[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2t416azobt5NmRdWjkZjNV6_8rtnO7HBvqZh_kxoHxo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":137,"fingerprints":421},"hikari-enhanced-comments","Hikari Enhanced Comments","0.03.05","","https:\u002F\u002Fprofiles.wordpress.org\u002Fshidouhikari\u002F","\u003Cp>\u003Cstrong>Hikari Enhanced Comments\u003C\u002Fstrong> enhances comments with features that make comments more visible and and becoming more exciting in website structure.\u003C\u002Fp>\n\u003Cp>Things that you’ve been wanted to do, now can be done much easier.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>An \u003Cstrong>Enhanced Recent Comments\u003C\u002Fstrong> \u003Cem>widget\u003C\u002Fem>, based on WordPress core widget, but redesigned to make it possible to show at least 60 last comments.\u003C\u002Fli>\n\u003Cli>ERC widget allows to exclude users from having their comments shown, perfect for website owners and authors that really participate on their site’s comment debates 😉\u003C\u002Fli>\n\u003Cli>If you also have \u003Ca href=\"http:\u002F\u002FHikari.ws\u002Ftitled-comments\u002F\" rel=\"nofollow ugc\">Hikari Titled Comments\u003C\u002Fa> plugin installed, comments with titles have their titles listed\u003C\u002Fli>\n\u003Cli>Comments authors have their gravatar shown in the ERC widget\u003C\u002Fli>\n\u003Cli>For pingbacks, their gravatar is replaced by a “P” icon\u003C\u002Fli>\n\u003Cli>A \u003Cstrong>Most Commented Posts\u003C\u002Fstrong> \u003Cem>widget\u003C\u002Fem>, that lists your posts with higher number of comments\u003C\u002Fli>\n\u003Cli>If you have ip2nation installed (see installation instructions), comment authors are also shown with a flag of their country, in Enhanced Recent Comments widget and in comments area\u003C\u002Fli>\n\u003Cli>Country flags can be added anywhere in your site, you just need to tweak your theme and use your imagination\u003C\u002Fli>\n\u003C\u002Ful>\n","Comments are enhanced with new features that make them more visible and becoming more exciting in website structure.",10,7777,0,"2010-06-08T16:49:00.000Z","2.9.2","2.8.0",[18,19,20,21,22],"comment","comments","title","titled","widget","http:\u002F\u002FHikari.ws\u002Fenhanced-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhikari-enhanced-comments.0.03.05.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":30,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"shidouhikari",6,350,30,84,"2026-04-05T15:26:32.632Z",[37,50,73,95,117],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":15,"requires_at_least":45,"requires_php":7,"tags":46,"homepage":48,"download_link":49,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"hikari-title-comments","Hikari Titled Comments","0.02.02","\u003Cp>One of the best features Drupal has and I miss in WordPress is the possibility to set title to comments.\u003C\u002Fp>\n\u003Cp>With a title, we can identify the comment subject, it can be resumed to a phrase. Comments become more similar to articles and aggregate more value.\u003C\u002Fp>\n\u003Cp>I like to see comments as mini-articles. The post being the main article and comments being mini-articles that extend the main one. Now with title, WordPress comments are a bit closer to that approach.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fhikari.ws\u002Ftitled-comments\u002F\" rel=\"nofollow ugc\">Hikari Titled Comments\u003C\u002Fa> enables each comment to have a title, so that commentators can give a subject meaning to their comments.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Comments titles are stored as comment metadata.\u003C\u002Fli>\n\u003Cli>It’s easy for themes to add support the plugin, being the support optional and when the plugin is not available the support just remains hidden.\u003C\u002Fli>\n\u003Cli>A simple function prints the comment title if there is one, or prints nothing if current comment doesn’t have a title.\u003C\u002Fli>\n\u003Cli>Comments titles can be edited from admin comment edit page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I dedicate Hikari Titled Comments to \u003Cstrong>Chiih-chan\u003C\u002Fstrong>, my kawaii great frient ^-^\u003C\u002Fp>\n","Hikari Titled Comments enables each comment to have a title, so that commentators can give a subject meaning to their comments.",6422,"2010-03-13T23:06:00.000Z","2.9.0",[18,19,47,20,21],"metadata","http:\u002F\u002Fhikari.ws\u002Ftitled-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhikari-title-comments.0.02.02.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":71,"download_link":72,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"remove-noreferrer","Remove noreferrer","2.0.0","gruz0","https:\u002F\u002Fprofiles.wordpress.org\u002Fgruz0\u002F","\u003Cp>\u003Cstrong>“Remove noreferrer” automatically removes \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode> attribute from links on your website on-the-fly.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Plugin does not modify original links or content in the database.\u003C\u002Fp>\n\u003Ch3>Which kind of content supported?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Blog page (homepage, etc.)\u003C\u002Fli>\n\u003Cli>Comments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Also it supports standard WordPress widgets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“Text”\u003C\u002Fli>\n\u003Cli>“Custom HTML”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Docs & Support\u003C\u002Fh4>\n\u003Cp>This plugin is an open source project and we would love you to help us make it better. If you want a new feature will be implemented in this plugin, you can open a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgruz0\u002Fremove-noreferrer\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">GitHub Issue\u003C\u002Fa>. If you don’t have a GitHub Account you can send me email to \u003Ca href=\"mailto:alexander@kadyrov.dev\" rel=\"nofollow ugc\">alexander@kadyrov.dev\u003C\u002Fa>. You can find more detailed information about plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgruz0\u002Fremove-noreferrer\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fgruz0\" rel=\"nofollow ugc\">Buy Me a Coffee\u003C\u002Fa>\u003C\u002Fp>\n","\"Remove noreferrer\" automatically removes rel=\"noreferrer\" attribute from links on your website on-the-fly.",5000,15740,100,14,"2021-01-04T11:56:00.000Z","5.6.17","5.1","5.6",[19,67,68,69,70],"noreferrer","page","post","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-noreferrer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-noreferrer.2.0.0.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"better-recent-comments","Better Recent Comments","1.2.0","Kestrel","https:\u002F\u002Fprofiles.wordpress.org\u002Fkestrelwp\u002F","\u003Cp>The default Recent Comments widget is somewhat limited. Better Recent Comments improves on this by providing a more flexible widget with options to show the user’s actual comment, as well as show avatars and the ability to show or hide the comment date.\u003C\u002Fp>\n\u003Cp>As well as the widget, there’s a handy shortcode you can use to display your recent comments. This is useful if you need to display comments somewhere other than your sidebar or footer, such as on your homepage. Simply add the shortcode \u003Ccode>[better_recent_comments]\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>That’s not all! The plugin is also WPML compatible, which means that the comments will be restricted to those in the current language. The default WordPress widget will list all recent comments, regardless of language, so you might end up with comments for German-language posts in the sidebar of your English site. Better Recent Comments solves this and makes sure the comments are for the current language only.\u003C\u002Fp>\n\u003Cp>Translations currently provided in Spanish, French and Italian.\u003C\u002Fp>\n\u003Cp>View the full \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002Fkb-categories\u002Fbetter-recent-comments-kb\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> in our Knowledge Base.\u003C\u002Fp>\n\u003Cp>Options available with the shortcode:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>format\u003C\u002Fcode> – the format of each recent comment. This option uses ‘placeholders’ which are substituted with the actual data when the comments are displayed. See the FAQs for details.\u003C\u002Fli>\n\u003Cli>\u003Ccode>number\u003C\u002Fcode> – the number of comments to display. Default: 5 comments\u003C\u002Fli>\n\u003Cli>\u003Ccode>date_format\u003C\u002Fcode> – the date and time format to use. Like WordPress, this uses a PHP date format. It defaults to ‘M j, H:i’. See \u003Ca href=\"https:\u002F\u002Fbarn2.com\u002FPHP-Date-Format.pdf\" rel=\"nofollow ugc\">this cheat sheet\u003C\u002Fa> for a full list of date and time options.\u003C\u002Fli>\n\u003Cli>\u003Ccode>avatar_size\u003C\u002Fcode> – the size of the avatar in pixels. Only used if you have included {avatar} in your comment format (see ‘format’ option). Default: 50\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_status\u003C\u002Fcode> – the status of posts to retrieve comments for. Defaults to ‘publish’. Can be a single status or a comma-separated list, or ‘any’ to show comments for all post statuses.\u003C\u002Fli>\n\u003Cli>\u003Ccode>post_type\u003C\u002Fcode> – the post type to retrieve comments for. Accepts a single or multiple post types (e.g. ‘post’ or ‘post, dlp_document’) or ‘any’ to show comments for all post types. Default: ‘any’\u003C\u002Fli>\n\u003Cli>\u003Ccode>excerpts\u003C\u002Fcode> – set to ‘true’ to show an excerpt of the comment (limited to 20 words), or ‘false’ to show the full comment. Default: true\u003C\u002Fli>\n\u003Cli>\u003Ccode>replies\u003C\u002Fcode> – set to ‘true’ to also show responses to comments, or ‘false’ to only see the top level comments. Default: true\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides an improved Recent Comments widget and a shortcode to display your recent comments on any post or page.",3000,66663,92,17,"2024-03-28T02:06:00.000Z","6.5.8","6.0","7.4",[90,19,91,22,92],"avatar","shortcode","wpml","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetter-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-recent-comments.1.2.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":115,"download_link":116,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"comments-widget-plus","Recent Comments Widget Plus","1.3","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatrya\u002F","\u003Cp>This plugin will enable a custom and advanced \u003Cstrong>recent comments widget\u003C\u002Fstrong>. Allows you to display a list of the most recent comments with avatar and excerpt, you can also choose which to show newer comments first or older comments first and choose comments from any post type.\u003C\u002Fp>\n\u003Ch4>Support this project\u003C\u002Fh4>\n\u003Cp>If you are enjoying this plugin. I would appreciate a cup of coffee to help me keep coding and supporting the project! \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fsatrya\" rel=\"nofollow ugc\">Support & donate\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display avatar with customizable size.\u003C\u002Fli>\n\u003Cli>Display comment excerpt with customizable length.\u003C\u002Fli>\n\u003Cli>Exclude pingback & trackback\u003C\u002Fli>\n\u003Cli>Post type option.\u003C\u002Fli>\n\u003Cli>Offset option.\u003C\u002Fli>\n\u003Cli>Option to choose the comments order.\u003C\u002Fli>\n\u003Cli>Allows you to set title url.\u003C\u002Fli>\n\u003Cli>Custom CSS class.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcomments-widget-plus\u002F\" rel=\"nofollow ugc\">Translate to your language\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Contribute or submit issues on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsatrya\u002Fcomments-widget-plus\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides custom recent comments widget with extra features such as display avatar, comment excerpt and much more!",2000,49264,94,20,"2022-10-26T16:06:00.000Z","6.1.10","5.8","7.2",[90,112,113,114,22],"excerpt","recent-comments","recent-comments-widget","https:\u002F\u002Fidenovasi.com\u002Fprojects\u002Fcomments-widget-plus\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-widget-plus.1.3.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":7,"tags":132,"homepage":135,"download_link":136,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"bwp-recent-comments","Better WordPress Recent Comments","1.2.2","Khang Minh","https:\u002F\u002Fprofiles.wordpress.org\u002Foddoneout\u002F","\u003Cp>This plugin displays recent comment lists at assigned locations. It does not add any significant load to your website. The comment list is updated on the fly when a visitor adds a comment or when you moderate one. No additional queries are needed for end-users.\u003C\u002Fp>\n\u003Cp>A recent comment list, in my opinion, can help stimulate discussion and exploration of your blog tremendously. Now for the past few months I have been using a plugin called Get Recent Comments; though this plugin is configurable and indeed popular, the code is somehow messy and no support for custom post type is found. The worst thing is Get Recent Comment doesn’t seem to be updated anymore, so I decide to write another recent comment plugin which is more lightweight and makes use of some nice features provided by WordPress 3.0.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Powerup your recent comment list today!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Group comments by post (inspired by the classic Get Recent Comments plugin).\u003C\u002Fli>\n\u003Cli>AJAX navigation for any recent comment list you want!\u003C\u002Fli>\n\u003Cli>Has the options to show comment only, trackback only, or show both (separately or all together)\u003C\u002Fli>\n\u003Cli>Get comments from a specific post, using either ID or post name (slug).\u003C\u002Fli>\n\u003Cli>Possibility to add different comment lists with different settings on one page\u003C\u002Fli>\n\u003Cli>You can show comments on a separate page, with pagination and custom template!\u003C\u002Fli>\n\u003Cli>You can sort comment lists descendingly or ascendingly\u003C\u002Fli>\n\u003Cli>Supports custom post type\u003C\u002Fli>\n\u003Cli>Supports Gravatar\u003C\u002Fli>\n\u003Cli>Supports smiley\u003C\u002Fli>\n\u003Cli>Widget-ready\u003C\u002Fli>\n\u003Cli>Template functions ready\u003C\u002Fli>\n\u003Cli>Generate Zero SQL query for end-users\u003C\u002Fli>\n\u003Cli>Possibility to trim post title to a certain number of words.\u003C\u002Fli>\n\u003Cli>Possibility to trim comment to a specific number of words\u003C\u002Fli>\n\u003Cli>Possibility to split long words into smaller chunks\u003C\u002Fli>\n\u003Cli>WordPress Multi-site compatible (not tested with WPMU)\u003C\u002Fli>\n\u003Cli>And more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get in touch\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>I’m available at \u003Ca href=\"http:\u002F\u002Fbetterwp.net\" rel=\"nofollow ugc\">BetterWP.net\u003C\u002Fa> and you can also follow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002F0dd0ne0ut\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out \u003Ca href=\"http:\u002F\u002Ffeeds.feedburner.com\u002FBetterWPnet\" rel=\"nofollow ugc\">latest WordPress Tips and Ideas\u003C\u002Fa> from BetterWP.net.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>French 1.1.0 (fr_FR) – Thanks to \u003Ca href=\"http:\u002F\u002Fmaitremo.fr\" rel=\"nofollow ugc\">Ma�tre M�\u003C\u002Fa>!\u003C\u002Fli>\n\u003Cli>Russian 1.1.0 (ru_RU) – Thanks to Konstantin (kg69design)!\u003C\u002Fli>\n\u003Cli>Ukrainian 1.1.0 (ua_UA) – Thanks to Konstantin (kg69design)!\u003C\u002Fli>\n\u003Cli>Portuguese 1.2.1 (pt_PT) – Thanks to Marcus (http:\u002F\u002Fwww.maniadecelular.com.br)!\u003C\u002Fli>\n\u003Cli>Spanish 1.2.1 (es_ES) – Thanks to Jordi!\u003C\u002Fli>\n\u003Cli>Polish 1.2.1 (pl_PL) – Thanks to Jarek!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-tips\u002Fcreate-pot-file-using-poedit\u002F\" rel=\"nofollow ugc\">help translate\u003C\u002Fa> this plugin!\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-recent-comments\u002F\" rel=\"nofollow ugc\">Plugin’s Official Page\u003C\u002Fa> for more information!\u003C\u002Fp>\n","This plugin displays recent comment lists at assigned locations, with comprehensive support for widgets.",600,55904,90,15,"2017-11-28T21:47:00.000Z","3.7.41","2.8",[19,113,133,134],"recent-comments-widgets","wordpress-recent-comments","http:\u002F\u002Fbetterwp.net\u002Fwordpress-plugins\u002Fbwp-recent-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbwp-recent-comments.zip",{"attackSurface":138,"codeSignals":185,"taintFlows":353,"riskAssessment":405,"analyzedAt":420},{"hooks":139,"ajaxHandlers":181,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":13,"unprotectedCount":13},[140,146,151,155,159,162,165,167,169,174,178],{"type":141,"name":142,"callback":143,"file":144,"line":145},"filter","get_comment_author","authorFilter","hikari-enhanced-comments-core.php",48,{"type":147,"name":148,"callback":149,"file":144,"line":150},"action","widgets_init","HkEC_widgets_registration",163,{"type":147,"name":152,"callback":153,"file":144,"line":154},"wp_head","recent_comments_style",182,{"type":147,"name":156,"callback":157,"file":144,"line":158},"comment_post","flush_widget_cache",187,{"type":147,"name":160,"callback":157,"file":144,"line":161},"transition_comment_status",190,{"type":147,"name":152,"callback":163,"file":144,"line":164},"commented_posts_style",354,{"type":147,"name":156,"callback":157,"file":144,"line":166},358,{"type":147,"name":160,"callback":157,"file":144,"line":168},361,{"type":147,"name":170,"callback":171,"file":172,"line":173},"plugins_loaded","startup","hikari-tools.php",33,{"type":147,"name":175,"callback":176,"file":172,"line":177},"admin_init","options_init",357,{"type":147,"name":179,"callback":180,"file":172,"line":166},"admin_menu","menuPrepare",[],[],[],[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":194,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":352},[],{"prepared":188,"raw":189,"locations":190},2,1,[191],{"file":144,"line":192,"context":193},63,"$wpdb->get_row() with variable interpolation",{"escaped":195,"rawEcho":196,"locations":197},7,93,[198,200,202,204,206,208,210,212,213,214,216,218,219,220,222,224,225,226,228,230,232,234,236,238,239,240,242,244,245,246,249,251,253,254,255,257,259,260,262,264,266,268,270,272,273,274,275,276,278,280,282,283,284,285,286,288,290,292,294,295,297,299,301,302,303,305,306,308,310,312,313,314,316,317,319,320,322,324,326,328,330,332,333,335,337,339,341,343,344,346,348,349,350],{"file":144,"line":11,"context":199},"raw output",{"file":144,"line":201,"context":199},232,{"file":144,"line":203,"context":199},233,{"file":144,"line":205,"context":199},271,{"file":144,"line":207,"context":199},281,{"file":144,"line":209,"context":199},292,{"file":144,"line":211,"context":199},293,{"file":144,"line":211,"context":199},{"file":144,"line":211,"context":199},{"file":144,"line":215,"context":199},295,{"file":144,"line":217,"context":199},296,{"file":144,"line":217,"context":199},{"file":144,"line":217,"context":199},{"file":144,"line":221,"context":199},299,{"file":144,"line":223,"context":199},300,{"file":144,"line":223,"context":199},{"file":144,"line":223,"context":199},{"file":144,"line":227,"context":199},397,{"file":144,"line":229,"context":199},398,{"file":144,"line":231,"context":199},420,{"file":144,"line":233,"context":199},430,{"file":144,"line":235,"context":199},440,{"file":144,"line":237,"context":199},441,{"file":144,"line":237,"context":199},{"file":144,"line":237,"context":199},{"file":144,"line":241,"context":199},443,{"file":144,"line":243,"context":199},444,{"file":144,"line":243,"context":199},{"file":144,"line":243,"context":199},{"file":247,"line":248,"context":199},"hikari-enhanced-comments-options.php",72,{"file":247,"line":250,"context":199},77,{"file":247,"line":252,"context":199},78,{"file":247,"line":25,"context":199},{"file":247,"line":25,"context":199},{"file":247,"line":256,"context":199},86,{"file":247,"line":258,"context":199},88,{"file":172,"line":60,"context":199},{"file":172,"line":261,"context":199},108,{"file":172,"line":263,"context":199},109,{"file":172,"line":265,"context":199},114,{"file":172,"line":267,"context":199},127,{"file":172,"line":269,"context":199},488,{"file":172,"line":271,"context":199},490,{"file":172,"line":271,"context":199},{"file":172,"line":271,"context":199},{"file":172,"line":271,"context":199},{"file":172,"line":271,"context":199},{"file":172,"line":277,"context":199},492,{"file":172,"line":279,"context":199},508,{"file":172,"line":281,"context":199},510,{"file":172,"line":281,"context":199},{"file":172,"line":281,"context":199},{"file":172,"line":281,"context":199},{"file":172,"line":281,"context":199},{"file":172,"line":287,"context":199},512,{"file":172,"line":289,"context":199},521,{"file":172,"line":291,"context":199},523,{"file":172,"line":293,"context":199},529,{"file":172,"line":293,"context":199},{"file":172,"line":296,"context":199},534,{"file":172,"line":298,"context":199},543,{"file":172,"line":300,"context":199},558,{"file":172,"line":300,"context":199},{"file":172,"line":300,"context":199},{"file":172,"line":304,"context":199},559,{"file":172,"line":304,"context":199},{"file":172,"line":307,"context":199},563,{"file":172,"line":309,"context":199},572,{"file":172,"line":311,"context":199},592,{"file":172,"line":311,"context":199},{"file":172,"line":311,"context":199},{"file":172,"line":315,"context":199},593,{"file":172,"line":315,"context":199},{"file":172,"line":318,"context":199},597,{"file":172,"line":318,"context":199},{"file":172,"line":321,"context":199},599,{"file":172,"line":323,"context":199},664,{"file":172,"line":325,"context":199},665,{"file":172,"line":327,"context":199},666,{"file":172,"line":329,"context":199},697,{"file":172,"line":331,"context":199},722,{"file":172,"line":331,"context":199},{"file":172,"line":334,"context":199},732,{"file":172,"line":336,"context":199},747,{"file":172,"line":338,"context":199},749,{"file":172,"line":340,"context":199},799,{"file":172,"line":342,"context":199},871,{"file":172,"line":342,"context":199},{"file":172,"line":345,"context":199},911,{"file":172,"line":347,"context":199},913,{"file":172,"line":347,"context":199},{"file":172,"line":347,"context":199},{"file":172,"line":351,"context":199},965,[],[354,371,386,396],{"entryPoint":355,"graph":356,"unsanitizedCount":189,"severity":370},"options_page_middle (hikari-enhanced-comments-options.php:66)",{"nodes":357,"edges":367},[358,362],{"id":359,"type":360,"label":361,"file":247,"line":250},"n0","source","$_SERVER['REMOTE_ADDR']",{"id":363,"type":364,"label":365,"file":247,"line":250,"wp_function":366},"n1","sink","echo() [XSS]","echo",[368],{"from":359,"to":363,"sanitized":369},false,"medium",{"entryPoint":372,"graph":373,"unsanitizedCount":189,"severity":370},"debugRequestParameters (hikari-tools.php:827)",{"nodes":374,"edges":383},[375,378,381],{"id":359,"type":360,"label":376,"file":172,"line":377},"$_REQUEST",831,{"id":363,"type":379,"label":380,"file":172,"line":377},"transform","→ dump()",{"id":382,"type":364,"label":365,"file":172,"line":263,"wp_function":366},"n2",[384,385],{"from":359,"to":363,"sanitized":369},{"from":363,"to":382,"sanitized":369},{"entryPoint":387,"graph":388,"unsanitizedCount":189,"severity":370},"\u003Chikari-tools> (hikari-tools.php:0)",{"nodes":389,"edges":393},[390,391,392],{"id":359,"type":360,"label":376,"file":172,"line":377},{"id":363,"type":379,"label":380,"file":172,"line":377},{"id":382,"type":364,"label":365,"file":172,"line":263,"wp_function":366},[394,395],{"from":359,"to":363,"sanitized":369},{"from":363,"to":382,"sanitized":369},{"entryPoint":397,"graph":398,"unsanitizedCount":189,"severity":404},"\u003Chikari-enhanced-comments-options> (hikari-enhanced-comments-options.php:0)",{"nodes":399,"edges":402},[400,401],{"id":359,"type":360,"label":361,"file":247,"line":250},{"id":363,"type":364,"label":365,"file":247,"line":250,"wp_function":366},[403],{"from":359,"to":363,"sanitized":369},"low",{"summary":406,"deductions":407},"The \"hikari-enhanced-comments\" plugin, at version 0.03.05, exhibits a concerning security posture despite a clean vulnerability history.  While the plugin has no recorded CVEs and a seemingly limited attack surface, the static analysis reveals significant weaknesses.  A critical finding is that 100% of outputs are not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities.  Furthermore, all four analyzed taint flows have unsanitized paths, although they are not classified as critical or high severity, this still suggests potential for data manipulation or leakage if these flows are ever exposed through an attack vector.\n\nThe complete lack of capability checks and nonce checks, coupled with the absence of authentication on any potential entry points (even though none are explicitly listed in the attack surface), is a major red flag. This implies that even if the plugin were to introduce new entry points or if an attacker found a way to trigger existing code paths indirectly, there would be no security checks in place to prevent unauthorized actions. The vulnerability history being completely clean might be due to the plugin's low adoption, recent development, or simply a lack of dedicated security auditing.  However, the code signals strongly suggest that the plugin is not production-ready from a security perspective, particularly concerning XSS and the lack of fundamental security controls.",[408,410,413,416,418],{"reason":409,"points":128},"Output escaping: 100% outputs unescaped",{"reason":411,"points":412},"Taint flows with unsanitized paths (4\u002F4)",12,{"reason":414,"points":415},"No nonce checks",5,{"reason":417,"points":415},"No capability checks",{"reason":419,"points":415},"SQL queries: 33% not using prepared statements","2026-03-17T00:12:17.126Z",{"wat":422,"direct":432},{"assetPaths":423,"generatorPatterns":427,"scriptPaths":428,"versionParams":429},[424,425,426],"\u002Fwp-content\u002Fplugins\u002Fhikari-enhanced-comments\u002Fflags\u002F","\u002Fwp-content\u002Fplugins\u002Fhikari-enhanced-comments\u002Fcss\u002Fhikari-enhanced-comments.css","\u002Fwp-content\u002Fplugins\u002Fhikari-enhanced-comments\u002Fjs\u002Fhikari-enhanced-comments.js",[5],[426],[430,431],"hikari-enhanced-comments\u002Fcss\u002Fhikari-enhanced-comments.css?ver=","hikari-enhanced-comments\u002Fjs\u002Fhikari-enhanced-comments.js?ver=",{"cssClasses":433,"htmlComments":441,"htmlAttributes":443,"restEndpoints":445,"jsGlobals":446,"shortcodeOutput":448},[434,435,436,437,438,439,440],"comment-author-flag","widget_hikari_enhanced_recent_comments","hkec-recentcomments-list","hkec-recentcomments-item","avatar_cont","gravar_comment","gravar_ping",[442],"\u003C!-- Enhanced Recent Comments provided by\n\tHikari Enhanced Comments - http:\u002F\u002FHikari.ws -->",[444],"data-hkec-option",[],[447],"hkEC",[]]