[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdUXd19EyFTW_2Dpb4Ufc29ogmZ4_yWk903DRXBSDmQ8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":138,"fingerprints":213},"favicon-notifications","Favicon Notifications","0.3","dilana","https:\u002F\u002Fprofiles.wordpress.org\u002Fdilana87\u002F","\u003Cp>This pugin animates your favicon with animated badges. It shows the number of unread posts since your last visit on your site’s favicon.\u003C\u002Fp>\n\u003Cp>Based on favico.js script ( see http:\u002F\u002Flab.ejci.net\u002Ffavico.js\u002F ).\u003C\u002Fp>\n\u003Cp>Whats new:\u003C\u002Fp>\n\u003Col>\n\u003Cli>4 types of animations\u003C\u002Fli>\n\u003Cli>Color settings\u003C\u002Fli>\n\u003Cli>Shape settings\u003C\u002Fli>\n\u003Cli>Select a time period for the new posts\u003C\u002Fli>\n\u003Cli>Select a time period for the favicon update\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Animate your favicon with animated notification badge.",10,3452,100,1,"2014-01-18T21:11:00.000Z","3.7.41","3.0.1","",[20,21,22,23,24],"badge","favicon","notifications","posts","visitor","http:\u002F\u002Fwww.dilana.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffavicon-notifications.zip",85,0,null,"2026-03-15T14:54:45.397Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"dilana87",30,84,"2026-04-05T09:46:57.467Z",[38,60,83,101,120],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":59},"wptelegram","WP Telegram (Auto Post and Notifications)","4.2.15","WP Socio","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsocio\u002F","\u003Cp>Integrate your WordPress site perfectly with Telegram with full control.\u003C\u002Fp>\n\u003Ch3>Modules\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>1. Post to Telegram\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📝 Send posts automatically to Telegram when published or updated\u003C\u002Fli>\n\u003Cli>📢 You can send to a Telegram Channel, Group, Supergroup or private chat\u003C\u002Fli>\n\u003Cli>👥 Supports multiple Channels\u002Fchats\u003C\u002Fli>\n\u003Cli>🙂 Has Message Template composer with Emojis\u003C\u002Fli>\n\u003Cli>⏳ Supports Conditional logic inside Message Template\u003C\u002Fli>\n\u003Cli>🖼 Supports sending featured image along with the text\u003C\u002Fli>\n\u003Cli>🏞 You can choose to send only the Featured Image\u003C\u002Fli>\n\u003Cli>⏱ Supports scheduled (future) posts\u003C\u002Fli>\n\u003Cli>🕰 Messages can be delayed by a specific interval\u003C\u002Fli>\n\u003Cli>⬜️ You can add an Inline button for the post URL\u003C\u002Fli>\n\u003Cli>🛒 Supports WooCommerce products and other Custom Post Types\u003C\u002Fli>\n\u003Cli>✒️ Direct Support for sending Custom Fields\u003C\u002Fli>\n\u003Cli>🗃 You can send Custom Taxonomy Terms\u003C\u002Fli>\n\u003Cli>📋 You can select the post types to be sent\u003C\u002Fli>\n\u003Cli>⏲ You can choose when to send (New and\u002For existing posts)\u003C\u002Fli>\n\u003Cli>🎛 Make use of Custom Rules to filter posts by authors, categories, tags, post formats or custom taxonomy terms\u003C\u002Fli>\n\u003Cli>🎚 You can override the default settings on post edit page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwptelegram.pro\" rel=\"nofollow ugc\">WP Telegram Pro\u003C\u002Fa> supports multiple channels based upon category\u002Ftag\u002Fauthor\u002Fpost type etc. and also supports unlimited Reaction buttons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Private Notifications\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📧 Get your email notifications on Telegram\u003C\u002Fli>\n\u003Cli>🔔 Supports \u003Cstrong>WooCommerce\u003C\u002Fstrong> order notifications, \u003Cstrong>Contact Form 7\u003C\u002Fstrong> and other plugin notifications\u003C\u002Fli>\n\u003Cli>🔕 Allow users to receive their email notifications on Telegram\u003C\u002Fli>\n\u003Cli>🔐 Integrated with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwptelegram-login\" rel=\"ugc\">WP Telegram Login\u003C\u002Fa> to let users connect their Telegram.\u003C\u002Fli>\n\u003Cli>🖊 Users can also enter their Telegram Chat ID manually on page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>3. Proxy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🚫 If your host blocks Telegram, you can use this module\u003C\u002Fli>\n\u003Cli>✅ Bypass the ban on Telegram by making use of proxy\u003C\u002Fli>\n\u003Cli>🚀 Supports \u003Cstrong>Cloudflare worker as proxy\u003C\u002Fstrong> which supports file upload\u003C\u002Fli>\n\u003Cli>😍 Option to use custom \u003Cstrong>Google Script as proxy\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>❇️ Supports all proxies supported by PHP\u003C\u002Fli>\n\u003Cli>🔛 You can select Proxy type – HTTP, SOCKS4, SOCKS4A, SOCKS5, SOCKS5_HOSTNAME\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Excellent LIVE Support on Telegram\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Easy to install and set up for the admin\u003C\u002Fli>\n\u003Cli>Fully customizable with actions and filters\u003C\u002Fli>\n\u003Cli>Can be extended with custom code\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Getting Started | Post to Telegram\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fm48V-gWz9-o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>WooCommerce, CF7 etc. Notifications\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgVJCtwkorMA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Contribution\u003C\u002Fh3>\n\u003Cp>Development takes place in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpsocio\u002Fwp-projects\" rel=\"nofollow ugc\">Github monorepo\u003C\u002Fa>, and all contributions welcome.\u003C\u002Fp>\n\u003Ch3>Excellent LIVE Support on Telegram\u003C\u002Fh3>\n\u003Ch4>Join the Chat\u003C\u002Fh4>\n\u003Cp>We have a public group on Telegram to provide help setting up the plugin, discuss issues, features, translations etc. Join \u003Ca href=\"https:\u002F\u002Ft.me\u002FWPTelegramChat\" rel=\"nofollow ugc\">@WPTelegramChat\u003C\u002Fa>\u003Cbr \u002F>\nFor rules, see the pinned message. No spam please.\u003C\u002Fp>\n\u003Ch4>Get in touch\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Website \u003Ca href=\"https:\u002F\u002Fwpsocio.com\" rel=\"nofollow ugc\">wpsocio.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Telegram \u003Ca href=\"https:\u002F\u002Ft.me\u002FWPTelegram\" rel=\"nofollow ugc\">@WPTelegram\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Facebook \u003Ca href=\"https:\u002F\u002Ffb.com\u002FWPTelegram\" rel=\"nofollow ugc\">@WPTelegram\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FWPTelegram\" rel=\"nofollow ugc\">@WPTelegram\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Pro\u003C\u002Fh4>\n\u003Cp>WP Telegram Pro comes with more powerful features to give you more control. \u003Ca href=\"https:\u002F\u002Fwptelegram.pro\" rel=\"nofollow ugc\">Upgrade NOW\u003C\u002Fa>\u003C\u002Fp>\n","Integrate your WordPress site perfectly with Telegram with full control.",30000,1248809,425,"2026-02-14T15:23:00.000Z","6.9.4","6.6","8.0",[54,55,22,23,56],"channel","group","telegram","https:\u002F\u002Ft.me\u002FWPTelegram","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwptelegram.4.2.15.zip","2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":81,"download_link":82,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":59},"gabfire-widget-pack","Gabfire Widget Pack","1.4.14","Gabfire","https:\u002F\u002Fprofiles.wordpress.org\u002Fgabfire\u002F","\u003Cp>The Gabfire Widget Pack is a feature-packed plugin that adds the most commonly used widgets to your site. Rather than having to download several plugins by various authors, this plugin bundles together the most popular widgets.\u003C\u002Fp>\n\u003Cp>It is maintained by the folks over at http:\u002F\u002Fwww.gabfirethemes.com\u003C\u002Fp>\n\u003Cp>Below are the steps required to install, activate, and configure the Gabfire Widget Pack.\u003C\u002Fp>\n\u003Ch4>Widget: Video Slider\u003C\u002Fh4>\n\u003Cp>Get most recent videos addedto your site and display it in a widget zone with a nicely formed slider\u003C\u002Fp>\n\u003Ch4>Widget: Simple Banner\u003C\u002Fh4>\n\u003Cp>A very easy way to add banners into widget zones.\u003C\u002Fp>\n\u003Ch4>Widget: Archive Search\u003C\u002Fh4>\n\u003Cp>Give your users the option to search to their heart’s content. This powerful widget provides 3 methods to search:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>By Archive Month\u003C\u002Fli>\n\u003Cli>By Category\u003C\u002Fli>\n\u003Cli>By Keyword using Google Search\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is great widget for content-heavy sites.\u003C\u002Fp>\n\u003Ch4>Widget: Search\u003C\u002Fh4>\n\u003Cp>Your visitors need a search function to explore your site. Luckily, this widget gives you two functional styles to choose from that can be placed into any widget zone.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set your label\u003C\u002Fli>\n\u003Cli>Set your style and background\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Search is not dead!\u003C\u002Fp>\n\u003Ch4>Widget: Post Tabs\u003C\u002Fh4>\n\u003Cp>A sleek Ajax tabs widget that offers a convenient way to showcase your content. You can choose from 3 types of tabs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recent Posts\u003C\u002Fli>\n\u003Cli>Recent Comments\u003C\u002Fli>\n\u003Cli>Popular Posts (based on tags)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, the Post Tabs widget offers a light and dark color scheme, ability to show post meta details and avatars, and choose the number of posts to display.\u003C\u002Fp>\n\u003Ch4>Widget: Author Badge\u003C\u002Fh4>\n\u003Cp>Give credit where it’s due with this unique Author Badge that showcases the following details neatly: author’s bio, a link to their posts, as well as their social media pages.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author’s Bio\u003C\u002Fli>\n\u003Cli>Author’s Gravatar (if any)\u003C\u002Fli>\n\u003Cli>Author’s social media links\u003C\u002Fli>\n\u003Cli>Link to Author’s Posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Author badge shows at single post and author pages only. This badge will not shown if Author bio is left empty. Go to User profile page to enter Facebook, Twitter, Google+, and Author website URL details.\u003C\u002Fp>\n\u003Ch4>Widget: Related Posts\u003C\u002Fh4>\n\u003Cp>Enhance your site’s page views by adding related posts to your articles. This widget uses tags to identify related posts and provides you the option to display them with thumbnails, or as a list.\u003C\u002Fp>\n\u003Ch4>Widget: Text+ Widget\u003C\u002Fh4>\n\u003Cp>A slight twist on the original. This text widget gives you the ability to have an icon and button that links to any post or page of your choice.\u003C\u002Fp>\n\u003Cp>For more details, visit \u003Ca href=\"http:\u002F\u002Fwww.gabfirethemes.com\" title=\"Best WordPress Themes\" rel=\"nofollow ugc\">Gabfire Themes\u003C\u002Fa>.\u003C\u002Fp>\n","The Gabfire Widget Pack contains over a dozen useful widgets to extend your WordPress site. It is a free plugin that will work with ANY theme.",700,96102,88,13,"2021-02-15T22:57:00.000Z","5.6.17","5.1",[76,77,78,79,80],"about-us","author-badge","post-tabs","related-posts","text-widget","https:\u002F\u002Fwww.gabfire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgabfire-widget-pack.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":91,"num_ratings":14,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":18,"tags":96,"homepage":18,"download_link":100,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":59},"contributor-notifications","Contributor Notifications","0.5","Web Guy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebguyio\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwebguyio\u002Fsupport\" rel=\"nofollow ugc\">💬 Ask Question\u003C\u002Fa> | \u003Ca href=\"mailto:webguywork@gmail.com\" rel=\"nofollow ugc\">📧 Email Me\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>An incredibly simple and lightweight solution for alerting you of new pending posts from contributors and alerting contributors when their submissions are either approved or declined.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sends email to admin if new post pending\u003C\u002Fli>\n\u003Cli>Sends email to author if pending post approved\u003C\u002Fli>\n\u003Cli>Sends email to author if pending post declined\u003C\u002Fli>\n\u003C\u002Ful>\n","An incredibly simple and lightweight solution for alerting you of new pending posts from contributors and alerting contributors when their submissions &hellip;",80,2050,"2026-01-21T13:39:00.000Z","6.8.5","5.0",[97,98,22,99,23],"contributors","emails","pending","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontributor-notifications.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":13,"num_ratings":14,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":18,"download_link":119,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":59},"posts-visitors","Posts Visitors","1.0.0","Huda Medoukh","https:\u002F\u002Fprofiles.wordpress.org\u002Fhudamedoukh\u002F","\u003Cp>plugin counts the number of visitors to the posts and displays the counter in the posts, you can choose the text label of the counter,\u003Cbr \u002F>\n also, you can choose the icon of the posts visitors counter and change the color of it, in case you want to have full control of the position of the counter you can use the shortcode of the plugin.\u003C\u002Fp>\n","A plugin allows you to display how many times the post had been visited.",40,1287,"2022-05-11T20:34:00.000Z","5.9.13","5.5","7.4",[116,23,102,117,118],"count","views","visitors","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-visitors.1.0.0.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":11,"downloaded":128,"rating":13,"num_ratings":14,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":18,"download_link":137,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":59},"home-badges","Home Badges","0.6","Global","https:\u002F\u002Fprofiles.wordpress.org\u002Fglobal_1981\u002F","\u003Cp>Quickly access your Blog and Home page in the WordPress Admin.\u003Cbr \u002F>\nAdds a quick link in the Pages menu and Badges on the Manage Pages screen.\u003C\u002Fp>\n\u003Ch4>Improve on a common practice\u003C\u002Fh4>\n\u003Cp>Static front pages (set in WordPress Admin > Settings > Reading > Front Page Displays) are quite common for non blog-centric websites. Often for SEO purposes the page title for the home page isn’t ‘Home’ – which can make finding it amongst the site’s many pages a bit of a hassle.\u003C\u002Fp>\n\u003Ch4>Quick links\u003C\u002Fh4>\n\u003Cp>The Pages menu item has, by default, two links – All Pages and Add New. Additional links will be added if a static front page and posts page has been set, allowing users to access these pages in one click from the dashboard.\u003C\u002Fp>\n\u003Ch4>Elegant Icons\u003C\u002Fh4>\n\u003Cp>Home Badges displays elegant icons that resemble the native user interface to identify the front and posts page on the manage pages screen.\u003C\u002Fp>\n\u003Ch4>Efficient & Minimal implementation\u003C\u002Fh4>\n\u003Cp>No configuration required\u003C\u002Fp>\n","Quickly access your Blog and Home page in the Wordpress Admin.",1791,"2013-04-14T09:25:00.000Z","3.5.2","2.9.1",[133,121,134,135,136],"front-page","home-icons","icons","posts-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhome-badges.zip",{"attackSurface":139,"codeSignals":189,"taintFlows":201,"riskAssessment":202,"analyzedAt":212},{"hooks":140,"ajaxHandlers":176,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":188,"unprotectedCount":188},[141,147,153,158,162,166,168,172],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","plugins_loaded","favUpdateDbCheck","favicon-notifications.php",106,{"type":148,"name":149,"callback":150,"file":151,"line":152},"filter","the_content","favGetContentId","favicon-track.php",39,{"type":142,"name":154,"callback":155,"file":156,"line":157},"wp_enqueue_scripts","wpEnqueueScripts","set.php",11,{"type":142,"name":159,"callback":160,"file":156,"line":161},"admin_enqueue_scripts","wpEnqueueAdminScripts",14,{"type":142,"name":163,"callback":164,"file":156,"line":165},"admin_print_styles","wpEnqueueAdminStyles",17,{"type":142,"name":154,"callback":164,"file":156,"line":167},18,{"type":142,"name":169,"callback":170,"file":171,"line":161},"admin_menu","addPluginPage","settings.php",{"type":142,"name":173,"callback":174,"file":171,"line":175},"admin_init","pageInit",15,[177,183],{"action":178,"nopriv":179,"callback":180,"hasNonce":181,"hasCapCheck":181,"file":156,"line":182},"ajax_favicon",true,"ajaxFavicon",false,20,{"action":178,"nopriv":181,"callback":180,"hasNonce":181,"hasCapCheck":181,"file":156,"line":184},21,[],[],[],2,{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":193,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":200},[],{"prepared":167,"raw":28,"locations":192},[],{"escaped":194,"rawEcho":14,"locations":195},7,[196],{"file":197,"line":198,"context":199},"ajax-favicon.php",58,"raw output",[],[],{"summary":203,"deductions":204},"The \"favicon-notifications\" plugin v0.3 exhibits a concerning security posture due to its unprotected AJAX handlers. While the plugin demonstrates good practices in using prepared statements for all SQL queries and a high percentage of properly escaped output, the lack of authentication checks on its two AJAX entry points presents a significant risk. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure.\n\nThe static analysis reveals no dangerous functions, file operations, or external HTTP requests, which are positive signs. The absence of critical or high severity taint flows is also reassuring. However, the complete lack of nonce checks and only one instance of a capability check, coupled with the unprotected AJAX handlers, indicates a potential for Cross-Site Request Forgery (CSRF) attacks or unauthorized actions by malicious actors.\n\nThe plugin's vulnerability history is clean, with no recorded CVEs. This suggests that in the past, the plugin has not had publicly disclosed security flaws. This clean history, combined with the strong SQL practices, implies a developer who may be attentive to some security aspects. Nevertheless, the immediate and evident risks from the unprotected AJAX handlers cannot be overlooked. The plugin's overall security is weakened by these critical entry points lacking proper authorization.",[205,207,209],{"reason":206,"points":11},"2 AJAX handlers without auth checks",{"reason":208,"points":194},"0 Nonce checks",{"reason":210,"points":211},"1 Capability check (low coverage)",3,"2026-03-16T23:39:57.990Z",{"wat":214,"direct":229},{"assetPaths":215,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[216,217,218,219,220],"\u002Fwp-content\u002Fplugins\u002Ffavicon-notifications\u002Fjs\u002Ffavico.js","\u002Fwp-content\u002Fplugins\u002Ffavicon-notifications\u002Fjs\u002Ffavicon.js","\u002Fwp-content\u002Fplugins\u002Ffavicon-notifications\u002Fjs\u002Fcolpick.js","\u002Fwp-content\u002Fplugins\u002Ffavicon-notifications\u002Fjs\u002Fadmin-favico.js","\u002Fwp-content\u002Fplugins\u002Ffavicon-notifications\u002Fcss\u002Fcolpick.css",[],[216,217,218,219],[224,225,226,227,228],"favicon-notifications\u002Fjs\u002Ffavico.js?ver=","favicon-notifications\u002Fjs\u002Ffavicon.js?ver=","favicon-notifications\u002Fjs\u002Fcolpick.js?ver=","favicon-notifications\u002Fjs\u002Fadmin-favico.js?ver=","favicon-notifications\u002Fcss\u002Fcolpick.css",{"cssClasses":230,"htmlComments":231,"htmlAttributes":232,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":236},[],[],[],[],[235],"wp_favicon",[]]