[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2LmqbKK3Xrw2a4Z6NZsZQQXINg-LcNtryJsCpl6N8yk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":135,"fingerprints":182},"highlight-author-comments","Highlight Author Comments","1.0.2","RobMarsh","https:\u002F\u002Fprofiles.wordpress.org\u002Frobmarsh\u002F","\u003Cp>Highlight Author Comments automatically displays comments made by a post’s author in a distinctive style with no need to edit your template files, etc. All you do is provide a snippet or two of CSS styling to be applied to author posts.\u003C\u002Fp>\n\u003Ch3>Version History\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Version 1.0.2\n\u003Cul>\n\u003Cli>Workaround for WP bug that failed to style the first paragraph as a paragraph\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Version 1.0.1\n\u003Cul>\n\u003Cli>Added the ability to style the comment author link\u003C\u002Fli>\n\u003Cli>Added some security with nonces\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Version 1.0.0\n\u003Cul>\n\u003Cli>Initial version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Highlight Author Comments automatically displays comments made by a post's author in a distinctive style",300,32628,100,1,"2008-08-22T09:37:00.000Z","2.6.1","1.5","",[20,21,22],"automatic","comments","highlight","http:\u002F\u002Frmarsh.com\u002Fplugins\u002Fhighlight-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhighlight-author-comments.1.0.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"robmarsh",5,2400,30,84,"2026-04-04T06:47:08.733Z",[38,64,83,103,120],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":14,"last_vuln_date":63,"fetched_at":28},"codecolorer","CodeColorer","0.11.0","Dmytro Shteflyuk","https:\u002F\u002Fprofiles.wordpress.org\u002Fkpumuk\u002F","\u003Cp>CodeColorer lets you insert syntax-highlighted code snippets into posts, comments, and feeds.\u003C\u002Fp>\n\u003Cp>CodeColorer currently bundles GeSHi 1.0.9.0 from the upstream 1.0.x line, with a small set of project-local maintenance patches for current PHP and WordPress compatibility.\u003C\u002Fp>\n\u003Cp>Plugin based on GeSHi library, which supports most languages. CodeColorer has various nice features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>syntax highlighting in RSS feeds\u003C\u002Fli>\n\u003Cli>syntax highlighting of a single line of code (inline)\u003C\u002Fli>\n\u003Cli>syntax highlighting of code in comments\u003C\u002Fli>\n\u003Cli>line numbers\u003C\u002Fli>\n\u003Cli>automatic links to the documentation inserting\u003C\u002Fli>\n\u003Cli>code block intelligent scroll detection (short code would have a short block, for a long one the block height would be fixed and a scrollbar would appear)\u003C\u002Fli>\n\u003Cli>predefined color themes (Slush & Poppies, Blackboard, Dawn, Mac Classic, Twitlight, Vibrant Ink, Railscasts, Solarized Light, Solarized Dark)\u003C\u002Fli>\n\u003Cli>syntax colors customization in CSS file\u003C\u002Fli>\n\u003Cli>code protect from mangling by WordPress (for example, quotes, double-dashes, and others would look just right as you entered)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have any suggestions, found a bug, wanted to contribute a translation to your language, or just wanted to say “thank you”, feel free to email me \u003Ca href=\"mailto:kpumuk@kpumuk.info\" rel=\"nofollow ugc\">kpumuk@kpumuk.info\u003C\u002Fa>. I will try my best to answer you.\u003C\u002Fp>\n\u003Cp>If you want to contribute your code, see the \u003Cem>Development\u003C\u002Fem> section under the \u003Cem>Other Notes\u003C\u002Fem> tab.\u003C\u002Fp>\n\u003Ch3>Supported languages\u003C\u002Fh3>\n\u003Cp>Here is the list of languages supported by CodeColorer: 4cs, 6502acme, 6502kickass, 6502tasm, 68000devpac, abap, actionscript, actionscript3, ada, aimms, algol68, apache, applescript, apt_sources, arm, asm, asp, asymptote, autoconf, autohotkey, autoit, avisynth, awk, bascomavr, bash, basic4gl, batch, bf, biblatex, bibtex, blitzbasic, bnf, boo, c, c_loadrunner, c_mac, c_winapi, caddcl, cadlisp, ceylon, cfdg, cfm, chaiscript, chapel, cil, clojure, cmake, cobol, coffeescript, cpp-qt, cpp-winapi, cpp, csharp, css, cuesheet, d, dart, dcl, dcpu16, dcs, delphi, diff, div, dos, dot, e, ecmascript, eiffel, email, epc, erlang, euphoria, ezt, f1, falcon, fo, fortran, freebasic, freeswitch, fsharp, gambas, gdb, genero, genie, gettext, glsl, gml, gnuplot, go, groovy, gwbasic, haskell, haxe, hicest, hq9plus, html4strict, icon, idl, ini, inno, intercal, io, ispfpanel, j, java, java5, javascript, jcl, jquery, julia, kixtart, klonec, klonecpp, kotlin, latex, lb, ldif, lisp, llvm, locobasic, logtalk, lolcode, lotusformulas, lotusscript, lscript, lsl2, lua, m68k, magiksf, make, mapbasic, mathematica, matlab, mercury, metapost, mirc, mk-61, mmix, modula2, modula3, mpasm, mxml, mysql, nagios, netrexx, newlisp, nginx, nimrod, nsis, oberon2, objc, objeck, ocaml-brief, ocaml, octave, oobas, oorexx, oracle11, oracle8, oxygene, oz, parasail, parigp, pascal, pcre, per, perl, perl6, pf, phix, php-brief, php, pic16, pike, pixelbender, pli, plsql, postgresql, postscript, povray, powerbuilder, powershell, proftpd, progress, prolog, properties, providex, purebasic, pycon, pys60, python, q, qbasic, qml, racket, rails, rbs, rebol, reg, rexx, robots, rpmspec, rsplus, ruby, rust, sas, sass, scala, scheme, scilab, scl, sdlbasic, smalltalk, smarty, spark, sparql, sql, standardml, stonescript, swift, systemverilog, tcl, tclegg, teraterm, texgraph, text, thinbasic, tsql, twig, typoscript, unicon, upc, urbi, uscript, vala, vb, vbnet, vbscript, vedit, verilog, vhdl, vim, visualfoxpro, visualprolog, whitespace, whois, winbatch, xbasic, xml, xojo, xorg_conf, xpp, xyscript, yaml, z80, zxbasic.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>Sources of this plugin are available both in SVN and Git:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcodecolorer\u002F\" rel=\"nofollow ugc\">WordPress SVN repository\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkpumuk\u002Fcodecolorer\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The GitHub repository includes local contributor tooling based on \u003Ccode>mise\u003C\u002Fcode>, Composer, \u003Ccode>pnpm\u003C\u002Fcode>, and \u003Ccode>wp-env\u003C\u002Fcode>. A typical setup is:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>mise install\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>mise run bootstrap\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>mise run test\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>mise run wp-start\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Feel free to check them out, make your changes and send me patches or pull requests. Promise, I will apply every patch (of course, if they add a value to the product). Email for patches, suggestions, or bug reports: \u003Ca href=\"mailto:kpumuk@kpumuk.info\" rel=\"nofollow ugc\">kpumuk@kpumuk.info\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you’re interested in translating CodeColorer to your language, please check out the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcodecolorer\" rel=\"nofollow ugc\">translation page\u003C\u002Fa> for the plugin.\u003C\u002Fp>\n\u003Ch3>Customization\u003C\u002Fh3>\n\u003Cp>Syntax coloring is highly customizable: you could change the  color scheme for all languages or a specific language. You could find CodeColorer CSS in \u003Cstrong>wp-content\u002Fplugins\u002Fcodecolorer\u002Fcodecolorer.css\u003C\u002Fstrong> file. To change colors for all languages edit lines below \u003Cem>Color scheme\u003C\u002Fem> section.\u003C\u002Fp>\n\u003Cp>There is a simple mapping between TextMate color themes and CodeColorer ones:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F* \"Slush & Poppies\" color scheme (default) *\u002F\n.codecolorer-container, .codecolorer { color: #000000; background-color: #F1F1F1; }\n\u002F* Comment *\u002F\n.codecolorer .co0, .codecolorer .co1, .codecolorer .co2, .codecolorer .co3, .codecolorer .co4, .codecolorer .coMULTI { color: #406040; font-style: italic; }\n\u002F* Constant *\u002F\n.codecolorer .nu0, .codecolorer .re3 { color: #0080A0; }\n\u002F* String *\u002F\n.codecolorer .st0, .codecolorer .st_h, .codecolorer .es0, .codecolorer .es1 { color: #C03030; }\n\u002F* Entity *\u002F\n.codecolorer .me1, .codecolorer .me2 { color: #0080FF; }\n\u002F* Keyword *\u002F\n.codecolorer .kw1, .codecolorer .kw2, .codecolorer .sy1 { color: #2060A0; }\n\u002F* Storage *\u002F\n.codecolorer .kw3, .codecolorer .kw4, .codecolorer .kw5, .codecolorer .re2 { color: #008080; }\n\u002F* Variable *\u002F\n.codecolorer .re0, .codecolorer .re1 { color: #A08000; }\n\u002F* Global color *\u002F\n.codecolorer .br0, .codecolorer .sy0 { color: #000000; }\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Check the \u003Cstrong>codecolorer.css\u003C\u002Fstrong> file to get more examples.\u003C\u002Fp>\n","Syntax highlighting for code snippets in posts, comments, and RSS, with inline code, themes, and line numbers.",1000,125021,98,11,"2026-03-14T01:31:00.000Z","6.9.4","4.0","7.0",[55,21,56,57,58],"code","highlighting","snippet","syntax","https:\u002F\u002Fkpumuk.info\u002Fprojects\u002Fwordpress-plugins\u002Fcodecolorer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodecolorer.0.11.0.zip",73,2,"2025-12-30 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":13,"num_ratings":14,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":18,"tags":77,"homepage":81,"download_link":82,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"simple-author-highlighter","Simple Author Highlighter","0.6.5","jimaek","https:\u002F\u002Fprofiles.wordpress.org\u002Fjimaek\u002F","\u003Cp>Simple Author Highlighter is a simple WordPress plug-in that can customize the color of the author’s comments or any selected users (for example the admins). The installation process is extremely simple and accessible and after install, Simple Author Highlighter can be found in the “Plugins” menu in WordPress.\u003C\u002Fp>\n","Simple Author Highlighter is a wordpress plugin that allows you to easy highlight authors comments. More on our website www.dakulov.eu",70,13304,"2011-03-30T11:09:00.000Z","3.1.4","2.8.0",[78,79,80,21,22],"admin","author","comment","http:\u002F\u002Fwww.dakulov.eu#page5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-author-highlighter.0.6.5.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":34,"downloaded":91,"rating":13,"num_ratings":62,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":99,"download_link":100,"security_score":101,"vuln_count":14,"unpatched_count":14,"last_vuln_date":102,"fetched_at":28},"automatic-ban-ip","Automatic Ban IP","1.0.7","KaizenCoders","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaizencoders\u002F","\u003Cp>Block IP addresses which are suspicious and try to post on your blog spam comments.\u003C\u002Fp>\n\u003Cp>This plugin need that you create an account on the Honey Pot Project (https:\u002F\u002Fwww.projecthoneypot.org, free api) or that you install the Spam Captcha plugin.\u003C\u002Fp>\n\u003Cp>In addition, if you want to geolocate the spammers your may create an account on (http:\u002F\u002Fipinfodb.com\u002F, free api). Thus, you may display a world map with the concentration of spammers.\u003C\u002Fp>\n\u003Cp>Spammers may be blocked either by PHP based restrictions (i.e. WordPress generates a 403 page for such identified users) or by Apache based restriction (using Deny from in .htaccess file).\u003C\u002Fp>\n\u003Cp>The Apache restriction is far more efficient when hundreds of hosts sent you spams in few minutes.\u003C\u002Fp>\n\u003Ch4>Multisite – WordPress MU\u003C\u002Fh4>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Afrikaans (South Africa) translation provided by SedLex, JanvanNiekerk\u003C\u002Fli>\n\u003Cli>English (United States), default language\u003C\u002Fli>\n\u003Cli>Japanese (Japan) translation provided by OsamuKudo\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features of the framework\u003C\u002Fh4>\n\u003Cp>This plugin uses the SL framework. This framework eases the creation of new plugins by providing tools and frames (see dev-toolbox plugin for more info).\u003C\u002Fp>\n\u003Cp>You may easily translate the text of the plugin and submit it to the developer, send a feedback, or choose the location of the plugin in the admin panel.\u003C\u002Fp>\n\u003Cp>Have fun !\u003C\u002Fp>\n","Block IP addresses which are suspicious and try to post on your blog spam comments.",5292,"2016-04-17T08:59:00.000Z","4.5.33","3.0",[20,96,21,97,98],"ban","ip","spam","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautomatic-ban-ip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-ban-ip.zip",63,"2025-04-09 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":18,"short_description":109,"active_installs":110,"downloaded":111,"rating":26,"num_ratings":26,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":18,"tags":115,"homepage":118,"download_link":119,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"best-of-comments","Best-Of Comments","1.2","David Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidjmillerorg\u002F","Best-Of Comments allows users to tag exceptional comments and display a randomly selected list of those comments wherever they choose in their theme.",10,2590,"2016-12-07T20:14:00.000Z","4.7.32","2.5",[116,21,117,22],"classic","featured","http:\u002F\u002Fwww.davidjmiller.org\u002F2009\u002Fbest-of-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbest-of-comments.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":110,"downloaded":128,"rating":26,"num_ratings":26,"last_updated":129,"tested_up_to":130,"requires_at_least":18,"requires_php":18,"tags":131,"homepage":18,"download_link":134,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"chronological-spam-removal","Chronological Spam Removal","1.0.4.0","skunkbad","https:\u002F\u002Fprofiles.wordpress.org\u002Fskunkbad\u002F","\u003Cp>PHP V5+ only! This plugin deletes spam from the comments table of the database. It does so by checking it for matches against the characters or words you have blacklisted in Settings->Discussion. Also on the Settings->Discussion page is a setting for the maximum allowed links that a comment can contain. This plugin will delete comments that have too many links. Spam can also be deleted if it has a url in the author url field. This is handy if you don’t have a author url form field in your comment form, and bots are submitting without using your form. Finally, spam can be deleted if there are any non US-en keyboard characters in any comment row. I don’t expect any foreign language characters on my blog, and while I know this setting may be a little harsh, it’s a spammy world out there, and sometimes ya gotta do what ya gotta do.\u003C\u002Fp>\n\u003Cp>This plugin adds a menu item in the Settings section of the admin area. Currently only three options are available:\u003C\u002Fp>\n\u003Cp>1) The frequency to run the automated process of removing spam. Default is twice a day.\u003C\u002Fp>\n\u003Cp>2) Whether or not to remove spam that has been submitted with the website field. Default is NO (unchecked).\u003C\u002Fp>\n\u003Cp>3) Whether or not to remove spam that has non US-en keyboard characters. Default is NO (unchecked).\u003C\u002Fp>\n","Plugin removes comments from the comments table that match blacklisted items, have too many links, or contain a author url (not default), or have non  …",2891,"2012-02-26T02:40:00.000Z","3.3.2",[20,21,132,133,98],"database","removal","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchronological-spam-removal.zip",{"attackSurface":136,"codeSignals":158,"taintFlows":174,"riskAssessment":175,"analyzedAt":181},{"hooks":137,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":26,"unprotectedCount":26},[138,144,148],{"type":139,"name":140,"callback":141,"file":142,"line":143},"filter","comment_text","hac_highlight_comment","highlight_author_comments.php",49,{"type":139,"name":145,"callback":146,"file":142,"line":147},"get_comment_author_link","hac_highlight_author",50,{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","admin_menu","hac_option_menu","highlight_author_comments_admin.php",21,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":26,"externalRequests":26,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":173},[],{"prepared":26,"raw":26,"locations":161},[],{"escaped":26,"rawEcho":163,"locations":164},4,[165,168,170,172],{"file":152,"line":166,"context":167},31,"raw output",{"file":152,"line":169,"context":167},39,{"file":152,"line":171,"context":167},46,{"file":152,"line":147,"context":167},[],[],{"summary":176,"deductions":177},"The 'highlight-author-comments' plugin version 1.0.2 presents a generally positive security posture based on the provided static analysis. It exhibits a lack of identified attack surface, meaning there are no readily accessible entry points like AJAX handlers, REST API routes, or shortcodes that could be directly exploited by attackers. Furthermore, the code signals indicate a diligent use of prepared statements for SQL queries, absence of file operations and external HTTP requests, and the presence of nonce and capability checks, all of which are strong security practices.  However, a significant concern arises from the complete lack of output escaping. With four identified output points and none being properly escaped, this opens the door to potential Cross-Site Scripting (XSS) vulnerabilities. If user-supplied data is ever incorporated into these outputs without sanitization, an attacker could inject malicious scripts. The plugin's vulnerability history is also remarkably clean, with no recorded CVEs, suggesting a history of good security development or at least a lack of past exploitable flaws.  In conclusion, while the plugin demonstrates commendable security fundamentals in its handling of data access and entry points, the critical deficiency in output escaping represents a substantial security risk that needs immediate attention.",[178],{"reason":179,"points":180},"All output escaping missing",12,"2026-03-16T20:02:38.674Z",{"wat":183,"direct":188},{"assetPaths":184,"generatorPatterns":185,"scriptPaths":186,"versionParams":187},[],[],[],[],{"cssClasses":189,"htmlComments":190,"htmlAttributes":191,"restEndpoints":193,"jsGlobals":194,"shortcodeOutput":195},[],[],[192],"style",[],[],[196,197,198,199,200],"\u003Cdiv style=\"","\u003Cp>","\u003C\u002Fdiv>","\u003Cspan style=\"","\u003C\u002Fspan>"]