[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhgl-pA90VsHwVhpOzcCYamFl97Vb3RUnwa-EFpi8A1o":3,"$fFCdrqP2qe8R9E0avb1C-ZRgK3waWjQZnlsAe2KF50Ec":138,"$fG4uPbha7_5T5Y0a3xpAMWb70D3vLAuUWHhsqCBJpCfo":143},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":6,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"discovery_status":22,"vulnerabilities":23,"developer":24,"crawl_stats":20,"alternatives":30,"analysis":31,"fingerprints":111},"list-a-category-of-links","Category of Posts","2.0","ljmacphee","https:\u002F\u002Fprofiles.wordpress.org\u002Fljmacphee\u002F","\u003Cp>This will create a list of all your posts in one specific category.  They will be ordered alphabetically by category.\u003Cbr \u002F>\nYou can put this as a list in your side bar, a page or a post\u003C\u002Fp>\n","This will create a list of all your posts in one specific category.  They will be ordered alphabetically by category.",10,2813,0,"2007-10-19T19:56:00.000Z","",[],"http:\u002F\u002Fherselfswebtools.com\u002F2007\u002F10\u002Fhow-to-list-all-posts-from-a-specific-category-in-your-sidebar-in-wordpress.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flist-a-category-of-links.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":19,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},6,80,30,84,"2026-07-15T05:38:52.032Z",[],{"attackSurface":32,"codeSignals":49,"taintFlows":67,"riskAssessment":95,"analyzedAt":110},{"hooks":33,"ajaxHandlers":45,"restRoutes":46,"shortcodes":47,"cronEvents":48,"entryPointCount":13,"unprotectedCount":13},[34,40],{"type":35,"name":36,"callback":37,"file":38,"line":39},"filter","the_content","pc_generate","list-a-category.php",129,{"type":41,"name":42,"callback":43,"file":38,"line":44},"action","admin_menu","pc_add_option_pages",130,[],[],[],[],{"dangerousFunctions":50,"sqlUsage":51,"outputEscaping":59,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":66},[],{"prepared":13,"raw":52,"locations":53},2,[54,57],{"file":38,"line":55,"context":56},74,"$wpdb->get_results() with variable interpolation",{"file":38,"line":58,"context":56},111,{"escaped":13,"rawEcho":52,"locations":60},[61,64],{"file":38,"line":62,"context":63},39,"raw output",{"file":38,"line":65,"context":63},49,[],[68,86],{"entryPoint":69,"graph":70,"unsanitizedCount":84,"severity":85},"pc_options_page (list-a-category.php:22)",{"nodes":71,"edges":81},[72,76],{"id":73,"type":74,"label":75,"file":38,"line":62},"n0","source","$_SERVER['REQUEST_URI']",{"id":77,"type":78,"label":79,"file":38,"line":62,"wp_function":80},"n1","sink","echo() [XSS]","echo",[82],{"from":73,"to":77,"sanitized":83},false,1,"medium",{"entryPoint":87,"graph":88,"unsanitizedCount":84,"severity":94},"\u003Clist-a-category> (list-a-category.php:0)",{"nodes":89,"edges":92},[90,91],{"id":73,"type":74,"label":75,"file":38,"line":62},{"id":77,"type":78,"label":79,"file":38,"line":62,"wp_function":80},[93],{"from":73,"to":77,"sanitized":83},"low",{"summary":96,"deductions":97},"The static analysis of the \"list-a-category-of-links\" v2.0 plugin reveals a generally clean codebase with no identified direct attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. This indicates a good understanding of the plugin's entry points. However, the analysis also flags critical concerns within the code's handling of data.  Specifically, the presence of SQL queries that are not prepared and output that is not properly escaped presents a significant risk of SQL injection and cross-site scripting (XSS) vulnerabilities, respectively. The taint analysis further supports these concerns by highlighting unsanitized data flows, even though no critical or high severity vulnerabilities were flagged in this particular scan.\n\nThe plugin's vulnerability history is entirely clean, with no recorded CVEs. This is a positive indicator, suggesting that the developers have either been diligent in their security practices or the plugin has not yet been a target for in-depth security research.  However, the presence of unescaped output and unprepared SQL queries, even with a clean history, means that these vulnerabilities are latent and could be exploited if they were discovered. Therefore, while the plugin has a strong defensive posture against common attack surfaces and a history of no vulnerabilities, the internal code quality regarding data handling needs immediate attention to prevent future security breaches.",[98,100,103,106,108],{"reason":99,"points":11},"SQL queries lack prepared statements",{"reason":101,"points":102},"Output is not properly escaped",7,{"reason":104,"points":105},"Taint flows with unsanitized paths",5,{"reason":107,"points":105},"No capability checks",{"reason":109,"points":105},"No nonce checks","2026-03-16T23:24:25.923Z",{"wat":112,"direct":117},{"assetPaths":113,"generatorPatterns":114,"scriptPaths":115,"versionParams":116},[],[],[],[],{"cssClasses":118,"htmlComments":121,"htmlAttributes":123,"restEndpoints":130,"jsGlobals":131,"shortcodeOutput":132},[119,120],"wrap","options",[122]," listacategory ",[124,125,126,127,126,128,127,129],"id=\"message\"","class=\"updated fade\"","id=\"info_update\"","name=\"info_update\"","name=\"category_number\"","value=\"Update options &raquo;\"",[],[],[133,134,135,136,137],"\u003Cul>","\u003Cli>\u003Ca href=\"","\">","\u003C\u002Fa>\u003C\u002Fli>","\u003C\u002Ful>",{"error":139,"url":140,"statusCode":141,"statusMessage":142,"message":142},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flist-a-category-of-links\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":144},[]]