[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKWiVr08n9JMBeCLIX1d41DQJAYiRr5Rmaoc0De3-1eA":3,"$fa_sXfeEtlEC_85yLKjUXRRL8ElQ6q8VpAnaXwgXVgog":265,"$fHBx7ZxqRS1j4jBDMQ4vE1v28SrDCMvpDnxZh3ohrYH8":269},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":141,"fingerprints":229},"lc-hoverpeek","LC HoverPeek","1.0.1","Loinecoders","https:\u002F\u002Fprofiles.wordpress.org\u002Flionecoders\u002F","\u003Cp>\u003Cstrong>LC HoverPeek\u003C\u002Fstrong> enhances user experience by showing a preview popup when visitors hover over links inside your content.\u003C\u002Fp>\n\u003Cp>When a user hovers over a link, the plugin fetches preview information and displays a small popup containing:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Post title\u003C\u002Fli>\n\u003Cli>Featured image\u003C\u002Fli>\n\u003Cli>Short excerpt\u003C\u002Fli>\n\u003Cli>Link preview\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For external links, the plugin automatically fetches metadata such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page title\u003C\u002Fli>\n\u003Cli>Description\u003C\u002Fli>\n\u003Cli>Open Graph image (if available)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This allows users to quickly preview the destination without leaving the current page.\u003C\u002Fp>\n\u003Cp>The plugin is lightweight, optimized for performance, and designed to work with most WordPress themes.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hover preview for internal WordPress posts.\u003C\u002Fli>\n\u003Cli>Preview external links automatically.\u003C\u002Fli>\n\u003Cli>Change appearance colors (Background, Title, Excerpt, Link)\u003C\u002Fli>\n\u003Cli>Choose which specific Post Types (Posts, Pages, etc.) trigger a preview.\u003C\u002Fli>\n\u003Cli>Featured image support.\u003C\u002Fli>\n\u003Cli>Automatic excerpt generation.\u003C\u002Fli>\n\u003Cli>AJAX-powered loading.\u003C\u002Fli>\n\u003Cli>External link metadata scraping.\u003C\u002Fli>\n\u003Cli>Transient caching for better performance.\u003C\u002Fli>\n\u003Cli>Lightweight JavaScript and CSS.\u003C\u002Fli>\n\u003Cli>Works with most themes and page builders.\u003C\u002Fli>\n\u003Cli>No shortcode required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blog posts referencing other articles\u003C\u002Fli>\n\u003Cli>Documentation websites\u003C\u002Fli>\n\u003Cli>Knowledge bases\u003C\u002Fli>\n\u003Cli>Educational content\u003C\u002Fli>\n\u003Cli>News websites\u003C\u002Fli>\n\u003Cli>Internal linking strategies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Customization Options\u003C\u002Fh3>\n\u003Cp>You can customize popup appearance and behavior from \u003Cstrong>Hover Preview\u003C\u002Fstrong> Menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Display Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Enable\u002FDisable Internal Links\u003Cbr \u002F>\n* Enable\u002FDisable External Links\u003Cbr \u002F>\n* Select Supported Post Types (Posts, Pages, etc.)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Appearance Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Popup Background Color\u003Cbr \u002F>\n* Title Color\u003Cbr \u002F>\n* Excerpt Color\u003Cbr \u002F>\n* Link Color\u003C\u002Fp>\n\u003Ch3>1.0.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Texual changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>1.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Initial plugin release.\u003C\u002Fli>\n\u003C\u002Ful>\n","LC HoverPeek adds a lightweight preview popup when users hover over links. It supports internal WordPress posts and external links.",0,161,"2026-04-04T07:56:00.000Z","6.9.4","5.0","7.2",[18,19,20,21,22],"content-preview","hover-preview","link-preview","link-tooltip","post-preview","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flc-hoverpeek.1.0.1.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"lionecoders",2,30,94,"2026-05-19T17:27:47.542Z",[37,60,76,99,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"sharethumb","4Site ShareThumb – Branded Social Preview OG Image Plugin","1.3","Heming Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002F4sitestudios\u002F","\u003Cp>Select one of our optimized post preview image themes and then customize it to create high-performing social share images. ShareThumb grabs the title and the featured image from the post and you define everything else:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Layout (Theme)\u003C\u002Fli>\n\u003Cli>Font\u003C\u002Fli>\n\u003Cli>Font Color\u003C\u002Fli>\n\u003Cli>Logo\u003C\u002Fli>\n\u003Cli>Icon\u003C\u002Fli>\n\u003Cli>Background Color\u003C\u002Fli>\n\u003Cli>Accent Color\u003C\u002Fli>\n\u003Cli>Secondary Color\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When links to your website are shared on iMessage, Facebook, LinkedIn or any number of platforms, ShareThumb generates the custom social cards that you configured.\u003C\u002Fp>\n\u003Cp>You can set up our social media image generator to create social cards for every page on your website, or you can specify the specific post types that you want to generate the social media preview images for. You can also create custom og:images for individual posts.\u003C\u002Fp>\n\u003Cp>Here’s a one-minute video about our plugin:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Frf6CSJB9-rQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Why 4Site ShareThumb is Unique\u003C\u002Fh3>\n\u003Cp>ShareThumb uses a different methodology to generate your social share images than most of the other WordPress plugins. We create your link preview images on our app running on cloud servers. When someone shares a link to your post on Discord, that platform requests the open graph image from your site. Our plugin then redirects that request to our app, and our app provides the image to Discord. We store that og:image for the next time a request is made for it. Every 30 days, we check back in with your website to see if you’ve updated the title or the feature image of the post, and then we update the og image.\u003C\u002Fp>\n\u003Cp>This setup has a lot of benefits over serving them up social thumbnails directly from your WordPress website. It takes a lot of processing power to render these custom images. We carry that load for you. It also means that you can run ShareThumb on multiple sites and manage all your thumbs in one place. And you can create custom headlines for posts and override the feature image on your post with a thumbnail that you specifically optimize for sharing.\u003C\u002Fp>\n\u003Cp>We require that you register in order to access these features so we can verify your identity and your ownership of the websites. But registration is free, there’s no trial period, and we don’t ask for your credit card.\u003C\u002Fp>\n\u003Cp>After registering and adding your API Key to the WordPress Plugin Settings, ShareThumb will automatically regenerate your thumbnail every time you update your post title or ShareThumb Settings.\u003C\u002Fp>\n\u003Cp>Here’s a five-minute video that shows you how to register and verify ownership of your site. The process itself only takes a couple minutes.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FNkY5UrIOUYU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cp>After you register, you have the option to upgrade to a paid account. With our Pro plan, you can collect statistics on where your links are shared and how many times they are shared. This is information that is not available anywhere else – your site doesn’t collect this data and Google Analytics can’t collect it.\u003C\u002Fp>\n\u003Cp>You can take advantage of artificial intelligence to highlight power words in the post titles that appear superimposed over your image. We call these “smart thumbs”:)\u003C\u002Fp>\n\u003Cp>Other features we will be rolling out soon include the ability to add AI-optimized headlines and AI-generated images that are custom made for your content and optimized to grab people’s attention. We also will be offering the ability to create your own custom thumbnail themes (templates).\u003C\u002Fp>\n\u003Ch3>For more information\u003C\u002Fh3>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fwww.4sitestudios.com\u002Fproducts\u002Fsharethumb\u002F\" rel=\"nofollow ugc\">ShareThumb website\u003C\u002Fa>.\u003C\u002Fp>\n","Free social share images for unlimited pages using customizable OG image templates. Upgrade to optimize with AI and get sharing analytics.",20,1810,1,"2024-09-05T03:31:00.000Z","6.5.8","5.9","7.4",[53,20,54,22,55],"facebook","og-image","social-media-image","https:\u002F\u002Fsharethumb.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsharethumb.1.3.zip",92,"2026-04-16T10:56:18.058Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":11,"downloaded":68,"rating":11,"num_ratings":11,"last_updated":23,"tested_up_to":14,"requires_at_least":69,"requires_php":16,"tags":70,"homepage":23,"download_link":74,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":75},"blog-link-hover-preview","Blog Link Hover Preview","1.1.2","Arun Paul","https:\u002F\u002Fprofiles.wordpress.org\u002Farunstheme\u002F","\u003Cp>Blog Link Hover Preview adds beautiful Wikipedia-style hover preview popup cards to internal post links inside WordPress content.\u003C\u002Fp>\n\u003Cp>When a visitor hovers over any internal blog post link, a clean and responsive popup appears showing the post title, featured image, short excerpt, and a “Learn more” link.\u003C\u002Fp>\n\u003Cp>This plugin helps increase engagement, reduce bounce rate, and improve internal linking experience without slowing down your website. The popup automatically adjusts its position on mobile, tablet, and desktop devices.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Wikipedia-style hover preview\u003C\u002Fli>\n\u003Cli>Works only inside blog content\u003C\u002Fli>\n\u003Cli>Pop-up with featured image of linked blog\u003C\u002Fli>\n\u003Cli>Smart auto positioning\u003C\u002Fli>\n\u003Cli>Mobile responsive\u003C\u002Fli>\n\u003Cli>Lightweight and fast\u003C\u002Fli>\n\u003Cli>No header or footer interference\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Customization Options\u003C\u002Fh3>\n\u003Cp>You can customize popup appearance from:\u003C\u002Fp>\n\u003Cp>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Hover Preview\u003C\u002Fp>\n\u003Cp>Available options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pop-up background color\u003C\u002Fli>\n\u003Cli>Title color\u003C\u002Fli>\n\u003Cli>Excerpt color\u003C\u002Fli>\n\u003Cli>Link color\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds Wikipedia-style hover previews on internal post links as a pop-up card, showing the post title, excerpt, and a read more link.",259,"5.5",[19,71,72,20,73],"internal-links","link-popup-card","wikipedia-style","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-link-hover-preview.1.1.2.zip","2026-03-15T10:48:56.248Z",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":14,"requires_at_least":89,"requires_php":23,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":97,"unpatched_count":11,"last_vuln_date":98,"fetched_at":59},"visual-link-preview","Visual Link Preview","2.3.1","Brecht","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrechtvds\u002F","\u003Cp>Easily create a Facebook-like link preview for any link on your website. You can choose the image and text to display and create your very own custom template. The default template can be styled from the settings to match your website.\u003C\u002Fp>\n\u003Cp>Some examples of what you could use this for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A call to action for your affiliate links\u003C\u002Fli>\n\u003Cli>Promote WooCommerce products on your website\u003C\u002Fli>\n\u003Cli>List sources for your article\u003C\u002Fli>\n\u003Cli>A weekly posty of interesting websites you’ve found\u003C\u002Fli>\n\u003Cli>Link to related posts on your own website\u003C\u002Fli>\n\u003Cli>…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It does not require any database lookups, which means even having many of these blocks on a page should not affect performance.\u003C\u002Fp>\n\u003Cp>Compatible with both the Classic and Gutenberg Block Editor using shortcodes and blocks. Also includes full Elementor support with a dedicated widget for easy integration into your Elementor pages.\u003C\u002Fp>\n\u003Cp>The plugin includes multiple URL metadata providers (PHP, Microlink API, and LinkPreview API) with automatic fallback switching. If one provider fails to fetch link information, the plugin automatically tries the next available provider. You can also manually retry with a different provider if needed.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Need help?\u003C\u002Fstrong>\u003Cbr \u002F>\n  Check out \u003Ca href=\"https:\u002F\u002Fhelp.bootstrapped.ventures\u002Fcollection\u002F164-visual-link-preview\" rel=\"nofollow ugc\">our documentation\u003C\u002Fa>!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This plugin is in active development. Feel free to contact us with any feature requests or ideas.\u003C\u002Fp>\n","Display a fully customizable visual link preview for any internal or external link.",10000,166013,90,36,"2026-04-11T13:23:00.000Z","4.4",[20,91,92,93],"snippet","summary","visual-link","http:\u002F\u002Fbootstrapped.ventures\u002Fvisual-link-preview\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisual-link-preview.2.3.1.zip",95,4,"2026-02-19 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":120,"download_link":121,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"bookmark-card","Bookmark Card","2.2.1","George Mamadashvili","https:\u002F\u002Fprofiles.wordpress.org\u002Fmamaduka\u002F","\u003Cp>Bookmark Card will help you to display external links in a rich format. Just like, when you share links on Facebook or Twitter.\u003C\u002Fp>\n","Turn any URL into a beautiful preview card.",700,10787,96,5,"2024-07-16T10:41:00.000Z","6.6.5","6.4","5.6",[116,117,118,119,20],"block","blocks","bookmard","card","https:\u002F\u002Fgithub.com\u002FMamaduka\u002Fbookmark-card","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbookmark-card.2.2.1.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":107,"downloaded":130,"rating":131,"num_ratings":97,"last_updated":132,"tested_up_to":133,"requires_at_least":69,"requires_php":51,"tags":134,"homepage":138,"download_link":139,"security_score":140,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":59},"post-draft-preview","Post Draft Preview","1.2.2","WP Served","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpserved\u002F","\u003Cp>Simple plugin enabling the publication of post drafts.\u003Cbr \u002F>\nIt allows preview of a draft without being logged to the WordPress admin panel.\u003Cbr \u002F>\nCompatible with the Gutenberg and the Classic Editor.\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cp>Content created in WordPress from the moment a post or page is added, but before it is published, receives draft status.\u003Cbr \u002F>\nYou can send the draft to someone else, but that person must have adequate access to the wp-admin section.\u003Cbr \u002F>\nThe problem arises when we want to show a draft of the post to people who do not have access to our wp-admin panel.\u003Cbr \u002F>\nFor this purpose, we have created the Post Draft Preview plugin.\u003C\u002Fp>\n\u003Cp>You can find full plugin description \u003Ca href=\"https:\u002F\u002Fwpserved.com\u002Fplugins\u002Fpost-draft-preview\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Source files\u003C\u002Fh3>\n\u003Cp>You can find plugin’s source files on our GitHub repo \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpserved\u002Fpost-draft-preview\" rel=\"nofollow ugc\">page\u003C\u002Fa>.\u003C\u002Fp>\n","Allow non logged-in users to check a draft of unpublished post by using secret link",5387,66,"2024-02-21T10:23:00.000Z","6.4.8",[135,136,22,137],"draft-preview","post-draft","public-link","https:\u002F\u002Fwpserved.com\u002Fplugins\u002Fpost-draft-preview\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-draft-preview.1.2.2.zip",85,{"attackSurface":142,"codeSignals":186,"taintFlows":195,"riskAssessment":223,"analyzedAt":228},{"hooks":143,"ajaxHandlers":171,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":110,"unprotectedCount":11},[144,150,154,158,162,167],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_enqueue_scripts","lcho_enqueue_admin_scripts","admin\u002Flcho_admin.php",26,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_menu","lcho_register_menu",28,{"type":145,"name":155,"callback":156,"file":148,"line":157},"admin_init","lcho_register_settings",29,{"type":145,"name":159,"callback":160,"file":161,"line":149},"wp_enqueue_scripts","lcho_enqueue_assets","includes\u002Flcho_core.php",{"type":163,"name":164,"callback":165,"file":161,"line":166},"filter","the_content","lcho_inject_post_id",27,{"type":145,"name":155,"callback":168,"file":169,"line":170},"lcho_activation_redirect","lc-hoverpeek.php",40,[172,176,178,179,181],{"action":173,"nopriv":174,"callback":173,"hasNonce":175,"hasCapCheck":175,"file":148,"line":166},"lcho_reset_settings",false,true,{"action":177,"nopriv":174,"callback":177,"hasNonce":175,"hasCapCheck":174,"file":161,"line":153},"lcho_preview",{"action":177,"nopriv":175,"callback":177,"hasNonce":175,"hasCapCheck":174,"file":161,"line":157},{"action":180,"nopriv":174,"callback":180,"hasNonce":175,"hasCapCheck":174,"file":161,"line":33},"lcho_batch",{"action":180,"nopriv":175,"callback":180,"hasNonce":175,"hasCapCheck":174,"file":161,"line":182},31,[],[],[],{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":190,"fileOperations":11,"externalRequests":32,"nonceChecks":193,"capabilityChecks":47,"bundledLibraries":194},[],{"prepared":11,"raw":11,"locations":189},[],{"escaped":191,"rawEcho":11,"locations":192},49,[],3,[],[196,214],{"entryPoint":197,"graph":198,"unsanitizedCount":11,"severity":213},"lcho_preview (includes\u002Flcho_core.php:152)",{"nodes":199,"edges":211},[200,205],{"id":201,"type":202,"label":203,"file":161,"line":204},"n0","source","$_POST",156,{"id":206,"type":207,"label":208,"file":161,"line":209,"wp_function":210},"n1","sink","wp_remote_get() [SSRF]",192,"wp_remote_get",[212],{"from":201,"to":206,"sanitized":175},"low",{"entryPoint":215,"graph":216,"unsanitizedCount":11,"severity":213},"\u003Clcho_core> (includes\u002Flcho_core.php:0)",{"nodes":217,"edges":221},[218,220],{"id":201,"type":202,"label":219,"file":161,"line":204},"$_POST (x2)",{"id":206,"type":207,"label":208,"file":161,"line":209,"wp_function":210},[222],{"from":201,"to":206,"sanitized":175},{"summary":224,"deductions":225},"The lc-hoverpeek v1.0.1 plugin exhibits a strong security posture based on the provided static analysis. A significant positive is the complete absence of dangerous functions, raw SQL queries, and improperly escaped output. The plugin also demonstrates good practice by utilizing prepared statements for all SQL queries and correctly escaping all outputs, indicating developer diligence in preventing common web vulnerabilities like SQL injection and XSS. The taint analysis revealing no unsanitized paths further reinforces this positive assessment.\n\nHowever, there are areas for consideration. While the attack surface is relatively small with only 5 AJAX handlers, the absence of explicit capability checks on all of them is a potential concern. Although no explicit auth checks are listed as missing, it's crucial to ensure that these AJAX handlers are adequately protected against unauthorized access. The presence of external HTTP requests, while not inherently a vulnerability, can introduce risks if the target endpoints are compromised or if the data transmitted is not handled securely.\n\nThe plugin's vulnerability history is spotless, with no recorded CVEs. This is a strong indicator of a well-developed and maintained plugin, or one that has not yet been extensively targeted or scrutinized. Coupled with the strong static analysis, this suggests a low immediate risk. Nevertheless, the absence of capability checks on all AJAX endpoints, however minor, warrants careful review to ensure no unintended privilege escalation or data exposure is possible.",[226],{"reason":227,"points":110},"AJAX handlers without explicit capability checks","2026-04-16T13:24:50.338Z",{"wat":230,"direct":239},{"assetPaths":231,"generatorPatterns":234,"scriptPaths":235,"versionParams":236},[232,233],"\u002Fwp-content\u002Fplugins\u002Flc-hoverpeek\u002Fadmin\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Flc-hoverpeek\u002Fadmin\u002Fadmin.js",[],[233],[237,238],"lc-hoverpeek\u002Fadmin\u002Fadmin.css?ver=","lc-hoverpeek\u002Fadmin\u002Fadmin.js?ver=",{"cssClasses":240,"htmlComments":257,"htmlAttributes":258,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":264},[241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256],"lcho-settings-wrap","lcho-header","lcho-header-title","lcho-info","lcho-info-header","lcho-info-header-left","lcho-toggle-icon","lcho-info-content","lcho-info-grid","lcho-info-item","lcho-card","lcho-card-header","lcho-card-body","lcho-setting-row","lcho-setting-info","lcho-switch",[],[259,260],"data-settings-nonce","data-nonce",[],[263],"lcho_admin",[],{"error":175,"url":266,"statusCode":267,"statusMessage":268,"message":268},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flc-hoverpeek\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":270},[271,276],{"version":6,"download_url":24,"svn_tag_url":272,"released_at":26,"has_diff":174,"diff_files_changed":273,"diff_lines":26,"trac_diff_url":274,"vulnerabilities":275,"is_current":175},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flc-hoverpeek\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flc-hoverpeek%2Ftags%2F1.0.0&new_path=%2Flc-hoverpeek%2Ftags%2F1.0.1",[],{"version":277,"download_url":278,"svn_tag_url":279,"released_at":26,"has_diff":174,"diff_files_changed":280,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":281,"is_current":174},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flc-hoverpeek.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flc-hoverpeek\u002Ftags\u002F1.0.0\u002F",[],[]]