[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fU8BJiKDcPOeODm4w02bt6lfDFgYIIMAr1XASXAH-qaY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":130,"fingerprints":174},"hypothesis","Hypothesis","0.7.5","dwhly","https:\u002F\u002Fprofiles.wordpress.org\u002Fdwhly\u002F","\u003Cp>Hypothesis is a web annotation tool that allows users to provide commentary, references, and insight on top of news, blogs, scientific articles, books, terms of service, ballot initiatives, legislation and regulations, software code and more. You can find out more at \u003Ca href=\"http:\u002F\u002Fhypothes.is\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fhypothes.is\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin will allow you to automatically embed Hypothesis in your site.\u003C\u002Fp>\n\u003Cp>Without this plugin, you would have to follow \u003Ca href=\"https:\u002F\u002Fweb.hypothes.is\u002Fhelp\u002Fembedding-hypothesis-in-websites-and-platforms\u002F\" rel=\"nofollow ugc\">these steps\u003C\u002Fa>, but with this plugin you only need to check some checkboxes, and you will be good to go.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fweb.hypothes.is\u002Fterms-of-service\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fweb.hypothes.is\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","An open platform for the collaborative evaluation of knowledge.",200,23423,98,7,"2025-12-02T08:57:00.000Z","6.9.0","6.2","7.4",[20,21,4],"annotation","comments","https:\u002F\u002Fhypothes.is\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhypothesis.0.7.5.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-04T05:16:54.084Z",[35,56,73,90,107],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":30,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":53,"download_link":54,"security_score":55,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"ilannotations","ILAnnotations","0.9.0","lukaiser","https:\u002F\u002Fprofiles.wordpress.org\u002Flukaiser\u002F","\u003Cp>ILAnnotations allows you to select a text in a blog post and add your comment to it.\u003Cbr \u002F>\nThe plugin uses the standard comments engine of WordPress, so all other comment plugins should work just fine with it.\u003Cbr \u002F>\nShortcodes are used to mark the highlighted text. This allows you to still edit a post and move stuff around without losing the annotations.\u003C\u002Fp>\n","Annotate any text in a blog post and add a comment to it.",10,2281,80,"2014-10-06T16:24:00.000Z","4.0.38","3.0.1","",[51,21,52],"annotations","highlight","https:\u002F\u002Fgithub.com\u002Flukaiser\u002FILAnnotations","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Filannotations.zip",85,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":43,"downloaded":64,"rating":25,"num_ratings":25,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":49,"tags":68,"homepage":71,"download_link":72,"security_score":55,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"image-annotations","Image Annotations","1.13","M03G","https:\u002F\u002Fprofiles.wordpress.org\u002Fm03gen\u002F","\u003Cp>Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments. Important: for now the plugin works only with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-images\u002F\" rel=\"ugc\">Comment Images\u003C\u002Fa> plugin (by Tom McFarlin).\u003C\u002Fp>\n\u003Cp>Readers can switch off the visibility of the selections as well as control the display of the comments. Only authorized users can leave annotations (also user can delete his own annotations).\u003C\u002Fp>\n\u003Cp>Плагин Image Annotations позволяет читателям оставлять аннотации к выделенной области на изображении в комментариях. Важно: на данный момент плагин работает только с плагином \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-images\u002F\" rel=\"ugc\">Comment Images\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Читатели могут контролировать видимость выделенных областей на изображении и включать и выключать отображение комментариев. Только зарегистрированные пользователи могут оставлять аннотации (также пользователь может удалить свою аннотацию).\u003C\u002Fp>\n","Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments.",1877,"2015-10-05T19:36:00.000Z","4.3.34","3.8.1",[51,21,69,70],"images","note","http:\u002F\u002Fm03g.guriny.ru\u002Fimage-annotations\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-annotations.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":43,"downloaded":81,"rating":25,"num_ratings":25,"last_updated":82,"tested_up_to":83,"requires_at_least":83,"requires_php":49,"tags":84,"homepage":88,"download_link":89,"security_score":55,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"live-video-annotation","Live Video Annotation","1.0","André Boekhorst","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrex84\u002F","\u003Cp>The Live Video Annotation plugin allows you to add timed footnotes to a YouTube video while you are watching the video. Visitors can see these notes later while watching the video. It’s really easy to use and the interface is designed as if you were chatting away.\u003C\u002Fp>\n\u003Cp>It can be used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add notes to video lectures.\u003C\u002Fli>\n\u003Cli>Give translations to a video.\u003C\u002Fli>\n\u003Cli>Add bookmarks to a video.\u003C\u002Fli>\n\u003Cli>Easily add links to external resources mentioned in a video.\u003C\u002Fli>\n\u003Cli>Create your own Pop-Up Video.\u003C\u002Fli>\n\u003Cli>Whatever you can think of.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More Information on \u003Ca href=\"http:\u002F\u002Fwww.andreboekhorst.nl\u002Fwordpress\u002Flive-video-annotation-plugin\u002F\" title=\"Andre Boekhorst WordPress Amsterdam\" rel=\"nofollow ugc\">the authors website\u003C\u002Fa>.\u003C\u002Fp>\n","The Live Video Annotation plugin allows you to add timed footnotes to a YouTube video. Visitors can see these notes later while watching the video.",2279,"2012-10-06T00:28:00.000Z","3.4.2",[20,85,21,86,87],"comment","video","youtube","http:\u002F\u002Fandreboekhorst.nl\u002Fwordpress\u002Flive-video-annotation-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-video-annotation.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":25,"downloaded":98,"rating":24,"num_ratings":99,"last_updated":49,"tested_up_to":100,"requires_at_least":17,"requires_php":18,"tags":101,"homepage":49,"download_link":105,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":106},"dans-annotator","Dan's Annotator","1.2.0","lazardanlucian","https:\u002F\u002Fprofiles.wordpress.org\u002Flazardanlucian\u002F","\u003Cp>Dan’s Annotator lets logged-in users (and email based collaborators) highlight elements on any page and discuss them in threaded comments. It adds a floating UI to create, browse, and close annotation threads, plus @-mentions with email notifications.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>– Custom database tables for threads, comments, tags, and collaborators (created on activation).\u003Cbr \u002F>\n– Admin bar toggle to enable\u002Fdisable annotation mode for logged-in users.\u003Cbr \u002F>\n– Front-end badges showing counts and a side panel UI for reading\u002Fposting comments.\u003Cbr \u002F>\n– @username tagging with autocomplete and email\u002Fadmin-notice notifications.\u003Cbr \u002F>\n– REST API endpoints used by the front-end JavaScript.\u003Cbr \u002F>\n– Support for outside collaborators with email-based or link-based access.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch3>@ Completion (User Tagging)\u003C\u002Fh3>\n\u003Cp>To mention a registered WordPress user in an annotation comment:\u003Cbr \u002F>\n1. Type \u003Ccode>@\u003C\u002Fcode> followed by the username or email\u003Cbr \u002F>\n2. An autocomplete dropdown will appear showing matching users\u003Cbr \u002F>\n3. Select the user from the list or continue typing their username\u003Cbr \u002F>\n4. The tagged user will receive a notification (admin notice for logged-in users)\u003C\u002Fp>\n\u003Cp>Example: \u003Ccode>@john\u003C\u002Fcode> or \u003Ccode>@admin\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>@email Collaborators (Email-Based Access)\u003C\u002Fh3>\n\u003Cp>To invite external collaborators who don’t have WordPress accounts:\u003Cbr \u002F>\n1. In a comment, type \u003Ccode>@\u003C\u002Fcode> followed by their email address\u003Cbr \u002F>\n2. Example: \u003Ccode>@john@doe.com\u003C\u002Fcode>\u003Cbr \u002F>\n3. The collaborator will automatically be created and receive an email with a secure magic link\u003Cbr \u002F>\n4. They can click the link to access and comment on the specific thread without creating an account\u003Cbr \u002F>\n5. Email-based collaborators are scoped to only the threads they’re tagged in\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> The magic link is unique and secure, tied to their email address. Enable this feature in Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Annotator \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Outside Collaborators.\u003C\u002Fp>\n\u003Ch3>!@link Collaborators (Link-Based Access)\u003C\u002Fh3>\n\u003Cp>For lightweight collaborator access without requiring an email:\u003Cbr \u002F>\n1. In a comment, type \u003Ccode>!@\u003C\u002Fcode> followed by a name\u002Fidentifier\u003Cbr \u002F>\n2. Example: \u003Ccode>!@mike\u003C\u002Fcode> or \u003Ccode>!@designer\u003C\u002Fcode>\u003Cbr \u002F>\n3. A token-based collaborator is created with a shareable link\u003Cbr \u002F>\n4. Copy the generated link from the comment and share it directly\u003Cbr \u002F>\n5. Anyone with the link can participate using that collaborator identity\u003Cbr \u002F>\n6. Link-based collaborators are also scoped to the threads they’re tagged in\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> Enable token-based collaborators in Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Annotator \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Token-based collaborators. This is useful for quick feedback without email verification.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GNU General Public License v2.0 or later.\u003C\u002Fp>\n","Lightweight front-end annotation tool with threads, tagging, and collaborator sessions.",203,2,"6.9.4",[51,102,21,103,104],"collaboration","feedback","page-notes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdans-annotator.1.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":32,"num_ratings":117,"last_updated":118,"tested_up_to":100,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":126,"download_link":127,"security_score":128,"vuln_count":99,"unpatched_count":25,"last_vuln_date":129,"fetched_at":27},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,1173,"2025-11-12T16:31:00.000Z","5.8","7.2",[122,123,21,124,125],"anti-spam","antispam","contact-form","spam","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,"2015-10-13 00:00:00",{"attackSurface":131,"codeSignals":156,"taintFlows":164,"riskAssessment":165,"analyzedAt":173},{"hooks":132,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":25,"unprotectedCount":25},[133,139,143,148],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_menu","add_plugin_page","class-hypothesissettingspage.php",27,{"type":134,"name":140,"callback":141,"file":137,"line":142},"admin_init","page_init",28,{"type":134,"name":144,"callback":145,"file":146,"line":147},"plugins_loaded","Hypothesis\\load_plugin_textdomain","hypothesis.php",34,{"type":134,"name":149,"callback":150,"file":146,"line":151},"wp","Hypothesis\\add_scripts",47,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":163},[],{"prepared":25,"raw":25,"locations":159},[],{"escaped":161,"rawEcho":25,"locations":162},24,[],[],[],{"summary":166,"deductions":167},"The \"hypothesis\" plugin version 0.7.5 exhibits an excellent security posture based on the provided static analysis. There are no identified entry points such as AJAX handlers, REST API routes, or shortcodes that are exposed without proper authentication or permission checks. Furthermore, the code demonstrates strong secure coding practices, with no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The absence of file operations, external HTTP requests, and the lack of known vulnerabilities in its history further solidify its secure configuration.\n\nWhile the analysis indicates a virtually absent attack surface and diligent secure coding, the complete lack of capability checks and nonce checks across any potential, albeit undiscovered, entry points could represent a theoretical concern. This is because the static analysis might not have uncovered all possible interaction points. The plugin's vulnerability history is also remarkably clean, suggesting a well-maintained codebase or limited historical exposure to security testing.\n\nIn conclusion, version 0.7.5 of the \"hypothesis\" plugin appears to be very secure, demonstrating best practices in preventing common WordPress vulnerabilities. The only minor area for potential future scrutiny would be to ensure that any unforeseen or future-developed interaction points are robustly protected by capability and nonce checks, although the current static analysis suggests this is not an immediate threat.",[168,171],{"reason":169,"points":170},"No capability checks identified",5,{"reason":172,"points":170},"No nonce checks identified","2026-03-16T20:22:18.504Z",{"wat":175,"direct":190},{"assetPaths":176,"generatorPatterns":181,"scriptPaths":182,"versionParams":184},[177,178,179,180],"\u002Fwp-content\u002Fplugins\u002Fhypothesis\u002Fjs\u002Fnohighlights.js","\u002Fwp-content\u002Fplugins\u002Fhypothesis\u002Fjs\u002Fshowhighlights.js","\u002Fwp-content\u002Fplugins\u002Fhypothesis\u002Fjs\u002Fsidebaropen.js","\u002Fwp-content\u002Fplugins\u002Fhypothesis\u002Fjs\u002Fvia-pdf.js",[],[183],"https:\u002F\u002Fhypothes.is\u002Fembed.js",[185,186,187,188,189],"hypothesis?ver=","nohighlights.js?ver=","showhighlights.js?ver=","sidebaropen.js?ver=","via-pdf.js?ver=",{"cssClasses":191,"htmlComments":192,"htmlAttributes":193,"restEndpoints":194,"jsGlobals":195,"shortcodeOutput":197},[],[],[],[],[196],"HypothesisPDF",[]]