[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbya9-HNue0hJggdIIXinS1B1abn42w-m4s96NbrJ0dQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":114,"fingerprints":178},"funny-photos","Funny Photos","2.9","PResponsive","https:\u002F\u002Fprofiles.wordpress.org\u002Fallis741\u002F","\u003Cp>Plugin “Funny Photos” displays Funny photos on your blog.\u003Cbr \u002F>\nThere are over 5,000 photos.\u003Cbr \u002F>\nAdd Funny Photos to your sidebar on your blog using  a widget.\u003Cbr \u002F>\nPhotos are saved on our database, so you don’t need to have space for all that information.\u003C\u002Fp>\n","Plugin \"Funny Photos\" displays Best photos of the day and Funny photos on your blog. There are over 5,000 photos.",10,7582,20,1,"2015-02-28T18:18:00.000Z","4.1.42","3.0","",[20,4,21,22,23],"funny-jokes","funny-video","jokes","widget","http:\u002F\u002Fwww.premiumresponsive.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffunny-photos.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"allis741",4,40,30,84,"2026-04-04T18:40:58.610Z",[39,50,66,84,95],{"slug":40,"name":41,"version":17,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":27,"num_ratings":27,"last_updated":45,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":46,"homepage":24,"download_link":49,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"joke-of-the-day","Joke of the Day","\u003Cp>Plugin “Joke of the Day” displays categorized jokes on your blog. There are over 40,000 jokes in 40 categories. Jokes are saved on our database, so you don’t need to have space for all that information.\u003C\u002Fp>\n","Plugin \"Joke of the Day\" displays jokes on your blog. There are over 40,000 jokes in 40 categories.",10249,"2015-02-28T18:10:00.000Z",[47,21,48,22,23],"funny","joke","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjoke-of-the-day.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":11,"downloaded":58,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":59,"requires_at_least":60,"requires_php":18,"tags":61,"homepage":62,"download_link":63,"security_score":64,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":65},"joke-of-the-day-advanced","Joke of the Day Advanced","1.2","Andy","https:\u002F\u002Fprofiles.wordpress.org\u002Fandycorm\u002F","\u003Cp>Places a Joke of the Day widget on your WordPress blog. Features include the ability to only show jokes containing a particular keyword, a switch between ‘clean’ or ‘dirty’ jokes, as well as an option to change the current joke early if you get tired of it. Jokes are loaded via ajax from \u003Ca href=\"http:\u002F\u002Fwww.joke-db.com\u002F\" rel=\"nofollow ugc\">The Internet Joke Database\u003C\u002Fa>, so your page will never be slowed due to loading jokes.\u003C\u002Fp>\n","Freshen up your WordPress site with a new joke every day.",4004,"3.4.2","2.0.2",[47,20,48,22,23],"http:\u002F\u002Fwww.joke-db.com\u002Fwidgets\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjoke-of-the-day-advanced.zip",100,"2026-03-15T10:48:56.248Z",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":11,"downloaded":74,"rating":27,"num_ratings":27,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":18,"tags":78,"homepage":82,"download_link":83,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"chuck-norris-joke-widget","Chuck Norris Jokes Widget","0.7.1","maarten.decat","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaartendecat\u002F","\u003Cp>This plugin adds a small WordPress widget that shows a random Chuck Norris joke on your blog.\u003Cbr \u002F>\nThese jokes are taken from a database on icndb.com.\u003Cbr \u002F>\nFor personalized Chuck Norris jokes starring yourself, please refer to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpersonalized-chuck-norris-joke-widget\u002F\" title=\"Personalized Chuck Norris Jokes Widget\" rel=\"ugc\">Personalized Chuck Norris Jokes Widget\u003C\u002Fa>.\u003C\u002Fp>\n","Shows a random Chuck Norris joke on your blog. For personalized Chuck Norris jokes starring yourself, please refer to the Personalized Chuck Norris Jo …",3386,"2015-08-20T18:45:00.000Z","4.3.34","2.8",[79,80,22,81,23],"chuck-norris","fun","sidebar","http:\u002F\u002Fmaartendecat.be\u002Fchuck-norris-jokes-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchuck-norris-joke-widget.0.7.1.zip",{"slug":85,"name":86,"version":69,"author":70,"author_profile":71,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":27,"num_ratings":27,"last_updated":90,"tested_up_to":76,"requires_at_least":77,"requires_php":18,"tags":91,"homepage":92,"download_link":93,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":94},"personalized-chuck-norris-joke-widget","Personalized Chuck Norris Jokes Widget","\u003Cp>This plugin adds a small WordPress widget that shows a random personalized Chuck Norris joke on your blog, starring yourself.\u003Cbr \u002F>\nThese jokes are taken from a database on icndb.com.\u003Cbr \u002F>\nFor regular Chuck Norris jokes, please refer to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fchuck-norris-joke-widget\u002F\" title=\"Chuck Norris Jokes Widget\" rel=\"ugc\">Chuck Norris Jokes Widget\u003C\u002Fa>.\u003C\u002Fp>\n","Shows a random personalized Chuck Norris joke on your blog, starring yourself. For regular Chuck Norris jokes, please refer to the Chuck Norris Jokes  …",2679,"2015-08-20T18:44:00.000Z",[79,80,22,81,23],"http:\u002F\u002Fwww.icndb.com\u002Fon-your-website\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpersonalized-chuck-norris-joke-widget.0.7.1.zip","2026-03-15T14:54:45.397Z",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":27,"downloaded":103,"rating":27,"num_ratings":27,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":112,"download_link":113,"security_score":64,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":94},"groandeck-dad-jokes","GroanDeck Dad Jokes","1.0.0","GroanDeck","https:\u002F\u002Fprofiles.wordpress.org\u002Fgroandeck\u002F","\u003Cp>Add a dad joke widget to your WordPress site in seconds. The widget displays a random joke from GroanDeck’s collection of 2,000+ clean, family-friendly dad jokes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fresh joke on every page load\u003C\u002Fli>\n\u003Cli>“Next joke” button for endless entertainment\u003C\u002Fli>\n\u003Cli>Light and dark themes\u003C\u002Fli>\n\u003Cli>Filter by category (animals, food, science, work, and more)\u003C\u002Fli>\n\u003Cli>Gutenberg block + classic shortcode\u003C\u002Fli>\n\u003Cli>Lightweight — under 4 KB\u003C\u002Fli>\n\u003Cli>No API key required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Use the Gutenberg block (search for “GroanDeck”) or the shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[groandeck]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>With options:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[groandeck theme=\"dark\" category=\"animals\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Categories available:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>animals, back-to-school, books, cars, christmas, clothing, coffee, construction, easter, family, food, gardening, halloween, history, love, math, medical, money, music, nature, ocean, one-liners, puns, school, science, space, sports, technology, thanksgiving, travel, valentines, work.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin relies on the GroanDeck service (https:\u002F\u002Fgroandeck.com) to display dad jokes.\u003C\u002Fp>\n\u003Ch4>What the service does\u003C\u002Fh4>\n\u003Cp>GroanDeck provides a free API and embeddable widget that serves random dad jokes.\u003C\u002Fp>\n\u003Ch4>How the plugin uses it\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>On every page load where the widget is placed, the plugin loads a JavaScript file from \u003Ccode>https:\u002F\u002Fgroandeck.com\u002Fwidget.js\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>That script fetches a random joke from the GroanDeck API (\u003Ccode>https:\u002F\u002Fgroandeck.com\u002Fapi\u002Fv1\u002Frandom\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>When a visitor clicks “Next joke”, the script fetches another joke from the same API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What data is sent\u003C\u002Fh4>\n\u003Cp>Standard HTTP request data (IP address, user agent, referrer) is sent with each API call. No personal data, cookies, or tracking identifiers are transmitted.\u003C\u002Fp>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Service: \u003Ca href=\"https:\u002F\u002Fgroandeck.com\" rel=\"nofollow ugc\">https:\u002F\u002Fgroandeck.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Terms of Service: \u003Ca href=\"https:\u002F\u002Fgroandeck.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fgroandeck.com\u002Fterms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Privacy Policy: \u003Ca href=\"https:\u002F\u002Fgroandeck.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fgroandeck.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Embed a dad joke widget on any page or post. Fresh joke on every page load with a \"Next joke\" button.",115,"2026-02-18T20:22:00.000Z","6.9.4","5.0","7.0",[109,110,111,22,23],"dad-jokes","embed","humor","https:\u002F\u002Fgroandeck.com\u002Fdevelopers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgroandeck-dad-jokes.1.0.0.zip",{"attackSurface":115,"codeSignals":141,"taintFlows":166,"riskAssessment":167,"analyzedAt":177},{"hooks":116,"ajaxHandlers":137,"restRoutes":138,"shortcodes":139,"cronEvents":140,"entryPointCount":27,"unprotectedCount":27},[117,123,127,132],{"type":118,"name":119,"callback":120,"file":121,"line":122},"action","plugins_loaded","Funny_photos_widget_Init","funny-photos.php",22,{"type":118,"name":124,"callback":125,"file":121,"line":126},"admin_menu","Funny_photos_menu",24,{"type":128,"name":129,"callback":130,"priority":11,"file":121,"line":131},"filter","plugin_action_links","Funny_photos_ActionLink",98,{"type":128,"name":133,"callback":134,"priority":135,"file":121,"line":136},"the_content","Funny_photos_content",48,109,[],[],[],[],{"dangerousFunctions":142,"sqlUsage":143,"outputEscaping":145,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":165},[],{"prepared":27,"raw":27,"locations":144},[],{"escaped":27,"rawEcho":146,"locations":147},8,[148,151,153,155,157,159,161,163],{"file":121,"line":149,"context":150},62,"raw output",{"file":121,"line":152,"context":150},63,{"file":121,"line":154,"context":150},64,{"file":121,"line":156,"context":150},65,{"file":121,"line":158,"context":150},90,{"file":121,"line":160,"context":150},92,{"file":121,"line":162,"context":150},178,{"file":121,"line":164,"context":150},180,[],[],{"summary":168,"deductions":169},"The \"funny-photos\" plugin v2.9 exhibits a concerning security posture despite a lack of recorded vulnerabilities.  The static analysis reveals a complete absence of documented entry points (AJAX, REST API, shortcodes, cron), which is generally a positive indicator. However, the alarming finding is that 100% of the observed output operations are not properly escaped. This presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data could be injected and executed within the browser. The absence of capability checks and nonce checks on any potential, albeit undocumented, entry points further compounds this risk, as it implies that even if interactions are discovered, they might be vulnerable to unauthorized execution.  The plugin's vulnerability history is clean, with no recorded CVEs, which could suggest either diligent security practices or a lack of thorough security auditing.  The lack of dangerous functions, SQL injection risks, file operations, and external HTTP requests are strengths. However, the unescaped output is a critical weakness that overshadows these positives.",[170,172,175],{"reason":171,"points":146},"Output escaping is 0% properly escaped",{"reason":173,"points":174},"No capability checks found",5,{"reason":176,"points":174},"No nonce checks found","2026-03-17T01:10:12.460Z",{"wat":179,"direct":185},{"assetPaths":180,"generatorPatterns":182,"scriptPaths":183,"versionParams":184},[181],"\u002Fwp-content\u002Fplugins\u002Ffunny-photos\u002Fimages\u002F",[],[],[],{"cssClasses":186,"htmlComments":187,"htmlAttributes":189,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":200},[],[188],"\u003C!-- WP plugin Funny photos -->",[190,191,192,193,194,195,196,197],"id=\"Funny_photos_widget_url_title\"","name=\"Funny_photos_widget_url_title\"","id=\"Funny_photos_widget_RSS_count_widg\"","name=\"Funny_photos_widget_RSS_count_widg\"","id=\"Funny_photos_widget_RSS_count_content\"","name=\"Funny_photos_widget_RSS_count_content\"","id=\"Funny_photos_width_SHOWN_content\"","name=\"Funny_photos_width_SHOWN_content\"",[],[],[]]