[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1z5w8TsvtR9nPSMDrtnPAespnZBa1gr-hZ9u8JnxNuw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":129,"fingerprints":311},"last-fm","Last FM","1.0.3","Kieran O'Shea","https:\u002F\u002Fprofiles.wordpress.org\u002Fkieranoshea\u002F","\u003Cp>Permits the display in your sidebar of your most recent listened to tracks\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Captures the ten most recently played tracks from your last.fm profile\u003C\u002Fli>\n\u003Cli>Provides a widget to display these on your site\u003C\u002Fli>\n\u003C\u002Ful>\n","Permits the display in your sidebar of your most recent listened to tracks",40,3453,92,5,"2019-04-27T21:42:00.000Z","5.2.24","4.3.1","",[20,21,22,23,24],"fm","last","music","recent","tracks","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flast-fm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-fm.1.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"kieranoshea",4,4090,90,1609,72,"2026-04-04T15:11:15.086Z",[41,60,77,95,114],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":28,"num_ratings":28,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":58,"download_link":59,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"recent-lastfm-tracks","Recent LastFm Tracks","1.2.3","snnooze","https:\u002F\u002Fprofiles.wordpress.org\u002Fsnnooze\u002F","\u003Cp>This simple widget includes your LastFm recent tracks into the sidebar.\u003C\u002Fp>\n\u003Cp>Enter your username and number of songs you want to show and it’s ok.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>English, French.\u003C\u002Fp>\n","This simple widget includes your LastFm recent tracks into the sidebar.",10,9783,"2014-01-05T13:42:00.000Z","3.7.41","3.0",[55,22,56,24,57],"lastfm","song","widget","http:\u002F\u002Fwww.fabricelaffont.fr\u002F2012\u002F09\u002F24\u002Frecent-lastfm-tracks-mise-a-jour\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-lastfm-tracks.1.2.3.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":49,"downloaded":37,"rating":11,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":75,"download_link":76,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"recent-tracks-lastfm","Last.FM Recent Tracks – WordPress Plugin","1.1","maksimdegtyarev","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaksimdegtyarev\u002F","\u003Cp>With this plugin you can add your recent scrobbled tracks on Last.FM to your site.\u003C\u002Fp>\n","With this plugin you can add your recent scrobbled tracks on Last.FM to your site.",1,"2014-12-17T06:26:00.000Z","4.1.42","2.0.2",[4,73,74],"recent-tracks","songs","http:\u002F\u002Fmaksimdegtyarev.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-tracks-lastfm.1.1.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":28,"num_ratings":28,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":93,"download_link":94,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lastfm-for-wordpress","Last.fm for WordPress","1.3.3","Ricardo Gonzalez","https:\u002F\u002Fprofiles.wordpress.org\u002Frickgc\u002F","\u003Cp>Last.fm for WordPress displays your recently listened tracks in your WordPress blog.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Simply\n* Customizable\n* Widget support\n* No options page (yes, it is a feature)\n* Uses WordPress resources (no extra files needed)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you use WordPress widgets, just drag the widget into your sidebar and configure. If widgets are not your thing, use the following code to display your recently listened tracks:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php lastfm_tracks(\"username\"); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For more info (options, customization, etc.) visit \u003Ca href=\"http:\u002F\u002Frick.jinlabs.com\u002Fcode\u002Flastfm\" title=\"Last.fm for WordPress\" rel=\"nofollow ugc\">the plugin homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Credits\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcavemonkey50.com\u002F\" rel=\"nofollow ugc\">Ronald Heft\u003C\u002Fa> – The plugin is highly based in his Pownce for WordPress, so the major part of the credits goes to him.\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fbohuco.net\u002Fblog\" rel=\"nofollow ugc\">Michael Feichtinger\u003C\u002Fa> – For the multi-widget feature.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Suggestion, fixes, rants, congratulations, gifts et al to rick[at]jinlabs.com.\u003C\u002Fp>\n","Last.fm for WordPress displays your recently listened tracks in your WordPress blog.",29139,"2009-02-08T23:17:00.000Z","2.7","2.1",[90,4,55,91,92],"audioscrobbler","recently","scrobbler","http:\u002F\u002Frick.jinlabs.com\u002Fcode\u002Flastfm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flastfm-for-wordpress.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":49,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":87,"requires_php":18,"tags":108,"homepage":111,"download_link":112,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":113},"lastfm-live","last.fm Live!","0.2.6","Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fchoon\u002F","\u003Cp>Widget to display your recently played tracks from last.fm LIVE! Which means the widget will display the song you are currently listening to (provided that you are scrobbling to last.fm) along with your chosen number of previously played songs.\u003C\u002Fp>\n","Widget to display your recently played tracks from last.fm LIVE! shows any song you play(& scrobble) on your site in realtime.",6933,100,3,"2014-09-29T03:03:00.000Z","4.0.38",[4,109,22,110,57],"live","scrobble","http:\u002F\u002F2amlife.com\u002Fprojects\u002Flastfm-live","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flastfm-live.zip","2026-03-15T14:54:45.397Z",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":49,"downloaded":122,"rating":28,"num_ratings":28,"last_updated":123,"tested_up_to":124,"requires_at_least":117,"requires_php":18,"tags":125,"homepage":127,"download_link":128,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"lastfm-rps","Last.fm RPS","2.0.0","tpaksu","https:\u002F\u002Fprofiles.wordpress.org\u002Ftpaksu\u002F","\u003Cp>This plugin gets your last.fm feed and parses your recently played song information and then combines it with the album tag\u003Cbr \u002F>\nalso taken from the last.fm feeds. If it doesn’t find an album image, It shows the artist image instead of it.\u003C\u002Fp>\n\u003Ch3>Whats New in Version 0.2?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added option to define how many songs are displayed on the page\u003C\u002Fli>\n\u003Cli>Seperated css file from code and added new “lastfm.css” file\u003C\u002Fli>\n\u003Cli>Added different stylesheets to recently played songs\u003C\u002Fli>\n\u003Cli>Changed the datetime display configuration like “x days y seconds and z minutes ago”\u003C\u002Fli>\n\u003Cli>Changed the div’s into tables which are more reliable for different themes.\u003C\u002Fli>\n\u003Cli>If the user hasn’t any wp_head() included in his\u002Fher theme’s header.php, this script checks and adds its css itself.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Whats the fixes in Version 0.3?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added a neccessary fix for the time difference between server time and local time.\u003C\u002Fli>\n\u003Cli>If there is a track played in the player which length is less than 4 minutes ,the script showed two recently listened songs, so this is fixed now.It only displays one.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Whats New in Version 0.4?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added support for not widget-enabled themes.\u003C\u002Fli>\n\u003Cli>Added Screenshot\u003C\u002Fli>\n\u003Cli>Updated Readme.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Whats the fixes in Version 0.5?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>When no songs played for a long time or only played only one song, this script raised errors. This is fixed now.\u003C\u002Fli>\n\u003Cli>Optimized the SimpleXML Extension for speed issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What’s added in v0.6\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Improved checking of album images.\u003C\u002Fli>\n\u003Cli>If the feed item contains no album name, then directly shows default image.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What’s New in Version 0.7?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added image positioning\u003C\u002Fli>\n\u003Cli>Added optional Bottom Text\u003C\u002Fli>\n\u003Cli>Removed the slashes before ‘ and “\u003C\u002Fli>\n\u003Cli>Converted tables to css so you have all the control in lastfm.css\u003C\u002Fli>\n\u003Cli>Added artist images support. Now it shows artist images when it can’t find the album image.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The changes in 0.8\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added Various Artists album image support\u003C\u002Fli>\n\u003Cli>Added last.fm badge option\u003C\u002Fli>\n\u003Cli>Improved options page\u003C\u002Fli>\n\u003Cli>Added last.fm logos (you should use one)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The changes in 1.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added cURL and fopen support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The minor changes in 1.0.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added security to file reading function inside class.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The changes in 1.0.3\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Empty images show up as last.fm image placeholders now.\u003C\u002Fli>\n\u003Cli>Fixed the compatibility issue with wordpress 2.7 (Their compat.php broke one of my function and i renamed it.)\u003C\u002Fli>\n\u003Cli>Thanks to Tom for informing me that last.fm started to use 64×64 images instead of 50×50. Thats also changed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The changes in 1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Added caching support\u003C\u002Fli>\n\u003Cli>Changed Last.fm API v1.0 code to v2.0 code\u003C\u002Fli>\n\u003Cli>Fixed “Now Playing” code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The changes in 1.1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fixed annoying file_get_contents error.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The changes in 2.0.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Complete rewrite\u003C\u002Fli>\n\u003Cli>Updated Last.fm logos to match the ones used in the site\u003C\u002Fli>\n\u003Cli>Fixed complicated CSS rules (Note: You need to edit the CSS files again 🙁 )\u003C\u002Fli>\n\u003Cli>Autoprefixed CSS rules for browser compatibility\u003C\u002Fli>\n\u003Cli>Removed Shortcode support\u003C\u002Fli>\n\u003Cli>Removed FileSystem Cache, using WP_Options method instead\u003C\u002Fli>\n\u003Cli>Added German, French, Spanish, Italian and Turkish translation (You can translate more with Loco Translate plugin, used google translate on most parts, sorry for that.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TODO:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Track and artist corrections\u003C\u002Fli>\n\u003C\u002Ful>\n","Widget Plugin that lists your recently listened songs on your sidebar with album or artist images and text.",11115,"2017-12-09T13:20:00.000Z","4.9.29",[90,4,55,126,23],"played-songs","http:\u002F\u002Fwww.tahapaksu.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flastfm-rps.2.0.0.zip",{"attackSurface":130,"codeSignals":150,"taintFlows":180,"riskAssessment":302,"analyzedAt":310},{"hooks":131,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":28,"unprotectedCount":28},[132,138,142],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_menu","lastfm_menu","last-fm.php",44,{"type":133,"name":139,"callback":140,"file":136,"line":141},"widgets_init","widget_init_lastfm",56,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_notices","lastfm_setup_incomplete_warning",140,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":28,"externalRequests":68,"nonceChecks":68,"capabilityChecks":28,"bundledLibraries":179},[],{"prepared":28,"raw":28,"locations":153},[],{"escaped":28,"rawEcho":155,"locations":156},11,[157,160,162,164,165,167,169,171,173,175,177],{"file":136,"line":158,"context":159},69,"raw output",{"file":136,"line":161,"context":159},70,{"file":136,"line":163,"context":159},71,{"file":136,"line":38,"context":159},{"file":136,"line":166,"context":159},110,{"file":136,"line":168,"context":159},114,{"file":136,"line":170,"context":159},118,{"file":136,"line":172,"context":159},147,{"file":136,"line":174,"context":159},266,{"file":136,"line":176,"context":159},275,{"file":136,"line":178,"context":159},280,[],[181,215,273,288],{"entryPoint":182,"graph":183,"unsanitizedCount":34,"severity":214},"lastfm_admin (last-fm.php:153)",{"nodes":184,"edges":208},[185,190,196,200,204],{"id":186,"type":187,"label":188,"file":136,"line":189},"n0","source","$_POST (x2)",159,{"id":191,"type":192,"label":193,"file":136,"line":194,"wp_function":195},"n1","sink","update_option() [Settings Manipulation]",162,"update_option",{"id":197,"type":187,"label":198,"file":136,"line":199},"n2","$_POST (x4)",167,{"id":201,"type":202,"label":203,"file":136,"line":199},"n3","transform","→ lastfm_admin_form()",{"id":205,"type":192,"label":206,"file":136,"line":176,"wp_function":207},"n4","echo() [XSS]","echo",[209,211,213],{"from":186,"to":191,"sanitized":210},true,{"from":197,"to":201,"sanitized":212},false,{"from":201,"to":205,"sanitized":212},"medium",{"entryPoint":216,"graph":217,"unsanitizedCount":14,"severity":214},"\u003Clast-fm> (last-fm.php:0)",{"nodes":218,"edges":262},[219,222,223,226,227,230,232,234,236,239,244,246,248,250,252,254,257,260],{"id":186,"type":187,"label":220,"file":136,"line":221},"$_POST['lastfm_widget_title']",78,{"id":191,"type":192,"label":193,"file":136,"line":221,"wp_function":195},{"id":197,"type":187,"label":224,"file":136,"line":225},"$_POST['lastfm_widget_count']",81,{"id":201,"type":192,"label":193,"file":136,"line":225,"wp_function":195},{"id":205,"type":187,"label":228,"file":136,"line":229},"$_POST['lastfm_widget_length']",84,{"id":231,"type":192,"label":193,"file":136,"line":229,"wp_function":195},"n5",{"id":233,"type":187,"label":188,"file":136,"line":189},"n6",{"id":235,"type":192,"label":193,"file":136,"line":194,"wp_function":195},"n7",{"id":237,"type":187,"label":238,"file":136,"line":189},"n8","$_POST",{"id":240,"type":192,"label":241,"file":136,"line":242,"wp_function":243},"n9","wp_remote_get() [SSRF]",192,"wp_remote_get",{"id":245,"type":187,"label":188,"file":136,"line":189},"n10",{"id":247,"type":192,"label":206,"file":136,"line":176,"wp_function":207},"n11",{"id":249,"type":187,"label":198,"file":136,"line":199},"n12",{"id":251,"type":202,"label":203,"file":136,"line":199},"n13",{"id":253,"type":192,"label":206,"file":136,"line":176,"wp_function":207},"n14",{"id":255,"type":187,"label":238,"file":136,"line":256},"n15",181,{"id":258,"type":202,"label":259,"file":136,"line":256},"n16","→ lastfm_retrieve_xml()",{"id":261,"type":192,"label":241,"file":136,"line":242,"wp_function":243},"n17",[263,264,265,266,267,268,269,270,271,272],{"from":186,"to":191,"sanitized":210},{"from":197,"to":201,"sanitized":210},{"from":205,"to":231,"sanitized":210},{"from":233,"to":235,"sanitized":210},{"from":237,"to":240,"sanitized":210},{"from":245,"to":247,"sanitized":210},{"from":249,"to":251,"sanitized":212},{"from":251,"to":253,"sanitized":212},{"from":255,"to":258,"sanitized":212},{"from":258,"to":261,"sanitized":212},{"entryPoint":274,"graph":275,"unsanitizedCount":105,"severity":287},"widget_init_lastfm (last-fm.php:58)",{"nodes":276,"edges":283},[277,278,279,280,281,282],{"id":186,"type":187,"label":220,"file":136,"line":221},{"id":191,"type":192,"label":193,"file":136,"line":221,"wp_function":195},{"id":197,"type":187,"label":224,"file":136,"line":225},{"id":201,"type":192,"label":193,"file":136,"line":225,"wp_function":195},{"id":205,"type":187,"label":228,"file":136,"line":229},{"id":231,"type":192,"label":193,"file":136,"line":229,"wp_function":195},[284,285,286],{"from":186,"to":191,"sanitized":212},{"from":197,"to":201,"sanitized":212},{"from":205,"to":231,"sanitized":212},"low",{"entryPoint":289,"graph":290,"unsanitizedCount":105,"severity":287},"widget_lastfm_control (last-fm.php:76)",{"nodes":291,"edges":298},[292,293,294,295,296,297],{"id":186,"type":187,"label":220,"file":136,"line":221},{"id":191,"type":192,"label":193,"file":136,"line":221,"wp_function":195},{"id":197,"type":187,"label":224,"file":136,"line":225},{"id":201,"type":192,"label":193,"file":136,"line":225,"wp_function":195},{"id":205,"type":187,"label":228,"file":136,"line":229},{"id":231,"type":192,"label":193,"file":136,"line":229,"wp_function":195},[299,300,301],{"from":186,"to":191,"sanitized":212},{"from":197,"to":201,"sanitized":212},{"from":205,"to":231,"sanitized":212},{"summary":303,"deductions":304},"The 'last-fm' v1.0.3 plugin exhibits a mixed security posture.  On the positive side, the absence of known vulnerabilities in its history and a lack of dangerous functions, SQL queries without prepared statements, and file operations are strong indicators of good development practices regarding common attack vectors. The presence of a nonce check and a single external HTTP request are also positive signs. However, a significant concern arises from the static analysis of output escaping, where 100% of outputs are not properly escaped. This is a critical flaw that can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. The taint analysis, while not reporting critical or high severity flows, did reveal 4 flows with unsanitized paths, which, combined with the unescaped output, presents a tangible risk of XSS if these paths involve user-controllable data.",[305,308],{"reason":306,"points":307},"100% of outputs not properly escaped",8,{"reason":309,"points":14},"Taint flows with unsanitized paths","2026-03-16T22:11:02.010Z",{"wat":312,"direct":317},{"assetPaths":313,"generatorPatterns":314,"scriptPaths":315,"versionParams":316},[],[],[],[],{"cssClasses":318,"htmlComments":319,"htmlAttributes":320,"restEndpoints":321,"jsGlobals":322,"shortcodeOutput":323},[],[],[],[],[],[]]