[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZ30es2WkkL0F3Hzk-yxtCy12FjSxJRUByEhdqIP33LM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":134,"fingerprints":268},"marctv-ajax-trash-comments","MarcTV Moderate Comments","2.2","Marc Tönsing","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcdk\u002F","\u003Cp>Adds a link next to the reply link below each comment, which allows visitors to flag comments as inappropriate.\u003Cbr \u002F>\nA sub page to comments in admin is added, where an administrator may review all the flagged comments and decide\u003Cbr \u002F>\nif they should be removed or not.\u003C\u002Fp>\n\u003Cp>Admins or logged-in users with comment moderation permissions are able trash or replace comments with\u003Cbr \u002F>\none click in the frontend. This action can not be undone. A “trash” link will appear bellow all comments.\u003Cbr \u002F>\nDon’t worry: You can untrash them if until you reload. You are also able to replace the comment text with a custom\u003Cbr \u002F>\ntext which can be set in the settings.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ability for visitors to report comments they find offensive.\u003C\u002Fli>\n\u003Cli>Once a flagged comment has been deemed ok, it wont be able to be flagged again.\u003C\u002Fli>\n\u003Cli>Flagging is done via ajax for smoother experience for the visitors.\u003C\u002Fli>\n\u003Cli>Decide whether all visitors or only logged in users can report comments.\u003C\u002Fli>\n\u003Cli>Trashing and Replacing with ajax in the frontend for faster moderation.\u003C\u002Fli>\n\u003Cli>Fully localized. Comes with English and German translations.\u003C\u002Fli>\n\u003C\u002Ful>\n","Grants visitors the ability to report inappropriate comments and admins to replace and trash them in the frontend.",10,4720,80,2,"2022-09-24T15:28:00.000Z","6.0.11","3.0","",[20,21,22,23,24],"admin","ajax","comments","flag","report","http:\u002F\u002Fmarctv.de\u002Fblog\u002Fmarctv-wordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarctv-ajax-trash-comments.2.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"marcdk",14,11100,95,1,97,"2026-04-04T01:11:52.211Z",[41,61,82,96,111],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":59,"download_link":60,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"safe-report-comments","Safe Report Comments","0.4.1","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderation where the moderator can decide whether or not he want to approve the comment or not. If a comment is approved by a moderator it will not be auto-moderated again while still counting the amount of reports.\u003C\u002Fp>\n\u003Ch3>Customizations\u003C\u002Fh3>\n\u003Cp>By default this script should hook in just fine in most existing themes as it attaches itsself after the comment-reply link via the comment_reply_link filter.\u003Cbr \u002F>\nIn case this does not work out you can place the flagging link manually by defining no_autostart_safe_report_comments in your themes’ functions.php file and initializing the class via \u003Ccode>$safe_report_comments = new Safe_Report_Comments(false);\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Here is an example of a custom setup via functions.php and placing the link comments callback function.\u003C\u002Fp>\n\u003Cp>In functions.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002Fflag comments plugin included in themes' functions.php - disable plugin.\ndefine( 'no_autostart_safe_report_comments', true );\ninclude_once( 'replace-with-path-to\u002Fsafe-report-comments\u002Fsafe-report-comments.php');\n\u002F\u002F make sure not to auto-attach to comment reply link\n$safe_report_comments = new Safe_Report_Comments(false);\n\n\u002F\u002F change link layout to have a pipe prepended\nadd_filter( 'safe_report_comments_flagging_link', 'adjust_flagging_link' );\nfunction adjust_flagging_link( $link ) {\n    return ' | ' . $link;\n}\n\n\u002F\u002F adjust the text to \"Report abuse\" rather than \"Report comment\"\nadd_filter( 'safe_report_comments_flagging_link_text', 'adjust_flagging_text' );\nfunction adjust_flagging_text( $text ) {\n    return 'Report abuse';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In your custom comment callback function used by wp_list_comments: https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fwp_list_comments place the following action which will print the link.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php do_action( 'comment_report_abuse_link' ); ?> \n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A possible callback function could look like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function mytheme_comment($comment, $args, $depth) {\n    $GLOBALS['comment'] = $comment; ?>\n    \u003Cli \u003C?php comment_class(); ?> id=\"li-comment-\u003C?php comment_ID() ?>\">\n        \u003Cdiv id=\"comment-\u003C?php comment_ID(); ?>\">\n            \u003Cdiv class=\"comment-author vcard\">\n                \u003C?php echo get_avatar($comment,$size='48',$default='\u003Cpath_to_url>' ); ?>\n                \u003C?php printf(__('\u003Ccite class=\"fn\">%s\u003C\u002Fcite> \u003Cspan class=\"says\">says:\u003C\u002Fspan>'), get_comment_author_link()) ?>\n            \u003C\u002Fdiv>\n            \u003C?php if ($comment->comment_approved == '0') : ?>\n            \u003Cem>\u003C?php _e('Your comment is awaiting moderation.') ?>\u003C\u002Fem>\n            \u003Cbr \u002F>\n        \u003C?php endif; ?>\n        \u003Cdiv class=\"comment-meta commentmetadata\">\u003Ca href=\"\u003C?php echo htmlspecialchars( get_comment_link( $comment->comment_ID ) ) ?>\">\u003C?php printf(__('%1$s at %2$s'), get_comment_date(),  get_comment_time()) ?>\u003C\u002Fa>\u003C?php edit_comment_link(__('(Edit)'),'    ','') ?>\u003C\u002Fdiv>\n\n        \u003C?php comment_text() ?>\n\n        \u003Cdiv class=\"reply\">\n            \u003C?php comment_reply_link(array_merge( $args, array('depth' => $depth, 'max_depth' => $args['max_depth']))) ?>\n        \u003C\u002Fdiv>\n        \u003Cdiv class=\"report-abuse\">\n            \u003C?php do_action( 'comment_report_abuse_link' ); ?>\n        \u003C\u002Fdiv>\n    \u003C\u002Fdiv>\n    \u003C?php\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Furthermore there are various actions and filters within the script to allow easy alteration of implemented behavior. Please see inline documentation.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cp>Automatic mode implementation currently does not work with threaded comments in the last level of threading. As the script attaches itself to the comment_reply which is not displayed once the maximum threading level is reached the abuse link is missing at this point. As a workaround set the threading level higher than the likely amount of threading depth.\u003C\u002Fp>\n","This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderat &hellip;",200,27317,60,7,"2018-11-30T07:00:00.000Z","5.0.25","3.3",[22,23,57,24,58],"flagging","report-comments","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsafe-report-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-report-comments.0.4.1.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":49,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":80,"download_link":81,"security_score":70,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"zeno-report-comments","Zeno Report Comments","2.3.2","Marcel Pol","https:\u002F\u002Fprofiles.wordpress.org\u002Fmpol\u002F","\u003Cp>This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold is reached the comment is put into moderation where the moderator can decide whether or not he want to approve the comment or not. If a comment is approved by a moderator it will not be auto-moderated again while still counting the amount of reports.\u003C\u002Fp>\n\u003Cp>This plugin is a fork of safe-report-comments and has some features incorporated from crowd-control (a different fork).\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin is compatible with \u003Ca href=\"https:\u002F\u002Fwww.classicpress.net\" rel=\"nofollow ugc\">ClassicPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>This plugin is also available in \u003Ca href=\"https:\u002F\u002Fcodeberg.org\u002Fcyclotouriste\u002Fzeno-report-comments\" rel=\"nofollow ugc\">Codeberg\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cp>Automatic mode implementation currently does not work with threaded comments in the last level of threading. As the script attaches itself to the comment_reply which is not displayed once the maximum threading level is reached the abuse link is missing at this point. As a workaround set the threading level higher than the likely amount of threading depth.\u003C\u002Fp>\n","This plugin gives your visitors the possibility to report a comment as inappropriate. After a set threshold the comment is put into moderation.",11875,100,8,"2026-01-10T09:34:00.000Z","6.9.4","4.1","7.0",[77,78,58,42,79],"crowd-control","flag-comments","spam-comment","https:\u002F\u002Fzenoweb.nl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzeno-report-comments.2.3.2.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":13,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":17,"requires_php":18,"tags":94,"homepage":18,"download_link":95,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"reportcomments","Report Comments","1.2","lefalque","https:\u002F\u002Fprofiles.wordpress.org\u002Flefalque\u002F","\u003Cp>Adds a link next to the reply link below each comment, which allows visitors to flag comments as inappropriate. A sub page to comments in admin is added, where an administrator may review all the flagged comments and decide if they should be removed or not.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ability for visitors to report comments they find offensive.\u003C\u002Fli>\n\u003Cli>Once a flagged comment has been deemed ok, it wont be able to be flagged again.\u003C\u002Fli>\n\u003Cli>Flagging is done via ajax for smoother experience for the visitors.\u003C\u002Fli>\n\u003Cli>Decide whether all visitors or only logged in users can report comments.\u003C\u002Fli>\n\u003Cli>Fully localized. Comes with English and Swedish translations.\u003C\u002Fli>\n\u003C\u002Ful>\n","Gives visitors the possibility to report inappropriate comments. Reported comments will show up in admin where they may be reviewed.",3427,6,"2013-05-07T11:24:00.000Z","3.5.2",[20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freportcomments.1.2.3.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":28,"downloaded":104,"rating":28,"num_ratings":28,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":75,"tags":108,"homepage":109,"download_link":110,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"reported-comments","Reported Comments","1.0","Jamel.Z","https:\u002F\u002Fprofiles.wordpress.org\u002Flebleut\u002F","\u003Cp>Reported Comments gives the ability for your sites user to report\u002Fflag a comment\u003Cbr \u002F>\nIt allows you as an administrator or moderator some essential options to specify :\u003Cbr \u002F>\n* The moderator Email\u003Cbr \u002F>\n* The report labels\u002Ftypes\u003Cbr \u002F>\n* The Email title\u003Cbr \u002F>\n* The Email template body (allowing HTML)\u003C\u002Fp>\n\u003Cp>In the E-Mail title and body you can use shortcodes\u002Fmodifiers like :\u003Cbr \u002F>\n* \u003Ccode>%comment%\u003C\u002Fcode> : The comment content\u003Cbr \u002F>\n* \u003Ccode>%comment_link%\u003C\u002Fcode> : The URL to the comment\u003Cbr \u002F>\n* \u003Ccode>%comment_author%\u003C\u002Fcode> : The comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_author_email%\u003C\u002Fcode> : The email of the comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_author_link%\u003C\u002Fcode> : The URL to the comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_author_ip%\u003C\u002Fcode> : The IP of the comment author\u003Cbr \u002F>\n* \u003Ccode>%comment_action_trash%\u003C\u002Fcode> : The link to trash the comment\u003Cbr \u002F>\n* \u003Ccode>%comment_action_spam%\u003C\u002Fcode> : The link to spam the comment\u003Cbr \u002F>\n* \u003Ccode>%report_type%\u003C\u002Fcode> : The report type\u003Cbr \u002F>\n* \u003Ccode>%report_author%\u003C\u002Fcode> : The report author\u003Cbr \u002F>\n* \u003Ccode>%report_author_link%\u003C\u002Fcode> : The URL to the report author\u003Cbr \u002F>\n* \u003Ccode>%post%\u003C\u002Fcode> : The post name\u003C\u002Fp>\n\u003Cp>Your suggestions are welcome\u003C\u002Fp>\n","Reported Comments gives the ability for your sites user to report\u002Fflag a comment",929,"2020-05-12T21:56:00.000Z","5.4.19","4.7",[57,58],"https:\u002F\u002Fwww.tooltipy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freported-comments.1.0.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":132,"download_link":133,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"heartbeat-control","Heartbeat Control","2.0.1","WP Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp_media\u002F","\u003Cp>Heartbeat Control by WP Rocket allows you to manage the frequency of the WordPress heartbeat API in a few clicks.\u003C\u002Fp>\n\u003Cp>The WordPress Heartbeat API is a great feature that provides real-time communication between the server and the browser when you are logged into your WordPress admin panel. It uses the file \u002Fwp-admin\u002Fadmin-ajax.php to run AJAX calls from the browser. By default, AJAX requests are sent every 15 seconds on post edit pages, and every 60 seconds on the dashboard.\u003C\u002Fp>\n\u003Cp>This is indeed helpful; but if you usually leave your WordPress admin open for long periods (for example when you write or edit posts), the AJAX requests from the API can pile up and generate high CPU usage, leading to server performance issues and even hosting account suspensions.\u003C\u002Fp>\n\u003Cp>With Heartbeat Control by WP Rocket, you can easily choose to limit or completely stop the activity of the WordPress Heartbeat API. You can also add rules for specific locations only (Dashboard, Frontend or Post Editor).\u003C\u002Fp>\n\u003Cp>To learn more about WordPress performance optimization and make your website faster, join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002FWPRocketUsers\u002F\" rel=\"nofollow ugc\">WP Rocket Facebook Community\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch4>Related Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-rocket.me\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=HeartBeatPlugin\" rel=\"nofollow ugc\">WP Rocket\u003C\u002Fa>: Best caching plugin to speed-up your WordPress website.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frocket-lazy-load\u002F\" rel=\"ugc\">Lazy Load by WP Rocket\u003C\u002Fa>: Best Lazy Load script to reduce the number of HTTP requests and improves the websites loading time.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimagify\u002F\" rel=\"ugc\">Imagify\u003C\u002Fa>: Best Image Optimizer to speed up your website with lighter images.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows you to easily manage the frequency of the WordPress heartbeat API.",80000,1216108,84,68,"2023-08-31T13:23:00.000Z","6.3.8","3.6","5.3",[128,129,130,112,131],"admin-ajax","heartbeat","heartbeat-api","server-resources","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fheartbeat-control\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheartbeat-control.2.0.1.zip",{"attackSurface":135,"codeSignals":163,"taintFlows":224,"riskAssessment":261,"analyzedAt":267},{"hooks":136,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":28,"unprotectedCount":28},[137,143,148,152,155],{"type":138,"name":139,"callback":140,"priority":11,"file":141,"line":142},"filter","comment_text","printModerateLinks","marctv-moderate.php",73,{"type":144,"name":145,"callback":146,"file":141,"line":147},"action","wp_print_styles","enqueScripts",79,{"type":144,"name":149,"callback":150,"file":141,"line":151},"admin_menu","registerCommentsPage",124,{"type":144,"name":149,"callback":153,"file":141,"line":154},"registerSettingsPage",125,{"type":144,"name":156,"callback":157,"file":141,"line":158},"admin_init","registerSettings",128,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":168,"fileOperations":28,"externalRequests":28,"nonceChecks":71,"capabilityChecks":222,"bundledLibraries":223},[],{"prepared":166,"raw":28,"locations":167},4,[],{"escaped":14,"rawEcho":169,"locations":170},32,[171,174,177,179,181,183,184,185,186,188,190,191,192,193,195,196,197,198,200,202,203,205,206,208,209,211,212,214,216,218,219,220],{"file":141,"line":172,"context":173},499,"raw output",{"file":175,"line":176,"context":173},"pages\\comments-list.php",9,{"file":175,"line":178,"context":173},28,{"file":175,"line":180,"context":173},30,{"file":175,"line":182,"context":173},31,{"file":175,"line":182,"context":173},{"file":175,"line":169,"context":173},{"file":175,"line":169,"context":173},{"file":175,"line":187,"context":173},42,{"file":175,"line":189,"context":173},44,{"file":175,"line":189,"context":173},{"file":175,"line":189,"context":173},{"file":175,"line":189,"context":173},{"file":175,"line":194,"context":173},45,{"file":175,"line":194,"context":173},{"file":175,"line":194,"context":173},{"file":175,"line":194,"context":173},{"file":175,"line":199,"context":173},46,{"file":175,"line":201,"context":173},47,{"file":175,"line":201,"context":173},{"file":175,"line":204,"context":173},48,{"file":175,"line":204,"context":173},{"file":175,"line":207,"context":173},52,{"file":175,"line":207,"context":173},{"file":210,"line":52,"context":173},"pages\\settings.php",{"file":210,"line":34,"context":173},{"file":210,"line":213,"context":173},17,{"file":210,"line":215,"context":173},20,{"file":210,"line":217,"context":173},27,{"file":210,"line":180,"context":173},{"file":210,"line":182,"context":173},{"file":210,"line":221,"context":173},33,5,[],[225,243,252],{"entryPoint":226,"graph":227,"unsanitizedCount":28,"severity":242},"ignoreReport (marctv-moderate.php:418)",{"nodes":228,"edges":239},[229,234],{"id":230,"type":231,"label":232,"file":141,"line":233},"n0","source","$_SERVER['HTTP_REFERER']",433,{"id":235,"type":236,"label":237,"file":141,"line":233,"wp_function":238},"n1","sink","wp_redirect() [Open Redirect]","wp_redirect",[240],{"from":230,"to":235,"sanitized":241},true,"low",{"entryPoint":244,"graph":245,"unsanitizedCount":28,"severity":242},"replaceCommentReport (marctv-moderate.php:440)",{"nodes":246,"edges":250},[247,249],{"id":230,"type":231,"label":232,"file":141,"line":248},465,{"id":235,"type":236,"label":237,"file":141,"line":248,"wp_function":238},[251],{"from":230,"to":235,"sanitized":241},{"entryPoint":253,"graph":254,"unsanitizedCount":28,"severity":242},"\u003Cmarctv-moderate> (marctv-moderate.php:0)",{"nodes":255,"edges":259},[256,258],{"id":230,"type":231,"label":257,"file":141,"line":233},"$_SERVER['HTTP_REFERER'] (x2)",{"id":235,"type":236,"label":237,"file":141,"line":233,"wp_function":238},[260],{"from":230,"to":235,"sanitized":241},{"summary":262,"deductions":263},"The marctv-ajax-trash-comments plugin v2.2 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any recorded CVEs and the positive indicators in the code signals, such as 100% of SQL queries using prepared statements and robust use of nonce and capability checks, are commendable. The plugin also demonstrates a minimal attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission callbacks.\n\nHowever, the static analysis does reveal a significant concern regarding output escaping. With only 6% of 34 total outputs properly escaped, there is a high risk of cross-site scripting (XSS) vulnerabilities. This means that user-supplied data, if it can be injected into these unescaped outputs, could be rendered maliciously in a user's browser. While taint analysis did not identify any specific unsanitized paths, the sheer volume of unescaped output creates a substantial potential entry point for XSS attacks. The lack of known vulnerabilities historically is positive but does not negate the identified code quality issues.\n\nIn conclusion, while the plugin is well-protected against common attack vectors like unauthorized access to entry points and direct SQL injection, the inadequate output escaping presents a critical weakness. Developers should prioritize addressing this by implementing proper escaping mechanisms for all dynamic output to mitigate the risk of XSS. The plugin's strengths lie in its controlled attack surface and secure handling of database interactions.",[264],{"reason":265,"points":266},"Insufficient output escaping (6% proper)",15,"2026-03-17T00:40:07.506Z",{"wat":269,"direct":280},{"assetPaths":270,"generatorPatterns":274,"scriptPaths":275,"versionParams":276},[271,272,273],"\u002Fwp-content\u002Fplugins\u002Fmarctv-ajax-trash-comments\u002Fmarctv-moderate.css","\u002Fwp-content\u002Fplugins\u002Fmarctv-ajax-trash-comments\u002Fmarctv-moderate.js","\u002Fwp-content\u002Fplugins\u002Fmarctv-ajax-trash-comments\u002Fmarctv-moderate-admin.js",[],[272,273],[277,278,279],"marctv-moderate_script","marctv-moderate_style","marctv-moderate_admin_script",{"cssClasses":281,"htmlComments":284,"htmlAttributes":285,"restEndpoints":286,"jsGlobals":287,"shortcodeOutput":289},[282,283],"update-plugins","update-count",[],[],[],[288],"marctvmoderatejs",[]]