[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMZ5mjkguDTq4jYbTvNdGoZRSXYKeKMW5n2iAOT0c1uw":3,"$f2gRK6OcIORK21zOaWW1ZEn_fUvNYdSn7p8PHW1tP-PM":222,"$fi5r1Jwj6Azh0Nw1dvGWfpMmXE48xzTbfe3j6Nrh-C0k":227},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":120,"fingerprints":198},"good-reads","Good Reads","1.5","iamgarrett","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamgarrett\u002F","\u003Cp>Google’s Blogger tool has a great blogroll gadget, which I’ve always wanted in WordPress. I tried a few plugins that advertised similar behavior but was never quite satisfied – so I made my own.\u003C\u002Fp>\n\u003Cp>This will grab all your links with a category of ‘sidebar’ and show them in a list on your sidebar. Specify each link’s RSS\u002FAtom feed address and it will grab the latest post, a link, and reorder the list based on when these posts were written. It only requires that you have jQuery and PHP and uses the Links and Widget section already included in WordPress.\u003C\u002Fp>\n","An ordered blogroll widget for your sidebar that displays your favorite blogs, what they're writing, and when.",10,3629,0,"2011-03-04T18:28:00.000Z","3.1.4","3.0","",[19,20,21,22,23],"blogroll","blogs","links","rss","sidebar","http:\u002F\u002Fiamgarrett.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgood-reads.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,84,"2026-05-19T21:00:56.098Z",[37,56,73,88,104],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"rss-blogroll","RSS Blogroll","0.4","pantsonhead","https:\u002F\u002Fprofiles.wordpress.org\u002Fpantsonhead\u002F","\u003Cp>I don’t really like Blogrolls, I think they’re often not much more than glorified link dumps. I don’t like how they give you nothing more than the Blog title, and unless that title really grabs your attention, you’re never gonna click it. I don’t like how they are often just a static list, commonly out of date, that you learn to ignore after the first 4 page views. In their current format, they just appear to be a great waste of space.\u003C\u002Fp>\n\u003Cp>This is why I decided to create the RSS Blogroll plugin. RSS Blogroll allows you to link to your favourite blogs via the latest items from their RSS\u002FAtom feed. Article titles are much more attention grabbing and will deliver much higher quality traffic. We all hate clicking through to abandoned blogs – displaying article publication dates also lets readers know these are up to date and active sites.\u003C\u002Fp>\n\u003Cp>Many of us want to direct some of our traffic to related sites. RSS Blogroll will create deeplinks to the target sites, which are much more useful for SEO than homepage links. Overall it’s a win-win situation with a better browsing experience for users and the linked sites getting more visitors who are actually interested in their content.\u003C\u002Fp>\n","Sidebar widget that links to recent entries from RSS\u002FAtom feeds.",100,14035,46,3,"2015-08-02T05:10:00.000Z","4.2.39","2.8",[19,22,23,53],"widget","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frss-blogroll\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frss-blogroll.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":15,"requires_at_least":67,"requires_php":17,"tags":68,"homepage":71,"download_link":72,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"daring-fireball-linked-list","Daring Fireball-style Linked List Plugin","2.7.4","yjsoon","https:\u002F\u002Fprofiles.wordpress.org\u002Fyjsoon\u002F","\u003Cp>This plugin makes your RSS feed behave like Daring Fireball’s linked list posts, and has some extra features to make posting linked lists easier. Also supports Twitter Tools.\u003C\u002Fp>\n\u003Cp>\u003Cem>Part One\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Makes your RSS feed for linked-list posts (indicated using a custom field) behave like \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\" rel=\"nofollow ugc\">Daring Fireball\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To use, set the custom field “linked_list_url” to the desired location on a link post. In your RSS feed, the following will happen:\u003C\u002Fp>\n\u003Cp>(i) the item’s RSS permalink becomes the link destination;\u003Cbr \u002F>\n(ii) the actual permalink to your post is inserted as a star glyph at the end of your post; and\u003Cbr \u002F>\n(iii) a star glyph is added in front of your non-linked-list post titles. Behaviour is customisable in options.\u003C\u002Fp>\n\u003Cp>All three parts are customizable, and you can use different glyphs or text if you’d like. For theme designers, the plugin also provides functions (get_the_permalink_glyph(), the_permalink_glyph(), get_the_linked_list_link(), the_linked_list_link(), get_glyph() and is_linked_list()) to customise your design by checking if the item is a linked list item, getting a permalink with glyph, etc.\u003C\u002Fp>\n\u003Cp>Adapted from Jonathan Penn’s \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fjonathanpenn\u002Fwordpress-linked-list-plugin\" rel=\"nofollow ugc\">WordPress Linked List plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Part Two\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Add link from post content. This feature allows you to set the custom field “linked_list_url” from within the post content. This is especially handy for using with the ‘Press This’ bookmarklet.\u003C\u002Fp>\n\u003Cp>When you activate this feature, the DFLL plugin will look at the first line of your post content for a link anchor, and it’ll set that link as the linked_list_url for your post. For example, the following post content:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=’http:\u002F\u002Fgoogle.com’>Google!!!\u003C\u002Fa>.\u003Cbr \u002F>\n  This is a link post to Google.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>… will have its first line removed, the URL http:\u002F\u002Fgoogle.com passed into the custom field linked_list_url, and will have its first line removed to just end up with the text ‘This is a link post to Google’. The text in the anchor (‘Google!!!’) will be ignored.\u003C\u002Fp>\n\u003Cp>It’s very important to note three requirements: (i) the anchor tag must be in the first line of the post, (ii) the tag must be the only element on that line, and (iii) the line must end in a period. This is the syntax that the ‘Press This’ bookmarklet uses, so you can just hit ‘Press This’ and enter to go to the next line and stop typing.\u003C\u002Fp>\n\u003Cp>Any text in the anchor will be ignored, and the entire first line will be discarded. This also means that if, for whatever, reason, you like posting link anchors that end in periods as the first line of your blog, you shouldn’t activate this checkbox, or you’ll end up with linked list posts by accident!\u003C\u002Fp>\n\u003Cp>This was adapted from \u003Ca href=\"http:\u002F\u002Fhypertext.net\u002Fprojects\u002Fcfsetter\" rel=\"nofollow ugc\">CF Setter by Justin Blanton\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cem>Twitter Tools support\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>If you’re using \u003Ca href=\"http:\u002F\u002Fcrowdfavorite.com\u002Fwordpress\u002Fplugins\u002Ftwitter-tools\u002F\" rel=\"nofollow ugc\">Twitter Tools\u003C\u002Fa>, you can customise your tweets to have your custom glyph or text appear before either your “regular” or linked-list posts.\u003C\u002Fp>\n\u003Cp>Questions or suggestions? Look me up on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fyjsoon\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>When adding a link, create a normal blog post, but add a custom field “linked_list_url” with the desired link URL. The RSS feed item will automatically point to that URL.\u003C\u002Fli>\n\u003Cli>When posting, to insert a link without setting the custom field manually, put your URL wrapped in an anchor tag in the first line, ending with a period. For example: \u003Ca href=”http:\u002F\u002Fyjsoon.com”>Doesn’t matter what’s in here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Copyright (c) 2010-2011 YJ Soon\u003C\u002Fp>\n\u003Cp>Permission is hereby granted, free of charge, to any person obtaining\u003Cbr \u002F>\na copy of this software and associated documentation files (the\u003Cbr \u002F>\n“Software”), to deal in the Software without restriction, including\u003Cbr \u002F>\nwithout limitation the rights to use, copy, modify, merge, publish,\u003Cbr \u002F>\ndistribute, sublicense, and\u002For sell copies of the Software, and to\u003Cbr \u002F>\npermit persons to whom the Software is furnished to do so, subject to\u003Cbr \u002F>\nthe following conditions:\u003C\u002Fp>\n\u003Cp>The above copyright notice and this permission notice shall be\u003Cbr \u002F>\nincluded in all copies or substantial portions of the Software.\u003C\u002Fp>\n\u003Cp>THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,\u003Cbr \u002F>\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\u003Cbr \u002F>\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\u003Cbr \u002F>\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\u003Cbr \u002F>\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\u003Cbr \u002F>\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\u003Cbr \u002F>\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\u003C\u002Fp>\n","This plugin makes your RSS feed behave like Daring Fireball's linked list posts, and has some extra features to make posting linked lists easier.",40,13582,"2011-06-19T15:22:00.000Z","2.7",[69,70,21,22],"linkblogs","linked-list","http:\u002F\u002Fgithub.com\u002Fyjsoon\u002Fdf-style-linked-list_wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdaring-fireball-linked-list.2.7.4.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":13,"num_ratings":13,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":17,"tags":85,"homepage":86,"download_link":87,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"linkedlist","LinkedList","1.1.1","rungta","https:\u002F\u002Fprofiles.wordpress.org\u002Frungta\u002F","\u003Cp>LinkedList \u003Cstrong>was\u003C\u002Fstrong> a simple WordPress plugin for sorting your blogroll in the order by which the sites on the blogroll were last updated. LinkedList \u003Cstrong>did\u003C\u002Fstrong> this by using Google’s excellent \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fapis\u002Fajaxfeeds\u002F\" rel=\"nofollow ugc\">AJAX Feed API\u003C\u002Fa> to discover (if needed) and read the RSS\u002FAtom feeds of the sites on your blogroll.\u003C\u002Fp>\n","LinkedList was a simple WordPress plugin for sorting your blogroll in the order by which the sites on the blogroll were last updated.",2922,"2012-05-26T21:06:00.000Z","2.7.1","2.3",[19,21,23],"http:\u002F\u002Fprateekrungta.com\u002Flinkedlist\u002Fwp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flinkedlist.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":11,"downloaded":96,"rating":13,"num_ratings":13,"last_updated":97,"tested_up_to":50,"requires_at_least":98,"requires_php":17,"tags":99,"homepage":102,"download_link":103,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"live-blogroll","Live Blogroll","0.6.2","Vladimir Prelovac","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreediver\u002F","\u003Cp>Live Blogroll will make your blogroll livelier. It will show a number of ‘recent posts’ for each link in your Blogroll using Ajax.\u003C\u002Fp>\n\u003Cp>When the user hovers the mouse above the link, RSS feed from the site is automatically discovered and a number of recent posts is shown dynamically in a box.\u003C\u002Fp>\n\u003Cp>Live BlogRoll uses internal caching for feed discovery and WordPress caching for RSS feeds to make sure everything is smooth for the user.\u003C\u002Fp>\n\u003Cp>The looks of the hover box are fully customizable with CSS, and the position is editable in the options.\u003C\u002Fp>\n\u003Cp>Plugin by \u003Ca href=\"http:\u002F\u002Fwww.prelovac.com\u002Fvladimir\" rel=\"nofollow ugc\">Vladimir Prelovac\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of Live Blogroll.\u003C\u002Fp>\n\u003Cp>Category Search is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>Category Search is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with Category Search. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Shows a number of 'recent posts' for each link in your Blogroll in a popup box, using Ajax.",15472,"2014-12-22T14:05:00.000Z","2.5",[100,19,101,21,23],"ajax","bookmarks","http:\u002F\u002Fwww.prelovac.com\u002Fvladimir\u002Fwordpress-plugins\u002Flive-blogroll","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-blogroll.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":11,"downloaded":112,"rating":13,"num_ratings":13,"last_updated":113,"tested_up_to":114,"requires_at_least":16,"requires_php":17,"tags":115,"homepage":118,"download_link":119,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-latest-post-blogroll","WP Latest Post Blogroll","1.0","LizzyFin","https:\u002F\u002Fprofiles.wordpress.org\u002Flizzyfin\u002F","\u003Cp>The WP Latest Post Blogroll plugin improves the static blogroll by showing new and different links with each new post on your favorite sites. It fetches the most recent post title for each blog listed in the blogroll. The blogroll is then presented as a list of links to these latest blog posts. Instead of a static list of links to the blogroll sites, the links list appears differently with every blog post published.\u003C\u002Fp>\n\u003Cp>WP Latest Post Blogroll updates your links list with the last post title for each link. With a dynamic blogroll your site will always be current with no more effort from you. All you have to do is install and activate the plugin. There are no options to fiddle with!\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>WP Latest Post Blogroll plugin is a simplified adaptation of Vladimir Prelovac’s Live Blogroll plugin.\u003C\u002Fp>\n","The WP Latest Post Blogroll plugin creates a link with the most recent post title for each blog listed in the blogroll.",2992,"2011-10-22T21:16:00.000Z","3.2.1",[19,21,116,22,117],"post","title","http:\u002F\u002Fcomputeraxe.com\u002Fwordpress-plugins\u002Fwp-latest-post-blogroll\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-latest-post-blogroll.zip",{"attackSurface":121,"codeSignals":133,"taintFlows":181,"riskAssessment":182,"analyzedAt":197},{"hooks":122,"ajaxHandlers":129,"restRoutes":130,"shortcodes":131,"cronEvents":132,"entryPointCount":13,"unprotectedCount":13},[123],{"type":124,"name":125,"callback":126,"file":127,"line":128},"action","widgets_init","good_reads_load_widgets","good-reads.php",13,[],[],[],[],{"dangerousFunctions":134,"sqlUsage":139,"outputEscaping":141,"fileOperations":32,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":180},[135],{"fn":136,"file":127,"line":137,"context":138},"ini_set",83,"ini_set('display_errors', 0);",{"prepared":13,"raw":13,"locations":140},[],{"escaped":13,"rawEcho":142,"locations":143},20,[144,147,149,151,153,155,157,158,160,162,164,166,168,169,170,172,174,175,177,179],{"file":127,"line":145,"context":146},45,"raw output",{"file":127,"line":148,"context":146},48,{"file":127,"line":150,"context":146},58,{"file":127,"line":152,"context":146},63,{"file":127,"line":154,"context":146},72,{"file":127,"line":156,"context":146},93,{"file":127,"line":156,"context":146},{"file":127,"line":159,"context":146},119,{"file":127,"line":161,"context":146},140,{"file":127,"line":163,"context":146},187,{"file":127,"line":165,"context":146},219,{"file":127,"line":167,"context":146},220,{"file":127,"line":167,"context":146},{"file":127,"line":167,"context":146},{"file":127,"line":171,"context":146},223,{"file":127,"line":173,"context":146},224,{"file":127,"line":173,"context":146},{"file":127,"line":176,"context":146},230,{"file":127,"line":178,"context":146},231,{"file":127,"line":178,"context":146},[],[],{"summary":183,"deductions":184},"The \"good-reads\" plugin v1.5 exhibits a mixed security posture.  On one hand, the absence of known CVEs and the complete use of prepared statements for SQL queries are positive indicators.  The static analysis also reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks.\n\nHowever, significant concerns arise from the code signals. The presence of a dangerous function like `ini_set` is a red flag, as it can be misused to alter PHP configuration. More critically, 100% of output escaping is missing, meaning any data displayed to users could be vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks for entry points, though currently representing zero entry points without them, leaves a potential gap if new entry points are introduced without proper safeguards. The plugin also performs file operations without apparent checks.\n\nGiven the lack of historical vulnerabilities, it's difficult to draw strong conclusions about long-term security patterns. However, the current static analysis highlights critical weaknesses in output sanitization and the use of potentially dangerous functions. While the plugin currently appears to have a limited attack surface, the identified code quality issues pose a tangible risk, particularly the unescaped output.",[185,188,191,193,195],{"reason":186,"points":187},"No output escaping detected",15,{"reason":189,"points":190},"Presence of dangerous function (ini_set)",5,{"reason":192,"points":190},"No nonce checks",{"reason":194,"points":190},"No capability checks",{"reason":196,"points":190},"File operations without explicit checks","2026-04-16T12:41:06.047Z",{"wat":199,"direct":205},{"assetPaths":200,"generatorPatterns":202,"scriptPaths":203,"versionParams":204},[201],"\u002Fwp-content\u002Fplugins\u002Fgood-reads\u002Fgood-reads.php",[],[],[],{"cssClasses":206,"htmlComments":210,"htmlAttributes":212,"restEndpoints":214,"jsGlobals":215,"shortcodeOutput":217},[207,208,209],"gr","blog_title","latest_post",[211],"\u003C!-- Widget Title: Text Input -->",[213],"id=\"blogroll\"",[],[216],"$",[218,219,220,221],"\u003Cul id=\"blogroll\">\n\t\t\t","\u003Cli>","\u003C\u002Fa>\n\t\t\t\t\t\u003Cdiv class=\"latest_post\">\n\t\t\t\t\t\t","\u003C\u002Fdiv>\n\t\t\t\t\u003C\u002Fli>\n\t\t\t",{"error":223,"url":224,"statusCode":225,"statusMessage":226,"message":226},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fgood-reads\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":228},[]]