[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8PaaJR7V3MU1hfyy6x-PBVfuB-BZ5VUofm2XGOpFtTs":3,"$fdYQaRqjgfqY51GI1EY8gHv34kVF0YKHZn8u-RvMNaUE":254,"$frI-42wAFQH27veELOe8DhbBI2okSxdaWESxB3JpLSes":259},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":34,"analysis":35,"fingerprints":223},"image-in-the-widget","Image In The Widget","2.0.1","Sapian Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Fsapian-technologies\u002F","\u003Cp>A simple widget that uses the native WordPress media manager to add images to widget of your site. You can add any number of images. You can give Links, Title, Descriptions for each images .\u003C\u002Fp>\n","A simple widget that uses the native WordPress media manager to add images to widget of your site.",30,3095,100,1,"2013-03-20T04:39:00.000Z","3.5.2","3.3","",[20,21],"image-in-the-sidebar","image-widget-for-wordpress","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fimage-in-the-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-in-the-widget.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":11,"trust_score":32,"computed_at":33},"sapian-technologies",84,"2026-05-20T02:08:07.130Z",[],{"attackSurface":36,"codeSignals":67,"taintFlows":216,"riskAssessment":217,"analyzedAt":222},{"hooks":37,"ajaxHandlers":63,"restRoutes":64,"shortcodes":65,"cronEvents":66,"entryPointCount":25,"unprotectedCount":25},[38,44,48,52,56,60],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","widgets_init","sap_load_image_widget","image-widget.php",19,{"type":39,"name":45,"callback":46,"file":42,"line":47},"sidebar_admin_setup","admin_setup",44,{"type":39,"name":49,"callback":50,"file":42,"line":51},"admin_head-widgets.php","admin_head",46,{"type":39,"name":53,"callback":53,"priority":54,"file":42,"line":55},"plugin_row_meta",10,48,{"type":39,"name":57,"callback":58,"file":42,"line":59},"admin_notices","post_upgrade_nag",50,{"type":39,"name":61,"callback":58,"file":42,"line":62},"network_admin_notices",51,[],[],[],[],{"dangerousFunctions":68,"sqlUsage":69,"outputEscaping":71,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":214,"bundledLibraries":215},[],{"prepared":25,"raw":25,"locations":70},[],{"escaped":72,"rawEcho":73,"locations":74},26,99,[75,78,80,82,83,85,86,87,88,89,90,91,93,94,96,97,98,100,101,102,103,105,107,108,109,110,112,114,115,116,118,120,121,122,124,126,127,128,130,131,132,134,135,136,137,139,141,143,144,145,147,148,149,150,152,154,155,156,158,159,160,161,162,163,165,167,168,170,171,173,174,176,177,178,179,181,182,184,186,187,188,190,192,193,194,195,197,199,200,201,202,204,206,207,209,210,211,212,213],{"file":42,"line":76,"context":77},388,"raw output",{"file":79,"line":54,"context":77},"views\\widget-admin.deprecated.php",{"file":79,"line":81,"context":77},11,{"file":79,"line":81,"context":77},{"file":79,"line":84,"context":77},13,{"file":79,"line":43,"context":77},{"file":79,"line":43,"context":77},{"file":79,"line":43,"context":77},{"file":79,"line":43,"context":77},{"file":79,"line":43,"context":77},{"file":79,"line":43,"context":77},{"file":79,"line":92,"context":77},20,{"file":79,"line":92,"context":77},{"file":79,"line":95,"context":77},22,{"file":79,"line":95,"context":77},{"file":79,"line":95,"context":77},{"file":79,"line":99,"context":77},25,{"file":79,"line":72,"context":77},{"file":79,"line":72,"context":77},{"file":79,"line":72,"context":77},{"file":79,"line":104,"context":77},28,{"file":79,"line":106,"context":77},29,{"file":79,"line":106,"context":77},{"file":79,"line":11,"context":77},{"file":79,"line":11,"context":77},{"file":79,"line":111,"context":77},35,{"file":79,"line":113,"context":77},36,{"file":79,"line":113,"context":77},{"file":79,"line":113,"context":77},{"file":79,"line":117,"context":77},38,{"file":79,"line":119,"context":77},39,{"file":79,"line":119,"context":77},{"file":79,"line":119,"context":77},{"file":79,"line":123,"context":77},41,{"file":79,"line":125,"context":77},42,{"file":79,"line":125,"context":77},{"file":79,"line":125,"context":77},{"file":79,"line":129,"context":77},49,{"file":79,"line":59,"context":77},{"file":79,"line":59,"context":77},{"file":133,"line":84,"context":77},"views\\widget-admin.php",{"file":133,"line":84,"context":77},{"file":133,"line":84,"context":77},{"file":133,"line":84,"context":77},{"file":133,"line":138,"context":77},14,{"file":133,"line":140,"context":77},15,{"file":133,"line":142,"context":77},17,{"file":133,"line":142,"context":77},{"file":133,"line":142,"context":77},{"file":133,"line":146,"context":77},18,{"file":133,"line":146,"context":77},{"file":133,"line":146,"context":77},{"file":133,"line":95,"context":77},{"file":133,"line":151,"context":77},23,{"file":133,"line":153,"context":77},24,{"file":133,"line":153,"context":77},{"file":133,"line":72,"context":77},{"file":133,"line":157,"context":77},27,{"file":133,"line":157,"context":77},{"file":133,"line":106,"context":77},{"file":133,"line":11,"context":77},{"file":133,"line":11,"context":77},{"file":133,"line":11,"context":77},{"file":133,"line":164,"context":77},32,{"file":133,"line":166,"context":77},33,{"file":133,"line":166,"context":77},{"file":133,"line":169,"context":77},34,{"file":133,"line":169,"context":77},{"file":133,"line":172,"context":77},43,{"file":133,"line":47,"context":77},{"file":133,"line":175,"context":77},45,{"file":133,"line":175,"context":77},{"file":133,"line":175,"context":77},{"file":133,"line":175,"context":77},{"file":133,"line":180,"context":77},57,{"file":133,"line":180,"context":77},{"file":133,"line":183,"context":77},62,{"file":133,"line":185,"context":77},64,{"file":133,"line":185,"context":77},{"file":133,"line":185,"context":77},{"file":133,"line":189,"context":77},66,{"file":133,"line":191,"context":77},67,{"file":133,"line":191,"context":77},{"file":133,"line":191,"context":77},{"file":133,"line":191,"context":77},{"file":133,"line":196,"context":77},69,{"file":133,"line":198,"context":77},70,{"file":133,"line":198,"context":77},{"file":133,"line":198,"context":77},{"file":133,"line":198,"context":77},{"file":133,"line":203,"context":77},74,{"file":133,"line":205,"context":77},75,{"file":133,"line":205,"context":77},{"file":208,"line":81,"context":77},"views\\widget.php",{"file":208,"line":84,"context":77},{"file":208,"line":140,"context":77},{"file":208,"line":146,"context":77},{"file":208,"line":43,"context":77},{"file":208,"line":95,"context":77},2,[],[],{"summary":218,"deductions":219},"The \"image-in-the-widget\" v2.0.1 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of known CVEs and a clean vulnerability history are highly positive indicators, suggesting a well-maintained and secure codebase over time. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding file operations and external HTTP requests, which are common vectors for vulnerabilities. The attack surface is notably zero, indicating no direct entry points like AJAX handlers, REST API routes, or shortcodes, further enhancing its security.\n\nHowever, a significant concern arises from the low percentage of properly escaped output (21%). This suggests a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data, if not properly sanitized before being displayed, could be injected and executed in the user's browser. While there are capability checks present, the lack of explicit nonce checks on potential AJAX handlers (though none are reported here) and the limited output escaping are areas that require immediate attention. The absence of taint analysis results is neutral, as it could mean no flows were found or the analysis was not performed adequately. Overall, the plugin has a good foundation, but the unescaped output is a critical weakness that could lead to serious security issues.",[220],{"reason":221,"points":140},"Low output escaping percentage","2026-03-16T22:26:13.266Z",{"wat":224,"direct":233},{"assetPaths":225,"generatorPatterns":227,"scriptPaths":228,"versionParams":230},[226],"\u002Fwp-content\u002Fplugins\u002Fimage-in-the-widget\u002Flang\u002F",[],[229],"\u002Fwp-content\u002Fplugins\u002Fimage-in-the-widget\u002Fresources\u002Fjs\u002Fimage-widget.js",[231,232],"image-in-the-widget\u002Fstyle.css?ver=","image-in-the-widget\u002Fresources\u002Fjs\u002Fimage-widget.js?ver=",{"cssClasses":234,"htmlComments":237,"htmlAttributes":238,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":253},[235,236],"widget_sp_image","sap_preview",[],[239,240,241,242,243,244,245,246,247,248,249],"data-attachment_id","data-image_id","data-link","data-linktarget","data-width","data-height","data-size","data-align","data-alt","data-title","data-description",[],[252],"sapImageWidget",[],{"error":255,"url":256,"statusCode":257,"statusMessage":258,"message":258},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fimage-in-the-widget\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":260},[261],{"version":6,"download_url":262,"svn_tag_url":263,"released_at":26,"has_diff":264,"diff_files_changed":265,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":266,"is_current":255},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-in-the-widget.2.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fimage-in-the-widget\u002Ftags\u002F2.0.1\u002F",false,[],[]]