[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHEbXcbbYUemf9Lupa739-MoYLaiwAbUKmg8AnYWtK7s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":133,"fingerprints":202},"flexo-archives-widget","Flexo Archives","2.1.5","Heath Harrelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fheathharrelson\u002F","\u003Cp>This widget is designed to be a more compact alternative to the default archives widget supplied with WordPress. If you’ve been blogging regularly for several years, the archive list produced by the default widget grows to be quite long. If you use Flexo Archives instead, the list will be displayed as a much smaller list of years. When you click a year, it expands to show the months of that year when you posted. By default the expansion is animated.\u003C\u002Fp>\n\u003Cp>A standalone version that simply prints the HTML for the archive lists and attaches the JavaScript to normal pages is now provided for users who cannot use the widget.\u003C\u002Fp>\n\u003Cp>I am currently seeking translations of the plugin. If you would like to help by translating the plugin into your language, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Ftags\u002Fflexo-archives-widget\" rel=\"ugc\">please post to the support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Thanks to Dylan van der Heij for providing a Dutch translation.\u003C\u002Fp>\n","Displays your archives as a compact list of years that expands when clicked.",100,31770,80,8,"2011-07-18T20:21:00.000Z","3.2.1","2.7","",[20,21,22,23,24],"archive","archives","collapsible","collapsible-archive","sidebar","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fflexo-archives-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflexo-archives-widget.2.1.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"heathharrelson",1,30,84,"2026-04-05T17:30:42.859Z",[39,62,83,100,116],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":34,"unpatched_count":28,"last_vuln_date":61,"fetched_at":30},"collapsing-archives","Collapsing Archives","3.0.8","robfelty","https:\u002F\u002Fprofiles.wordpress.org\u002Frobfelty\u002F","\u003Cp>Create collapsible archives by year or month. Features include: link to archive pages, display of individual posts and support for custom post-types.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>I use this plugin in my blog at http:\u002F\u002Fblog.robfelty.com\u003C\u002Fp>\n","This plugin uses Javascript to dynamically expand or collapse the set of months for each year and posts for each month in the archive listing of your  …",3000,146200,82,21,"2026-02-12T03:41:00.000Z","6.9.4","2.8",[55,21,56,24,57],"accordion","collapse","widget","http:\u002F\u002Frobfelty.com\u002Fplugins\u002Fcollapsing-archives","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcollapsing-archives.3.0.8.zip",99,"2024-08-26 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":81,"download_link":82,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"expanding-archives","Expanding Archives","2.1.0","Ashley","https:\u002F\u002Fprofiles.wordpress.org\u002Fnosegraze\u002F","\u003Cp>Expanding Archives adds a widget that shows your old posts in an expandable\u002Fcollapsible format. Each post is categorized under its year and month, so you can expand all the posts in a given month and year.\u003C\u002Fp>\n\u003Cp>This plugin comes with very minimal CSS styling so you can easily customize it to match your design.\u003C\u002Fp>\n\u003Cp>JavaScript is required. No IE support.\u003C\u002Fp>\n","This plugin adds a new widget where you can view your old posts by expanding certain years and months.",2000,22798,94,6,"2024-03-23T14:55:00.000Z","6.4.8","3.0","7.4",[21,79,80,24,57],"navigation","posts","https:\u002F\u002Fshop.nosegraze.com\u002Fproduct\u002Fexpanding-archives\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpanding-archives.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":11,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":18,"tags":97,"homepage":98,"download_link":99,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"collapsible-archive-widget","Collapsible Archive Widget","2.3.1","Ady Romantika","https:\u002F\u002Fprofiles.wordpress.org\u002Fadywarna\u002F","\u003Cp>This simple plugin is a widget that displays a collapsible archives list in your widgetized sidebar by using JavaScripts. In version 2.0.0 script.aculo.us effects has been added as an option, utilizing the script.aculo.us files supplied with WordPress.\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Widget title: the title of the widget\u003C\u002Fli>\n\u003Cli>Show post counts for year: Whether or not to show the post number for each year\u003C\u002Fli>\n\u003Cli>Show post counts for month: Whether or not to show the post number for each month\u003C\u002Fli>\n\u003Cli>Abbreviate month names: Check this box to show abbreviation of month names\u003C\u002Fli>\n\u003Cli>Hide year from month names: Do not print year after month names\u003C\u002Fli>\n\u003Cli>Use script.aculo.us effects: Whether or not to show effects\u003C\u002Fli>\n\u003Cli>Expand effect: Effect to use when expanding the list\u003C\u002Fli>\n\u003Cli>Collapse effect: Effect to use when collapsing the list\u003C\u002Fli>\n\u003Cli>Expand the list by default: Check this box to have the list expanded when loaded\u003C\u002Fli>\n\u003Cli>Expand current year by default: Check this box to have the current year expanded when loaded\u003C\u002Fli>\n\u003Cli>Expand current month by default: Check this box to have the current month expanded when loaded\u003C\u002Fli>\n\u003Cli>Show individual posts: Show posts in the list. This should be used in extra caution; if you have a lot of posts consider disabling it as this will take time to load\u003C\u002Fli>\n\u003Cli>Use HTML arrows instead of images (► ▼) \u003C\u002Fli>\n\u003Cli>Show current month in bold: show current month in bold \u003C\u002Fli>\n\u003Cli>Show a link to plugin page. Thank you for your support! : Display a link to plugin page as a support method\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Add ability for multiple instances\u003C\u002Fli>\n\u003Cli>Add ability to work as non-widget\u003C\u002Fli>\n\u003Cli>Add ability to include \u002F exclude categories\u003C\u002Fli>\n\u003Cli>Expand previous month rather the current\u003C\u002Fli>\n\u003Cli>Research the practicality to use CSS \u002F allow CSS options\u003C\u002Fli>\n\u003Cli>List posts without year and month headers (for blogs with few posts)\u003C\u002Fli>\n\u003Cli>Do not list the posts that are listed on the main page\u003C\u002Fli>\n\u003C\u002Ful>\n","This simple plugin is a widget that displays a collapsible archives list in your widgetized sidebar by utilizing JavaScript.",200,19766,3,"2009-03-16T16:24:00.000Z","2.7.1","2.1",[20,56,22,23,57],"http:\u002F\u002Fwww.romantika.name\u002Fv2\u002Fwordpress-plugin-collapsible-archive-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcollapsible-archive-widget.2.3.1.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":13,"downloaded":108,"rating":11,"num_ratings":109,"last_updated":110,"tested_up_to":52,"requires_at_least":76,"requires_php":18,"tags":111,"homepage":114,"download_link":115,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"monthchunks","Monthchunks","3.1.2","Justin Watt","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustincwatt\u002F","\u003Cp>Display monthly archives by year with links to each month in the following compact format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>2012\n1 2 3 4 5 6 7 8 9\n\n2011\n1 2 3 4 5 6 7 8 9 10 11 12\n\n2010\n6 7 8 9 10 11 12\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Serves as a drop in replacement for \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_get_archives\" rel=\"nofollow ugc\">\u003Ccode>wp_get_archives( array( 'type' => 'monthly' ) );\u003C\u002Fcode>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you’re interested in contributing to the code behind this plugin, it’s also hosted on GitHub:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fjustincwatt\u002Fwp-monthchunks\u003C\u002Fp>\n","Concisely display monthly archives by year with links to each month.",3946,2,"2026-01-04T17:13:00.000Z",[20,21,24,112,113],"template-tag","wp_get_archives","http:\u002F\u002Fjustinsomnia.org\u002F2005\u002F04\u002Fmonthchunks-howto\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmonthchunks.3.1.2.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":35,"downloaded":124,"rating":11,"num_ratings":34,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":131,"download_link":132,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"arcw-popover-addon","ARCW Popover Addon","0.1.4","alek","https:\u002F\u002Fprofiles.wordpress.org\u002Falekart\u002F","\u003Cp>\u003Cem>Shows a popover with list of links to the posts of the month\u002Fday.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Compatible with \u003Cstrong>ARCW 1.0.9+\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This will not work if you don’t have Archives Calendar Widget installed\u002Factivated.\u003Cbr \u002F>\nGet it here : \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Farchives-calendar-widget\u002F\" rel=\"ugc\">Archives Calendar Widget\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>There is no any settings, just install and activate.\u003C\u002Fp>\n\u003Ch4>Notes\u003C\u002Fh4>\n\u003Cp>Please use the Support section to report issues.\u003C\u002Fp>\n","Popover Addon for Archives Calendar Widget",2777,"2016-08-16T22:31:00.000Z","4.6.30","4.0",[21,129,24,130,57],"calendar","view","http:\u002F\u002Flabs.alek.be\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farcw-popover-addon.0.1.4.zip",{"attackSurface":134,"codeSignals":156,"taintFlows":195,"riskAssessment":196,"analyzedAt":201},{"hooks":135,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":28,"unprotectedCount":28},[136,142,144,148],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","init","load_translations","flexo_archives_widget.php",79,{"type":137,"name":138,"callback":143,"file":140,"line":27},"enqueue_standalone_scripts",{"type":137,"name":145,"callback":146,"file":140,"line":147},"admin_menu","options_menu_item",86,{"type":137,"name":149,"callback":150,"file":140,"line":151},"widgets_init","widget_init",88,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":28,"externalRequests":28,"nonceChecks":109,"capabilityChecks":34,"bundledLibraries":194},[],{"prepared":109,"raw":28,"locations":159},[],{"escaped":28,"rawEcho":161,"locations":162},16,[163,166,168,170,172,174,176,178,179,181,182,184,186,188,190,192],{"file":140,"line":164,"context":165},412,"raw output",{"file":140,"line":167,"context":165},413,{"file":140,"line":169,"context":165},414,{"file":140,"line":171,"context":165},415,{"file":140,"line":173,"context":165},427,{"file":140,"line":175,"context":165},428,{"file":140,"line":177,"context":165},479,{"file":140,"line":177,"context":165},{"file":140,"line":180,"context":165},480,{"file":140,"line":180,"context":165},{"file":140,"line":183,"context":165},481,{"file":140,"line":185,"context":165},686,{"file":140,"line":187,"context":165},687,{"file":140,"line":189,"context":165},690,{"file":140,"line":191,"context":165},693,{"file":140,"line":193,"context":165},794,[],[],{"summary":197,"deductions":198},"The plugin \"flexo-archives-widget\" v2.1.5 exhibits a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the fact that all SQL queries utilize prepared statements and there are no file operations or external HTTP requests are strong indicators of secure coding practices. The presence of nonce and capability checks, although limited, also contributes to its security.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 16 total outputs and 0% properly escaped, this plugin is highly vulnerable to Cross-Site Scripting (XSS) attacks. Any data displayed to users, especially if it originates from user input or external sources (even if not directly evident in the static analysis), could be exploited to inject malicious scripts. The taint analysis showing no flows is a positive sign, but it might be due to the limited scope of analysis or the absence of complex data handling that would trigger taint detection. The vulnerability history being clean is excellent, but it doesn't negate the immediate risks identified in the code analysis.\n\nIn conclusion, while the plugin avoids common pitfalls like unpatched vulnerabilities and direct SQL injection through prepared statements, the unescaped output represents a critical security flaw that needs immediate attention. The plugin's limited attack surface is a strength, but the lack of output sanitization is a significant weakness that could expose users to severe XSS vulnerabilities.",[199],{"reason":200,"points":161},"100% of outputs are not properly escaped","2026-03-16T21:03:06.668Z",{"wat":203,"direct":214},{"assetPaths":204,"generatorPatterns":208,"scriptPaths":209,"versionParams":210},[205,206,207],"\u002Fwp-content\u002Fplugins\u002Fflexo-archives-widget\u002Fflexo-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fflexo-archives-widget\u002Fflexo.js","\u002Fwp-content\u002Fplugins\u002Fflexo-archives-widget\u002Fflexo-anim.js",[],[206,207],[211,212,213],"flexo-archives-widget\u002Fflexo-admin-style.css?ver=","flexo-archives-widget\u002Fflexo.js?ver=","flexo-archives-widget\u002Fflexo-anim.js?ver=",{"cssClasses":215,"htmlComments":216,"htmlAttributes":217,"restEndpoints":218,"jsGlobals":219,"shortcodeOutput":220},[],[],[],[],[],[]]