[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fN6vEzVwiWuMnoSLl5-8dJpAM2j92CCYWrl08vPxbLsU":3,"$fum-FlIwwAwsEkbhaJhvvS4tSU-P56S_u8IIpx88RmR8":268,"$fU8pkJKA0e0Hzm_7fG7Iyz-xNjJFvDDsIO4iMkDnKBFY":273},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":15,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":138,"fingerprints":246},"kau-boys-comment-notification","Kau-Boy's Comment Notification","1.3.1","Bernhard Kau","https:\u002F\u002Fprofiles.wordpress.org\u002Fkau-boy\u002F","\u003Cp>This plugin enables blog admins and editors to manage the notification of incoming comments. As WordPress only has the option to notify on every comment, the email account of the admin may recieve many email each day. Notification is also limited to the admin only, so only the admin user will receive an email for incoming comments.\u003C\u002Fp>\n\u003Cp>Using the plugin you can subscribe to a RSS feed that contains even comments that has to be moderated. Every feed entry has the links to delete a comment, mark a comment as spam or approve a comment, if the comment has to be moderated. If a comment has been marked as spam, it will no longer appear in the feed.\u003C\u002Fp>\n\u003Cp>A list of all of my plugins can be found on the \u003Ca href=\"http:\u002F\u002Fkau-boys.de\u002Fwordpress-plugins?lang=en\" title=\"WordPress Plugins\" rel=\"nofollow ugc\">WordPress Plugin page\u003C\u002Fa> on my blog \u003Ca href=\"http:\u002F\u002Fkau-boys.de\" rel=\"nofollow ugc\">kau-boys.de\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin enables blog admins and editors to manage the notification of incoming comments. It offers a special RSS feed with all comments, including &hellip;",30,6759,0,"2012-11-04T19:56:00.000Z","","2.7",[18,19,20,21,22],"admin","comment","comments","feed","notification","http:\u002F\u002Fkau-boys.de\u002Fwordpress\u002Fkau-boys-comment-notification-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.1.3.1.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"kau-boy",10,7550,93,5,95,"2026-05-20T07:22:21.604Z",[39,61,79,99,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"digest","Digest Notifications","3.0.0","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>When you have lots of new user sign-ups or comments every day, it’s very distracting to receive a single email for each new event.\u003C\u002Fp>\n\u003Cp>With this plugin you get a daily, weekly, or monthly digest of your website’s activity. The digest includes the following events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Core Updates\u003C\u002Fli>\n\u003Cli>New comments that need to be moderated (depending on your settings under ‘Settings’ -> ‘Discussion’)\u003C\u002Fli>\n\u003Cli>New user sign-ups\u003C\u002Fli>\n\u003Cli>Password resets by users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002Fdigest\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Please submit pull requests to the develop branch.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" rel=\"nofollow ugc\">required\u003C\u002Fa>.\u003C\u002Fp>\n","Get a daily, weekly, or monthly digest of what's happening on your site instead of receiving a single email each time.",20,7247,100,1,"2024-11-18T14:34:00.000Z","6.7.5","6.0","7.4",[18,20,56,22,57],"emails","updates","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fdigest-notifications\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigest.3.0.0.zip",92,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":13,"downloaded":69,"rating":49,"num_ratings":50,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":15,"download_link":77,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":78},"notify-all-admins-on-comment","Notify All Admins on Comment","1.0.1","hugowporg","https:\u002F\u002Fprofiles.wordpress.org\u002Fhugowporg\u002F","\u003Cp>By default, WordPress only sends new comment notifications to the post author and the main site administrator email. This can cause delays in comment moderation on sites with multiple administrators.\u003C\u002Fp>\n\u003Cp>Notify All Admins on Comment solves this simple problem with a zero-configuration setup. Once activated, it sends a copy of the moderation email to every user with the ‘Administrator’ role, ensuring the entire team is aware of new comments instantly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, secure, and follows WordPress best practices.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Important Requirement:\u003C\u002Fstrong> This plugin relies on WordPress’s \u003Ccode>wp_mail()\u003C\u002Fcode> function to send email notifications.\u003Cbr \u002F>\nTo work properly, your WordPress environment must have a \u003Cstrong>working SMTP configuration\u003C\u002Fstrong> or email delivery service (such as SendGrid, Mailgun, or a plugin like WP Mail SMTP).\u003Cbr \u002F>\nIf SMTP is not properly configured or is blocked (common in development or staging environments), the plugin will not be able to send notifications. In such cases, WordPress’s default behavior (notifying only the main admin) will apply.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>If this plugin helped you, consider supporting it 🙌\u003Cbr \u002F>\n👉 Donate: https:\u002F\u002Fdonate.stripe.com\u002FfZu4gA7WCbvI4KJabDeZ200\u003C\u002Fp>\n","A simple plugin that ensures all site administrators are notified of new comments, not just the main site admin.",362,"2025-07-13T21:16:00.000Z","6.8.5","5.0","7.0",[18,20,75,76],"email","notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotify-all-admins-on-comment.1.0.1.zip","2026-04-06T09:54:40.288Z",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":32,"last_updated":90,"tested_up_to":71,"requires_at_least":91,"requires_php":15,"tags":92,"homepage":95,"download_link":96,"security_score":97,"vuln_count":50,"unpatched_count":13,"last_vuln_date":98,"fetched_at":27},"one-click-close-comments","One Click Close Comments","3.0","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>From the admin listing of posts (‘Edit Posts’) and pages (‘Edit Pages’), a user can close or open comments to any posts to which they have sufficient privileges to make such changes (essentially admins and post authors for their own posts). This is done via an AJAX-powered color-coded indicator. The color-coding gives instant feedback on the current status of the post for comments: green means the post\u002Fpage is open to comments, red means the post\u002Fpage is closed to comments. Being AJAX-powered means that the change is submitted in the background after being clicked without requiring a page reload.\u003C\u002Fp>\n\u003Cp>This plugin will only function for administrative users in the admin who have JavaScript enabled.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fone-click-close-comments\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-close-comments\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fone-click-close-comments\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>Developer documentation can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fone-click-close-comments\u002Fblob\u002Fmaster\u002FDEVELOPER-DOCS.md\" rel=\"nofollow ugc\">DEVELOPER-DOCS.md\u003C\u002Fa>. That documentation covers the hooks provided by the plugin.\u003C\u002Fp>\n\u003Cp>As an overview, these are the hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>c2c_one_click_close_comments_click_char\u003C\u002Fcode> : Filter to customize the character, string, or markup used as the indicator used to toggle a post’s comment status.\u003C\u002Fli>\n\u003C\u002Ful>\n","Conveniently close or open comments for a post or page with one click from the admin listing of posts.",6000,160184,98,"2025-04-17T20:29:00.000Z","4.7",[18,93,19,20,94],"coffee2code","status","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fone-click-close-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-close-comments.3.0.zip",91,"2024-07-26 13:12:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":15,"tags":114,"homepage":117,"download_link":118,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"relative-url","Relative URL","0.1.8","Sparanoid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsparanoid\u002F","\u003Cp>Relative URL applies the \u003Ccode>wp_make_link_relative\u003C\u002Fcode> function to links (posts, categories, pages, etc.) to convert them to relative URLs. Useful for developers when debugging local WordPress instance on a mobile device (iPad, iPhone, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notice\u003C\u002Fstrong>: This plugin SHOULD be used for local development only. I haven’t tested on a production environment; it \u003Cstrong>may\u003C\u002Fstrong> work with some issues, like unwanted URLs in RSS feed or sharing URLs are replaced with relative URLs, etc.\u003C\u002Fp>\n\u003Cp>More information please visit my \u003Ca href=\"https:\u002F\u002Fsparanoid.com\u002Fwork\u002Frelative-url\u002F\" rel=\"nofollow ugc\">site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Flocalhost:8080\u002Fwp\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Will be converted to:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fwp\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And..\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Flocalhost:8080\u002Fwp\u002F2012\u002F09\u002F01\u002Fhello-world\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Will be converted to:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fwp\u002F2012\u002F09\u002F01\u002Fhello-world\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And..\u003C\u002Fp>\n\u003Cpre>\u003Ccode>http:\u002F\u002Flocalhost:8080\u002Fwp\u002Fwp-content\u002Fthemes\u002Ftwentyeleven\u002Fstyle.css\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Will be converted to:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002Fwp\u002Fwp-content\u002Fthemes\u002Ftwentyeleven\u002Fstyle.css\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then after activating this plugin, you can simply access your local instance using \u003Ccode>http:\u002F\u002F10.0.1.5:8888\u002Fwp\u002F\u003C\u002Fcode> on your iPad or other mobile devices without having styles and navigation issue.\u003C\u002Fp>\n","Relative URL applies wp_make_link_relative function to links to convert them to relative URLs.",3000,108607,84,26,"2021-08-11T18:45:00.000Z","5.8.13","2.1.0",[18,115,19,20,116],"administration","content","https:\u002F\u002Fsparanoid.com\u002Fwork\u002Frelative-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frelative-url.0.1.8.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":60,"num_ratings":47,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":54,"tags":132,"homepage":136,"download_link":137,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"decent-comments","Decent Comments","3.0.2","itthinx","https:\u002F\u002Fprofiles.wordpress.org\u002Fitthinx\u002F","\u003Cp>\u003Cstrong>Decent Comments shows what people say.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Decent Comments plugin helps you show comments on your site in a neat way. It lets you display comments along with avatars of the people who wrote them and previews of what they said. This makes your site more engaging for visitors.\u003C\u002Fp>\n\u003Cp>If you want to show comments along with their author’s avatars \u003Cem>and\u003C\u002Fem> an excerpt of their comment, recent comments on any of your posts, posts from certain categories and other criteria … then this might just be the right plugin for you.\u003C\u002Fp>\n\u003Cp>The plugin provides configurable blocks, widgets, shortcodes and an API to display comments in sensible ways. This includes author avatars, links, comment excerpts …\u003C\u002Fp>\n\u003Cp>Anywhere you place comments, by means of its block, widget, shortcode or by using its API, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Show an excerpt or the full comment. You can choose to not show the comment as well.\u003C\u002Fli>\n\u003Cli>Determine the number of words shown for excerpts.\u003C\u002Fli>\n\u003Cli>Set your kind of ellipsis.\u003C\u002Fli>\n\u003Cli>Set the number of comments to show.\u003C\u002Fli>\n\u003Cli>Show the author’s avatar and determine its size.\u003C\u002Fli>\n\u003Cli>Sort by author email, author URL, content (what’s said in the comment), date, karma or post … in ascending or descending order.\u003C\u002Fli>\n\u003Cli>Show comments for the current post or for a specific post.\u003C\u002Fli>\n\u003Cli>Show comments for a specific post type.\u003C\u002Fli>\n\u003Cli>Show comments for posts in specific categories, for specific tags, … (more precisely: the ability to show comments from posts related to one or more terms in a chosen taxonomy).\u003C\u002Fli>\n\u003Cli>Show comments for a set of posts and\u002For excluding a set of posts.\u003C\u002Fli>\n\u003Cli>and more to come … got suggestions?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fdocs.itthinx.com\u002Fdocument\u002Fdecent-comments\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> pages for details.\u003C\u002Fp>\n\u003Cp>Feedback is welcome. If you need help, have problems, want to leave feedback or want to provide constructive criticism, please do so at the \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\u002Fplugins\u002Fdecent-comments\" rel=\"nofollow ugc\">Decent Comments\u003C\u002Fa> plugin page.\u003C\u002Fp>\n\u003Cp>Please try to solve problems there before you rate this plugin or say it doesn’t work. There goes a \u003Cem>lot\u003C\u002Fem> of work into providing you with free quality plugins! Please appreciate that and help with your feedback. Thanks!\u003C\u002Fp>\n\u003Cp>Follow \u003Ca href=\"https:\u002F\u002Fx.com\u002Fitthinx\" rel=\"nofollow ugc\">@itthinx on X\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fmastodon.social\u002F@itthinx\" rel=\"nofollow ugc\">@itthinx on Mastodon\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fitthinx\u002F\" rel=\"nofollow ugc\">@itthinx on Reddit\u003C\u002Fa> for news and updates on this and other plugins and tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Catalan translation provided by \u003Ca href=\"https:\u002F\u002Fwww.ibidemgroup.com\" rel=\"nofollow ugc\">Ibidem Group\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Chinese translation provided by Francesco from \u003Ca href=\"https:\u002F\u002Fwww.in-cina.com\" rel=\"nofollow ugc\">in Cina\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French translation provided by Thomas Mur from \u003Ca href=\"https:\u002F\u002Fwww.creapage.net\" rel=\"nofollow ugc\">Creapage.net\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German translation provided by the author \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\" rel=\"nofollow ugc\">itthinx\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian translation provided by Francesco from \u003Ca href=\"https:\u002F\u002Fwww.in-cina.com\" rel=\"nofollow ugc\">in Cina\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Lithuanian translation provided by Vincent G from \u003Ca href=\"https:\u002F\u002Fwww.Host1Free.com\" rel=\"nofollow ugc\">Host1Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portuguese translation provided by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Ftopcasinowagering\" rel=\"ugc\">TopCasinoWagering\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russion translation provided by \u003Ca href=\"https:\u002F\u002Farahis.com\" rel=\"nofollow ugc\">Igor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish translation provided by \u003Ca href=\"https:\u002F\u002Fwww.itthinx.com\" rel=\"nofollow ugc\">itthinx\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.ibidem-translations.com\" rel=\"nofollow ugc\">Ibidem Translations\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Many thanks!\u003C\u002Fp>\n","Decent Comments shows what people say. A more engaging way to show comments.",2000,116072,"2026-01-06T14:18:00.000Z","6.9.4","6.5",[19,20,133,134,135],"discussion","feedback","shortcode","https:\u002F\u002Fwww.itthinx.com\u002Fplugins\u002Fdecent-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdecent-comments.3.0.2.zip",{"attackSurface":139,"codeSignals":164,"taintFlows":204,"riskAssessment":230,"analyzedAt":245},{"hooks":140,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":163,"entryPointCount":13,"unprotectedCount":13},[141,147,151,155],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","init","init_comment_notification","comment-notification.php",133,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_menu","comment_notification_admin_menu",134,{"type":142,"name":152,"callback":153,"file":145,"line":154},"wp_dashboard_setup","comment_notification_dashboard_setup",135,{"type":156,"name":157,"callback":158,"priority":32,"file":145,"line":159},"filter","plugin_action_links","comment_notification_filter_plugin_actions",136,[],[],[],[],{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":203},[],{"prepared":50,"raw":50,"locations":167},[168],{"file":169,"line":170,"context":171},"feed.php",36,"$wpdb->get_results() with unsafe: $max_entries",{"escaped":173,"rawEcho":174,"locations":175},2,14,[176,178,180,182,184,185,187,189,191,193,195,197,199,201],{"file":145,"line":25,"context":177},"raw output",{"file":145,"line":179,"context":177},88,{"file":145,"line":181,"context":177},89,{"file":183,"line":32,"context":177},"feed-rss2-comments.php",{"file":183,"line":11,"context":177},{"file":183,"line":186,"context":177},32,{"file":183,"line":188,"context":177},33,{"file":183,"line":190,"context":177},67,{"file":183,"line":192,"context":177},68,{"file":183,"line":194,"context":177},75,{"file":183,"line":196,"context":177},107,{"file":183,"line":198,"context":177},113,{"file":183,"line":200,"context":177},119,{"file":183,"line":202,"context":177},124,[],[205],{"entryPoint":206,"graph":207,"unsanitizedCount":173,"severity":229},"\u003Cfeed> (feed.php:0)",{"nodes":208,"edges":225},[209,214,219,223],{"id":210,"type":211,"label":212,"file":169,"line":213},"n0","source","$_REQUEST['user_login']",13,{"id":215,"type":216,"label":217,"file":169,"line":213,"wp_function":218},"n1","sink","get_results() [SQLi]","get_results",{"id":220,"type":211,"label":221,"file":169,"line":222},"n2","$_GET",21,{"id":224,"type":216,"label":217,"file":169,"line":170,"wp_function":218},"n3",[226,228],{"from":210,"to":215,"sanitized":227},false,{"from":220,"to":224,"sanitized":227},"high",{"summary":231,"deductions":232},"The \"kau-boys-comment-notification\" plugin version 1.3.1 exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) for this plugin, suggesting a history of reasonably secure development or timely patching. The static analysis shows a very small attack surface with zero entry points like AJAX handlers, REST API routes, shortcodes, or cron events, which is a strong indicator of good security practice. Furthermore, the absence of dangerous functions and file operations is encouraging.\n\nHowever, several concerning signals emerge from the code analysis. The most significant is the presence of a high-severity taint flow with an unsanitized path, indicating a potential vulnerability where user input could be processed in an unsafe manner, even without a direct entry point being identified in the static analysis. The low percentage of properly escaped output (13%) is another major concern, as it suggests that data displayed to users might be vulnerable to cross-site scripting (XSS) attacks. Additionally, only 50% of SQL queries utilize prepared statements, posing a risk of SQL injection vulnerabilities. The complete lack of nonce and capability checks across the identified components, while the attack surface is minimal, means that if any entry points were to be discovered or introduced, they would likely be unprotected.\n\nIn conclusion, while the plugin benefits from a negligible attack surface and a clean vulnerability history, the identified taint flow and widespread lack of output escaping, coupled with partially unsanitized SQL queries, present significant risks. The absence of proper authorization checks further exacerbates these potential weaknesses. These code-level issues should be addressed to improve the overall security of the plugin.",[233,236,239,241,243],{"reason":234,"points":235},"High severity taint flow with unsanitized path",12,{"reason":237,"points":238},"Low percentage of properly escaped output",7,{"reason":240,"points":35},"SQL queries not using prepared statements",{"reason":242,"points":35},"Missing nonce checks",{"reason":244,"points":35},"Missing capability checks","2026-04-16T11:22:11.077Z",{"wat":247,"direct":253},{"assetPaths":248,"generatorPatterns":250,"scriptPaths":251,"versionParams":252},[249],"\u002Fwp-content\u002Fplugins\u002Fkau-boys-comment-notification\u002Ffeed.php",[],[],[],{"cssClasses":254,"htmlComments":259,"htmlAttributes":260,"restEndpoints":265,"jsGlobals":266,"shortcodeOutput":267},[255,256,257,258],"wrap","updated","fade","description",[],[261,262,263,264],"checked=\"checked\"","style=\"width: 200px; display: inline-block;\"","style=\"width: 50px\"","name=\"hide_comments[]\"",[],[],[],{"error":269,"url":270,"statusCode":271,"statusMessage":272,"message":272},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fkau-boys-comment-notification\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":235,"versions":274},[275,280,287,294,301,307,314,321,328,335,342,349],{"version":6,"download_url":24,"svn_tag_url":276,"released_at":26,"has_diff":227,"diff_files_changed":277,"diff_lines":26,"trac_diff_url":278,"vulnerabilities":279,"is_current":269},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F1.3&new_path=%2Fkau-boys-comment-notification%2Ftags%2F1.3.1",[],{"version":281,"download_url":282,"svn_tag_url":283,"released_at":26,"has_diff":227,"diff_files_changed":284,"diff_lines":26,"trac_diff_url":285,"vulnerabilities":286,"is_current":227},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F1.2&new_path=%2Fkau-boys-comment-notification%2Ftags%2F1.3",[],{"version":288,"download_url":289,"svn_tag_url":290,"released_at":26,"has_diff":227,"diff_files_changed":291,"diff_lines":26,"trac_diff_url":292,"vulnerabilities":293,"is_current":227},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F1.1&new_path=%2Fkau-boys-comment-notification%2Ftags%2F1.2",[],{"version":295,"download_url":296,"svn_tag_url":297,"released_at":26,"has_diff":227,"diff_files_changed":298,"diff_lines":26,"trac_diff_url":299,"vulnerabilities":300,"is_current":227},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F1.0.1&new_path=%2Fkau-boys-comment-notification%2Ftags%2F1.1",[],{"version":64,"download_url":302,"svn_tag_url":303,"released_at":26,"has_diff":227,"diff_files_changed":304,"diff_lines":26,"trac_diff_url":305,"vulnerabilities":306,"is_current":227},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F1.0&new_path=%2Fkau-boys-comment-notification%2Ftags%2F1.0.1",[],{"version":308,"download_url":309,"svn_tag_url":310,"released_at":26,"has_diff":227,"diff_files_changed":311,"diff_lines":26,"trac_diff_url":312,"vulnerabilities":313,"is_current":227},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F0.6&new_path=%2Fkau-boys-comment-notification%2Ftags%2F1.0",[],{"version":315,"download_url":316,"svn_tag_url":317,"released_at":26,"has_diff":227,"diff_files_changed":318,"diff_lines":26,"trac_diff_url":319,"vulnerabilities":320,"is_current":227},"0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F0.5&new_path=%2Fkau-boys-comment-notification%2Ftags%2F0.6",[],{"version":322,"download_url":323,"svn_tag_url":324,"released_at":26,"has_diff":227,"diff_files_changed":325,"diff_lines":26,"trac_diff_url":326,"vulnerabilities":327,"is_current":227},"0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F0.4&new_path=%2Fkau-boys-comment-notification%2Ftags%2F0.5",[],{"version":329,"download_url":330,"svn_tag_url":331,"released_at":26,"has_diff":227,"diff_files_changed":332,"diff_lines":26,"trac_diff_url":333,"vulnerabilities":334,"is_current":227},"0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F0.3&new_path=%2Fkau-boys-comment-notification%2Ftags%2F0.4",[],{"version":336,"download_url":337,"svn_tag_url":338,"released_at":26,"has_diff":227,"diff_files_changed":339,"diff_lines":26,"trac_diff_url":340,"vulnerabilities":341,"is_current":227},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F0.2&new_path=%2Fkau-boys-comment-notification%2Ftags%2F0.3",[],{"version":343,"download_url":344,"svn_tag_url":345,"released_at":26,"has_diff":227,"diff_files_changed":346,"diff_lines":26,"trac_diff_url":347,"vulnerabilities":348,"is_current":227},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fkau-boys-comment-notification%2Ftags%2F0.1&new_path=%2Fkau-boys-comment-notification%2Ftags%2F0.2",[],{"version":350,"download_url":351,"svn_tag_url":352,"released_at":26,"has_diff":227,"diff_files_changed":353,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":354,"is_current":227},"0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkau-boys-comment-notification.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fkau-boys-comment-notification\u002Ftags\u002F0.1\u002F",[],[]]