[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2SHgzEFkGxRG9DnDUmKCkMWUWh8vsYEnkR5c9pZnnDI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":13,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":53,"analysis":142,"fingerprints":197},"hello-world","Hello World","2.2.0","Bernhard Kau","https:\u002F\u002Fprofiles.wordpress.org\u002Fkau-boy\u002F","\u003Cp>In tribute to the famous “Hello Dolly” plugin by Matt Mullenweg comes this new plugin. And how could someone possible name a new default plugin other than “Hello World”, as it’s THE definition for a default example 🙂\u003C\u002Fp>\n","Similar to \"Hello Dolly\", this plugin lets you choose from some lyrics files, of which one line is shown in your dashboard on every page load.",300,16963,0,"2025-10-26T16:24:00.000Z","6.9.4","","5.2",[19,20,21,22,23],"dolly","hello","lyrics","world","yoda","https:\u002F\u002Fgithub.com\u002F2ndkauboy\u002Fhello-world","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-world.2.2.0.zip",99,1,"2024-09-30 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2024-9224","hello-world-authenticated-subscriber-arbitrary-file-read","Hello World \u003C= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read","The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",null,"\u003C=2.1.1","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2024-10-04 12:37:09",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=api-prod",5,{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":45,"trust_score":51,"computed_at":52},"kau-boy",9,7520,97,98,"2026-04-04T16:13:23.186Z",[54,72,91,103,122],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":16,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"custom-dolly","Custom Dolly","1.0.0","Red Balloon","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrisdann\u002F","\u003Cp>Based on the famous Hello Dolly plugin, Custom Dolly allows you to use any song you like (or speech, film, play or anything else).\u003C\u002Fp>\n\u003Cp>After installation simply go to Appearance->Custom Dolly to add or edit your lyrics (you can copy\u002Fpaste lyrics from any lyrics page on the internet or any other source), click the update button and Custom Dolly will show a random lyric on every admin screen.\u003C\u002Fp>\n","Based on the famous Hello Dolly plugin, Custom Dolly allows you to use any song you like (or speech, film, play or anything else).",10,1119,"2019-12-29T19:13:00.000Z","5.3.21","5.1","5.6",[69,19,20,21],"custom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-dolly.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":13,"downloaded":80,"rating":13,"num_ratings":13,"last_updated":16,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":87,"download_link":88,"security_score":89,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":90},"ai-kotoba","Ai Kotoba","0.0.39","John Doe","https:\u002F\u002Fprofiles.wordpress.org\u002Fimouto\u002F","\u003Cp>This is JUST a plugin. When activated you will randomly see a lyric from the LYRICS in the upper right of your admin screen on every page.\u003C\u002Fp>\n","This is JUST a plugin. When activated you will randomly see a lyric from the LYRICS in the upper right of your admin screen on every page.",1082,"5.0.25","5.0.3","5.4.16",[85,73,86,21],"admin","hello-dolly","https:\u002F\u002Fwww.futaba.love\u002Fplugins\u002Fai-kotoba\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-kotoba.zip",100,"2026-03-15T10:48:56.248Z",{"slug":19,"name":92,"version":57,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":13,"num_ratings":13,"last_updated":99,"tested_up_to":100,"requires_at_least":17,"requires_php":67,"tags":101,"homepage":16,"download_link":102,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"Dolly","Brad Parbs","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradparbs\u002F","\u003Cp>Keeps Hello Dolly deactivated.\u003C\u002Fp>\n","A WordPress plugin to make sure Hello Dolly stays deactivated.",90,3452,"2021-08-24T12:42:00.000Z","5.8.13",[85,86],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdolly.1.0.0.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":13,"num_ratings":13,"last_updated":113,"tested_up_to":114,"requires_at_least":17,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":89,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"hello-dolly-for-your-song","Hello Dolly For Your Song","0.20","unmus","https:\u002F\u002Fprofiles.wordpress.org\u002Funmus\u002F","\u003Cp>This simple plugin is an extended version of the famous hello dolly plugin by Matt Mullenweg. Every human being has a special relationship to a particular song. And because of that, Hello Dolly For Your Song brings the lyric of your favourite song in the blog. But of course it can be used for any text. 😉\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display a random line of a custom text in your blog as gutenberg block\u003C\u002Fli>\n\u003Cli>Display a random line of a custom text in your blog as widget\u003C\u002Fli>\n\u003Cli>Display a random line of a custom text in your blog as shortcode\u003C\u002Fli>\n\u003Cli>Display a random line of a custom text in your theme as template tag\u003C\u002Fli>\n\u003Cli>Display a random line of a custom text in the blog administration\u003C\u002Fli>\n\u003Cli>Integration into WordPress REST API\u003C\u002Fli>\n\u003Cli>Hooks for Developers\u003C\u002Fli>\n\u003Cli>Options Page to define a custom song text\u003C\u002Fli>\n\u003Cli>Site Health Integration\u003C\u002Fli>\n\u003Cli>Hidden Options\u003C\u002Fli>\n\u003Cli>Languages: English, German, Spanish, French, Indonesian, Russian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Related Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.unmus.de\u002Fhello-dolly-for-your-song\u002F\" rel=\"nofollow ugc\">Official Plugin Page\u003C\u002Fa> (German)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.unmus.de\u002Fhello-dolly\u002F\" rel=\"nofollow ugc\">Why I have created this plugin?\u003C\u002Fa> (German)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.unmus.de\u002Fhello-dolly-for-your-song\u002F#screencast\" rel=\"nofollow ugc\">ScreenCast showing almost all features\u003C\u002Fa> (German)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcircuscode\u002Fhello-dolly-for-your-song\" rel=\"nofollow ugc\">Source Code @ GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Maintain the songtext you love in the Settings.\u003C\u002Fli>\n\u003Cli>That is all!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Gutenberg Block Category\u003C\u002Fh4>\n\u003Cp>Widgets\u003C\u002Fp>\n\u003Ch4>Shortcode\u003C\u002Fh4>\n\u003Cp>[hdfys]\u003C\u002Fp>\n\u003Ch4>Template Tag\u003C\u002Fh4>\n\u003Cp>hello_dolly_for_your_song()\u003C\u002Fp>\n\u003Ch4>Get Function\u003C\u002Fh4>\n\u003Cp>get_hello_dolly_for_your_song()\u003C\u002Fp>\n\u003Ch4>REST API Endpoint\u003C\u002Fh4>\n\u003Cp>http:\u002F\u002Fyourblogdomain\u002Fwp-json\u002Frestful-hello-dolly-for-your-song\u002Ftext\u003C\u002Fp>\n\u003Ch4>Actions\u003C\u002Fh4>\n\u003Cp>hdfys_new_song\u003Cbr \u002F>\nThis Action wil be fired, if a new text was maintained in the settings.\u003Cbr \u002F>\nYou can use the following code.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function hdfys_do_anything() {\n\n    \u002F\u002F Add your code to execute here\n\n}\nadd_action( 'hdfys_new_song', 'hdfys_do_anything', 10, 3 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter\u003C\u002Fh4>\n\u003Cp>hdfys_output_filter\u003Cbr \u002F>\nThe filter will be applied before output of the gutenberg block, template tag and shortcode.\u003Cbr \u002F>\nYou can use the following code.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function hdfys_output_manipulate( $output ) {\n\n    \u002F\u002F Add your filter code here\n    \u002F\u002F Example: $output=strtolower( $output );\n\n    return $output;\n}\nadd_filter( 'hdfys_output_filter', 'hdfys_output_manipulate', 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This simple plugin shows a random line of any text in your blog.",60,7109,"2025-09-04T17:56:00.000Z","6.8.5","7.0",[85,4,117,118,119],"learning-wordpress","love","random","https:\u002F\u002Fwww.unmus.de\u002Fwordpress-plugin-hello-dolly-for-your-song\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-dolly-for-your-song.0.20.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":27,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":16,"tags":136,"homepage":140,"download_link":141,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":36,"fetched_at":29},"the-force","The Force","1.3","Rohit Motwani","https:\u002F\u002Fprofiles.wordpress.org\u002Frohittm\u002F","\u003Cp>Activate this Plugin & feel The Force in your Admin Dashboard. This Plugin is just similar to the WordPress’ Hello Dolly Plugin. Except when activated you will randomly see a quote from The Star Wars Series in the upper right of your admin screen on every page.\u003C\u002Fp>\n","This Plugin is Just Similar to the WordPress' Famous Hello Dolly Plugin. Except when activated you will randomly see a quote from The Star Wars S …",20,2298,80,"2016-12-07T19:28:00.000Z","4.7.32","3.0.1",[137,86,138,139],"force","star-wars","the-dark-side","http:\u002F\u002Fwww.RohitMotwani.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthe-force.zip",{"attackSurface":143,"codeSignals":165,"taintFlows":187,"riskAssessment":188,"analyzedAt":196},{"hooks":144,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":13,"unprotectedCount":13},[145,151,154,158],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","plugins_loaded","hello_world_load_plugin_textdomain","hello-world.php",28,{"type":146,"name":152,"callback":153,"file":149,"line":111},"admin_notices","hello_world_admin_notice",{"type":146,"name":155,"callback":156,"file":149,"line":157},"admin_head","hello_world_css",92,{"type":146,"name":159,"callback":160,"file":149,"line":89},"admin_menu","hello_world_menu",[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":27,"externalRequests":13,"nonceChecks":27,"capabilityChecks":13,"bundledLibraries":186},[],{"prepared":13,"raw":13,"locations":168},[],{"escaped":170,"rawEcho":171,"locations":172},7,6,[173,176,178,180,182,184],{"file":149,"line":174,"context":175},124,"raw output",{"file":149,"line":177,"context":175},127,{"file":149,"line":179,"context":175},131,{"file":149,"line":181,"context":175},137,{"file":149,"line":183,"context":175},140,{"file":149,"line":185,"context":175},149,[],[],{"summary":189,"deductions":190},"The 'hello-world' plugin v2.2.0 exhibits a generally good security posture with several positive indicators. The absence of direct attack surface points like AJAX handlers, REST API routes, or shortcodes significantly reduces the potential for external exploitation. Furthermore, the analysis shows no critical or high-severity taint flows, indicating that data is likely handled safely within the plugin's logic. The complete absence of raw SQL queries, with 100% using prepared statements, is also a strong security practice.\n\nHowever, there are areas for concern. The plugin has a history of vulnerabilities, with one known CVE related to Path Traversal. While currently unpatched CVEs are zero, this past vulnerability suggests a pattern that requires attention. The moderate rate of properly escaped output (54%) is a concern, as it leaves potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining outputs. The presence of file operations and nonce checks, while not inherently insecure, necessitates careful implementation to avoid exploitable scenarios.\n\nIn conclusion, while the plugin has a low immediate attack surface and good practices in areas like SQL handling, the historical vulnerability and the significant percentage of unescaped output present potential risks. Continued vigilance and a review of how output is handled are recommended to maintain a strong security profile.",[191,194],{"reason":192,"points":193},"Past vulnerability history (Path Traversal)",15,{"reason":195,"points":171},"Moderate output escaping rate (46% unescaped)","2026-03-16T19:55:16.081Z",{"wat":198,"direct":203},{"assetPaths":199,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[],[],[],[],{"cssClasses":204,"htmlComments":206,"htmlAttributes":207,"restEndpoints":208,"jsGlobals":209,"shortcodeOutput":210},[205],"hello_world",[],[],[],[],[]]