[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTt0S5jyBzJ1ZANuwxrHGhfWJxaV7AGQf2hJ66qHJfH8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":55,"fingerprints":161},"kento-top-commenters","Kento Top Commenters","1.0","PluginsPoint","https:\u002F\u002Fprofiles.wordpress.org\u002Fkentothemes\u002F","\u003Cp>Display top Commentators or contributer list by comment count.\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Three Diffrent Style.\u003C\u002Fli>\n\u003Cli>Add Anywhere via widgets.\u003C\u002Fli>\n\u003Cli>Comments Count.\u003C\u002Fli>\n\u003Cli>Unlimited Commentators List.\u003C\u002Fli>\n\u003C\u002Ful>\n","Top Commentators list By Count Comments",10,1726,0,"2015-06-09T05:33:00.000Z","4.2.39","3.8","",[19,20,21],"top-commentators","top-commentators-widget","top-contributor","http:\u002F\u002Fkentothemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkento-top-commenters.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"kentothemes",20,600,8,84,"2026-04-04T15:36:19.519Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":17,"tested_up_to":47,"requires_at_least":16,"requires_php":17,"tags":48,"homepage":52,"download_link":53,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":54},"comments-leaderboard","Comments Leaderboard","1.1","kolakube","https:\u002F\u002Fprofiles.wordpress.org\u002Falexmangini\u002F","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fkolakube.com\u002Fcomments-leaderboard\u002F\" rel=\"nofollow ugc\">The Comments Leaderboard\u003C\u002Fa> was carefully designed to add a new twist to rewarding the top commentators on your blog and create a more addicting comment experience for your readers.\u003C\u002Fp>\n\u003Cp>Each month, the 5 most active commenters throughout your blog will be listed and ranked from most comments posted to the least.\u003C\u002Fp>\n\u003Cp>…but simply ranking on the Leaderboard isn’t enough.\u003C\u002Fp>\n\u003Cp>The lower their rank, the less visible their name will appear on the Leaderboards beautiful color spectrum (tip: you can even set a custom color to match your theme).\u003C\u002Fp>\n\u003Cp>For their name and website link to get maximum exposure, they must outrank the competition by posting the most comments.\u003C\u002Fp>\n\u003Cp>The overall leader gets a medal next to their name at the top of the list for the highest amount of visibility and prestige throughout your community.\u003C\u002Fp>\n\u003Cp>But sadly, there is no comfort at the top.\u003C\u002Fp>\n\u003Cp>The total amount of comments each leader posted for the month is displayed next to their name, making it easy for other commenters to overtake the top spot.\u003C\u002Fp>\n\u003Cp>The Comments Leaderboard is the perfect way to reward your most engaging readers and fits perfectly in your blog’s sidebar. Simply drag the Widget into place, write a title and description text, pick a color and your blog is ready for some serious comment action.\u003C\u002Fp>\n\u003Cp>Just remember, keep your posts quality and you will attract quality comments.\u003C\u002Fp>\n\u003Cp>Let the games begin!\u003C\u002Fp>\n","Let the games begin! The Comments Leaderboard ranks your top commentators in a way that's sure to spark competition throughout your community.",3493,100,2,"4.8.28",[49,19,50,51],"comments-list","top-commenters","top-comments","https:\u002F\u002Fkolakube.com\u002Fcomments-leaderboard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-leaderboard.zip","2026-03-15T14:44:11.924Z",{"attackSurface":56,"codeSignals":68,"taintFlows":101,"riskAssessment":149,"analyzedAt":160},{"hooks":57,"ajaxHandlers":64,"restRoutes":65,"shortcodes":66,"cronEvents":67,"entryPointCount":13,"unprotectedCount":13},[58],{"type":59,"name":60,"callback":61,"file":62,"line":63},"action","wp_enqueue_scripts","kento_top_commenters_scripts","index.php",21,[],[],[],[],{"dangerousFunctions":69,"sqlUsage":70,"outputEscaping":78,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":100},[],{"prepared":13,"raw":46,"locations":71},[72,75],{"file":62,"line":73,"context":74},93,"$wpdb->get_results() with variable interpolation",{"file":62,"line":76,"context":77},110,"$wpdb->get_var() with variable interpolation",{"escaped":13,"rawEcho":79,"locations":80},9,[81,84,86,88,90,92,94,96,98],{"file":62,"line":82,"context":83},55,"raw output",{"file":62,"line":85,"context":83},57,{"file":62,"line":87,"context":83},78,{"file":62,"line":89,"context":83},81,{"file":62,"line":91,"context":83},82,{"file":62,"line":93,"context":83},83,{"file":62,"line":95,"context":83},89,{"file":62,"line":97,"context":83},121,{"file":62,"line":99,"context":83},131,[],[102,135],{"entryPoint":103,"graph":104,"unsanitizedCount":133,"severity":134},"top_commenters_widget_control (index.php:41)",{"nodes":105,"edges":128},[106,111,116,120,122,126],{"id":107,"type":108,"label":109,"file":62,"line":110},"n0","source","$_POST['widgettitle']",44,{"id":112,"type":113,"label":114,"file":62,"line":110,"wp_function":115},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":117,"type":108,"label":118,"file":62,"line":119},"n2","$_POST['number']",45,{"id":121,"type":113,"label":114,"file":62,"line":119,"wp_function":115},"n3",{"id":123,"type":108,"label":124,"file":62,"line":125},"n4","$_POST['ktc_style']",46,{"id":127,"type":113,"label":114,"file":62,"line":125,"wp_function":115},"n5",[129,131,132],{"from":107,"to":112,"sanitized":130},false,{"from":117,"to":121,"sanitized":130},{"from":123,"to":127,"sanitized":130},3,"low",{"entryPoint":136,"graph":137,"unsanitizedCount":133,"severity":134},"\u003Cindex> (index.php:0)",{"nodes":138,"edges":145},[139,140,141,142,143,144],{"id":107,"type":108,"label":109,"file":62,"line":110},{"id":112,"type":113,"label":114,"file":62,"line":110,"wp_function":115},{"id":117,"type":108,"label":118,"file":62,"line":119},{"id":121,"type":113,"label":114,"file":62,"line":119,"wp_function":115},{"id":123,"type":108,"label":124,"file":62,"line":125},{"id":127,"type":113,"label":114,"file":62,"line":125,"wp_function":115},[146,147,148],{"from":107,"to":112,"sanitized":130},{"from":117,"to":121,"sanitized":130},{"from":123,"to":127,"sanitized":130},{"summary":150,"deductions":151},"The 'kento-top-commenters' v1.0 plugin presents a concerning security posture despite a clean vulnerability history.  Static analysis reveals a complete lack of output escaping for all identified output points, meaning any user-supplied data outputted by the plugin could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, all SQL queries are executed without prepared statements, creating a significant risk of SQL injection vulnerabilities.  The presence of two taint analysis flows with unsanitized paths further amplifies these risks, indicating potential pathways for malicious data to be processed without proper sanitization.  While the plugin has no recorded vulnerability history, this does not negate the severe weaknesses identified in its current implementation.  The absence of any detected CVEs is a positive, but the code itself contains critical security flaws that require immediate attention.",[152,155,157],{"reason":153,"points":154},"0% of outputs properly escaped",15,{"reason":156,"points":11},"0% of SQL queries use prepared statements",{"reason":158,"points":159},"2 flows with unsanitized paths (taint)",12,"2026-03-17T00:47:42.978Z",{"wat":162,"direct":169},{"assetPaths":163,"generatorPatterns":165,"scriptPaths":166,"versionParams":167},[164],"\u002Fwp-content\u002Fplugins\u002Fkento-top-commenters\u002Fcss\u002Fstyle.css",[],[],[168],"kento-top-commenters\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":170,"htmlComments":176,"htmlAttributes":177,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":186},[171,172,173,174,175],"top_commenters","top_commenters-list","top-commenters-image","top-commenters-name","commenters-count",[],[178,179,180,181,182,183],"name=\"widgettitle\"","name=\"number\"","name=\"ktc_style\"","value=\"style1\"","value=\"style2\"","value=\"style3\"",[],[],[]]