\u002Fpastebin.ca\u002F743979\u003C\u002Fp>\n\u003Cp>Props to David Potter for pointing out that Gravatar normalizes email\u003Cbr \u002F>\naddresses to lowercase before hashing with MD5:\u003Cbr \u002F>\n  http:\u002F\u002Fdpotter.net\u002FTechnical\u002Findex.php\u002F2007\u002F10\u002F22\u002Fintegrating-gravatar-support\u002F\u003C\u002Fp>\n","Add Gravatars to your comments without modifying any template files. Just activate, and you're done!",200,64590,100,1,"2010-01-14T15:36:00.000Z","3.0.5","2.0.4",[75,76,19,21,77],"avatar","avatars","gravatars","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Feasy-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.3.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":67,"downloaded":88,"rating":69,"num_ratings":32,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":96,"download_link":97,"security_score":69,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"top-commentators-widget","Top Commentators Widget","1.7","Lorna Timbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebgrrrl\u002F","\u003Cp>This plugin creates a widget to show the top commentators in your WP site. Always go back to the Widget settings after each version update to Save your settings. Demo can be found at http:\u002F\u002Fdemo.webgrrrl.net\u003C\u002Fp>\n\u003Cp>The Top Commentators Widget plugin is adapted from Show Top Commentators plugin at Personal Financial Advice, this widget is easier to manage via the control form (no need to edit the PHP file); additional options are also available to make it more flexible. Read the FAQ section on how to customize the widget. Read the Changelog as well as http:\u002F\u002Fwebgrrrl.net\u002Ftags\u002Ftcw for the latest news on this widget.\u003C\u002Fp>\n\u003Cp>This widget is extensively tested with the following settings: Google Chrome 13.0.782.215 m, PHP 5.2.13, Apache 2.2.15 (Win32), MySQL 5.0.51a, WordPress 3.2.1. Further testing and bug report on this widget is greatly welcomed and appreciated.\u003C\u002Fp>\n","Adds a sidebar widget to show the top commentators in your WP site. Demo: http:\u002F\u002Fdemo.webgrrrl.net",156008,"2025-12-20T13:00:00.000Z","6.6.5","2.8",[19,21,93,94,95],"seo","sidebar","widget","http:\u002F\u002Fwebgrrrl.net\u002Farchives\u002Fmy-top-commentators-widget-quick-dirty.htm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-commentators-widget.1.7.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":69,"downloaded":106,"rating":107,"num_ratings":48,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":117,"download_link":118,"security_score":119,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"polygon-recent-comments-with-avatar","Polygon Recent Comments With Avatar","1.0.4","polyxgo","https:\u002F\u002Fprofiles.wordpress.org\u002Fsanddesert88\u002F","\u003Cp>Display recent comments in the sidebar with user avatar\u002FGravatar support, styles, information, and an active scrollbar for handling numerous comments.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpolygon-recent-comments-with-avatar\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwikipoly.com\u002Fen\u002Fpoly-comments\u002F\" rel=\"nofollow ugc\">Support and request additional features as needed\u003C\u002Fa>\u003C\u002Fp>\n","Polygon Recent Comments With Avatar: Recent comments with avatar support, including Gravatar, date, username, user link, and scrollbar.",5262,94,"2024-05-24T22:52:00.000Z","6.5.8","4.1",[112,113,114,115,116],"display-recent-comments","recent-comment-with-author-gravatar","recent-comments","recent-comments-information","recent-comments-with-avatar","https:\u002F\u002Fpolyxgo.vn","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpolygon-recent-comments-with-avatar.1.0.4.zip",92,{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":69,"num_ratings":32,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":17,"tags":133,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"default-gravatar-sans","Default Gravatar Sans","1.1.2","raohmaru","https:\u002F\u002Fprofiles.wordpress.org\u002Fraohmaru\u002F","\u003Cp>Disables default Gravatar.com avatar and redirection to gravatar.com servers, and allows to define a local default avatar image for users without avatar in his profile.\u003C\u002Fp>\n\u003Ch3>1.1.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Compatible with WordPress 4.8.\u003C\u002Fli>\n\u003Cli>Support for high resolution avatar images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial release.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disables Gravatar.com avatar, and allows one local default avatar image for users without avatar in his profile.",50,4197,"2017-10-03T12:01:00.000Z","4.8.28","3.0",[75,19,21,134],"users","http:\u002F\u002Fraohmaru.com\u002Fblog\u002Fwordpress\u002Fdefault-gravatar-sans\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdefault-gravatar-sans.1.1.2.zip",{"attackSurface":138,"codeSignals":144,"taintFlows":155,"riskAssessment":156,"analyzedAt":166},{"hooks":139,"ajaxHandlers":140,"restRoutes":141,"shortcodes":142,"cronEvents":143,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":145,"sqlUsage":146,"outputEscaping":148,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":154},[],{"prepared":13,"raw":13,"locations":147},[],{"escaped":13,"rawEcho":70,"locations":149},[150],{"file":151,"line":152,"context":153},"favicons.php",17,"raw output",[],[],{"summary":157,"deductions":158},"The plugin 'favicon-images-for-comments' v1.0 exhibits a promising security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the code signals show a clean slate regarding dangerous functions and file operations, and all SQL queries are properly prepared. The lack of external HTTP requests also contributes positively to its security.\n\nHowever, a notable concern arises from the output escaping. With one output identified and none properly escaped, this indicates a potential for cross-site scripting (XSS) vulnerabilities if the data being output is user-controlled or derived from untrusted sources. The absence of nonce and capability checks across all entry points, while currently not exploitable due to a zero attack surface, represents a future risk if functionality is added without proper security considerations.\n\nThe plugin's vulnerability history is also clean, with no recorded CVEs. This, combined with the static analysis, suggests a well-developed or very simple plugin. The strengths lie in its minimal attack surface and secure handling of data operations like SQL. The primary weakness is the unescaped output, which should be addressed to prevent potential XSS flaws.",[159,162,164],{"reason":160,"points":161},"Unescaped output found",5,{"reason":163,"points":161},"No nonce checks on entry points",{"reason":165,"points":161},"No capability checks on entry points","2026-03-17T00:25:49.596Z",{"wat":168,"direct":173},{"assetPaths":169,"generatorPatterns":170,"scriptPaths":171,"versionParams":172},[],[],[],[],{"cssClasses":174,"htmlComments":175,"htmlAttributes":176,"restEndpoints":177,"jsGlobals":178,"shortcodeOutput":179},[],[],[],[],[],[180,181,182],"\u003Cimg src=\"http:\u002F\u002Fwww.google.com\u002Fs2\u002Ffavicons?domain=","width=\"16\"","height=\"16\""]