[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH74WDPgRC0Uzf31-O4a5FhXd6Lvh05kzWU5y21yACGk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":142,"fingerprints":257},"meet-your-commenters","Meet Your Commenters","1.2","Artberri","https:\u002F\u002Fprofiles.wordpress.org\u002Fartberri\u002F","\u003Cp>When someone comments on your blog and writes a comment with his\u002Fher URL, is leaving more information than you think. This plugin displays web pages and profiles of those users in the dashboard, so you can add them as friends if you are in the same social network.\u003C\u002Fp>\n\u003Cp>This is possible thanks to the Google Social Graph API. The profiles are showed because the commenter claims them as its owner on his web linking them with \u003Ccode>rel=\"me\"\u003C\u002Fcode>. The ones which are with italic font are not reliable and they could not be of the user.\u003C\u002Fp>\n\u003Cp>Comments, questions and bug reports are welcome: \u003Ca href=\"http:\u002F\u002Fwww.berriart.com\u002Fmeet-your-commenters\u002F\" title=\"Meet Your Commenters\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.berriart.com\u002Fmeet-your-commenters\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Displays web pages and social networks' profiles of your commenters in the dashboard.",10,12189,80,1,"2010-06-27T23:13:00.000Z","3.0.5","2.5","",[20,21,22,23],"admin","dashboard","social-networks","widget","http:\u002F\u002Fwww.berriart.com\u002Fmeet-your-commenters\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeet-your-commenters.1.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"artberri",4,40,30,84,"2026-04-05T02:40:37.329Z",[39,64,86,105,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":14,"unpatched_count":27,"last_vuln_date":63,"fetched_at":29},"error-log-monitor","Error Log Monitor","1.7.12","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>This plugin adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send you email notifications about newly logged errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically detects error log location.\u003C\u002Fli>\n\u003Cli>Explains how to configure PHP error logging if it’s not enabled yet.\u003C\u002Fli>\n\u003Cli>The number of displayed log entries is configurable.\u003C\u002Fli>\n\u003Cli>Sends you email notifications about logged errors (optional).\u003C\u002Fli>\n\u003Cli>Configurable email address and frequency.\u003C\u002Fli>\n\u003Cli>You can easily clear the log file.\u003C\u002Fli>\n\u003Cli>The dashboard widget is only visible to administrators.\u003C\u002Fli>\n\u003Cli>Optimized to work well even with very large log files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you’ve installed the plugin, go to the Dashboard and enable the “PHP Error Log” widget through the “Screen Options” panel. The widget should automatically display the last 20 lines from your PHP error log. If you see an error message like “Error logging is disabled” instead, follow the displayed instructions to configure error logging.\u003C\u002Fp>\n\u003Cp>Email notifications are disabled by default. To enable them, click the “Configure” link in the top-right corner of the widget and enter your email address in the “Periodically email logged errors to:” box. If desired, you can also change email frequency by selecting the minimum time interval between emails from the “How often to send email” drop-down.\u003C\u002Fp>\n","Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.",20000,631204,86,48,"2025-10-01T15:12:00.000Z","6.8.5","4.5","7.4",[20,56,57,58,59],"administration","dashboard-widget","error-reporting","php","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2012\u002F07\u002F25\u002Ferror-log-monitor-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ferror-log-monitor.1.7.12.zip",99,"2019-02-25 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":54,"tags":79,"homepage":83,"download_link":84,"security_score":85,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-widget-disable","Widget Disable","3.0.1","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>This simple plugin allows you to disable any sidebar and dashboard widget for the current WordPress site you are on. It provides a simple user interface available to users with \u003Ccode>edit_theme_options\u003C\u002Fcode> capabilities (usually Administrator role) available under Appearance -> Disable Widgets.\u003Cbr \u002F>\nAfter saving the settings, the sidebar and dashboard widgets are removed from and the user can’t see those widgets anymore.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer? Get to know the hooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Have a look at the filters we provide:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_widget_disable_default_sidebar_widgets\u003C\u002Fcode> – Allows you to exclude certain sidebar widgets from being disabled.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_widget_disable_default_dashboard_widgets\u003C\u002Fcode> – Allows you to exclude certain dashboard widgets from being disabled.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Contributions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002FWP-Widget-Disable\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" title=\"Team of experienced web professionals from Switzerland & Germany\" rel=\"nofollow ugc\">required\u003C\u002Fa>\u003C\u002Fp>\n","Disable sidebar and dashboard widgets with an easy to use interface.",10000,185111,96,24,"2024-11-18T13:40:00.000Z","6.7.5","6.0",[20,21,80,81,82],"dashboard-widgets","sidebar-widgets","widgets","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fwp-widget-disable\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widget-disable.3.0.1.zip",92,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":11,"last_updated":97,"tested_up_to":52,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":102,"download_link":103,"security_score":104,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"server-info","Server Info","0.0.1","Usman Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fusmanaliqureshi\u002F","\u003Cp>This plugin will show you useful information about the hosting server you are using e.g. PHP version, MySQL version, Server OS, Server Protocol, Server IP and other useful information. You can use the information displayed by this plugin to update any settings which is crucial for your website performance and other aspects.\u003C\u002Fp>\n\u003Cp>You will see the information about:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP Version\u003C\u002Fli>\n\u003Cli>Operating System\u003C\u002Fli>\n\u003Cli>Server IP\u003C\u002Fli>\n\u003Cli>Server Hostname\u003C\u002Fli>\n\u003Cli>MySQL Version\u003C\u002Fli>\n\u003Cli>System Uptime\u003C\u002Fli>\n\u003Cli>Active Theme\u003C\u002Fli>\n\u003Cli>Active Plugins\u003C\u002Fli>\n\u003Cli>Database Name\u003C\u002Fli>\n\u003Cli>Database Username\u003C\u002Fli>\n\u003Cli>Database Hostname\u003C\u002Fli>\n\u003Cli>Database Charset\u003C\u002Fli>\n\u003Cli>Database Collate\u003C\u002Fli>\n\u003Cli>WordPress Debugging (Enabled\u002FDisabled)\u003C\u002Fli>\n\u003Cli>WordPress Memory Limit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please rate the Plugin if you find it useful, thanks.\u003C\u002Fp>\n","This plugin will show you very useful information about your hosting server such as PHP version, Server OS, Server IP etc.",3000,56532,72,"2025-05-19T05:40:00.000Z","5.2","7.3",[20,21,87,101,23],"server-status","https:\u002F\u002Fgithub.com\u002Fusmanaliqureshi\u002Fserver-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-info.zip",100,{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":74,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":122,"download_link":123,"security_score":85,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"dashboard-commander","Dashboard Commander","1.0.3","Josh Hartman","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshhartman\u002F","\u003Cp>Command your admin dashboard. Manage built-in widgets (Right Now, Recent Comments, etc.) and dynamically registered widgets (Google Analytics Summary, WP E-Commerce Dashboard, etc.). Hide widgets depending upon user capabilities.\u003C\u002Fp>\n\u003Cp>This plugin is based upon Dave Kinkead’s Dashboard Heaven plugin and extends it to support dynamically registered widgets, such as dashboard widgets that are added by a plugin.\u003C\u002Fp>\n\u003Cp>After installation access to all dashboard widgets is removed, then you can use the options at Settings > Dashboard Commander to configure the minimum access level for each widget.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7YBOm5ov3vs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Command your admin dashboard. Manage built-in widgets and dynamically registered widgets. Hide widgets depending upon user capabilities.",900,34553,8,"2024-04-05T06:01:00.000Z","6.5.8","2.9.2",[20,120,21,121,82],"command","manage","http:\u002F\u002Fwww.warpconduit.net\u002Fwordpress-plugins\u002Fdashboard-commander\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-commander.1.0.3.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":104,"num_ratings":115,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":99,"tags":137,"homepage":140,"download_link":141,"security_score":104,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"dashboard-quick-link-widget","Dashboard quick links widget","1.6.0","Hem Thapa","https:\u002F\u002Fprofiles.wordpress.org\u002Fhemthapa\u002F","\u003Cp>A lightweight plugin to allows admins to create an admin dashboard widget with frequently accessed links for quick access.\u003C\u002Fp>\n\u003Cp>I originally developed this plugin after spending hours creating client\u002Fuser documentation for every WordPress project. Instead of writing step-by-step navigation documentation, I used this plugin to organise all necessary links on the single widget for non-technical users. As a developer, I also use this script myself to organise frequently accessed links for quick access.\u003C\u002Fp>\n\u003Ch4>Links format\u003C\u002Fh4>\n\u003Cp>Each link should be entered in a separate line in the following format\u003Cbr \u002F>\n(the fourth parameter, i.e. font awesome icon class is optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ccode>Link text|Button link|Button text|font-awesome icon class\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>Post blog|\u002Fwp-admin\u002Fpost-new.php|Post blog\nPost blog|\u002Fwp-admin\u002Fpost-new.php|Post blog|fa fa-cog\nPost blog|\u002Fwp-admin\u002Fpost-new.php newtab|Post blog|fa fa-cog`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you have any feedback or queries please contact me at \u003Ca href=\"http:\u002F\u002Fhemthapa.com?ref=wp_dqlw\"hemthapa.com\"\" rel=\"nofollow ugc\">hemthapa.com\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin to allows admins to create a admin dashboard widget with frequently accessed links for quick access.",700,8592,"2026-01-23T07:08:00.000Z","6.9.4","3.0",[20,21,138,139,23],"links","shortcut-widget","http:\u002F\u002Fwww.hemthapa.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-quick-link-widget.1.6.0.zip",{"attackSurface":143,"codeSignals":159,"taintFlows":203,"riskAssessment":241,"analyzedAt":256},{"hooks":144,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":27,"unprotectedCount":27},[145,151],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","meetYourCommenters_admin_menu","meet-your-commenters.php",51,{"type":146,"name":152,"callback":153,"file":149,"line":154},"wp_dashboard_setup","meetYourCommenters_register_dashboard_widget",52,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":171,"fileOperations":201,"externalRequests":14,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":202},[],{"prepared":27,"raw":162,"locations":163},3,[164,167,169],{"file":149,"line":165,"context":166},65,"$wpdb->get_results() with variable interpolation",{"file":149,"line":168,"context":166},169,{"file":149,"line":170,"context":166},224,{"escaped":27,"rawEcho":172,"locations":173},13,[174,177,179,181,183,185,187,189,191,193,195,197,199],{"file":149,"line":175,"context":176},73,"raw output",{"file":149,"line":178,"context":176},77,{"file":149,"line":180,"context":176},177,{"file":149,"line":182,"context":176},178,{"file":149,"line":184,"context":176},184,{"file":149,"line":186,"context":176},186,{"file":149,"line":188,"context":176},208,{"file":149,"line":190,"context":176},209,{"file":149,"line":192,"context":176},212,{"file":149,"line":194,"context":176},215,{"file":149,"line":196,"context":176},219,{"file":149,"line":198,"context":176},223,{"file":149,"line":200,"context":176},230,2,[],[204,230],{"entryPoint":205,"graph":206,"unsanitizedCount":162,"severity":229},"meetYourCommenters_reports_page (meet-your-commenters.php:161)",{"nodes":207,"edges":225},[208,213,218,221],{"id":209,"type":210,"label":211,"file":149,"line":212},"n0","source","$_REQUEST",164,{"id":214,"type":215,"label":216,"file":149,"line":168,"wp_function":217},"n1","sink","get_results() [SQLi]","get_results",{"id":219,"type":210,"label":220,"file":149,"line":212},"n2","$_REQUEST (x2)",{"id":222,"type":215,"label":223,"file":149,"line":184,"wp_function":224},"n3","echo() [XSS]","echo",[226,228],{"from":209,"to":214,"sanitized":227},false,{"from":219,"to":222,"sanitized":227},"high",{"entryPoint":231,"graph":232,"unsanitizedCount":162,"severity":229},"\u003Cmeet-your-commenters> (meet-your-commenters.php:0)",{"nodes":233,"edges":238},[234,235,236,237],{"id":209,"type":210,"label":211,"file":149,"line":212},{"id":214,"type":215,"label":216,"file":149,"line":168,"wp_function":217},{"id":219,"type":210,"label":220,"file":149,"line":212},{"id":222,"type":215,"label":223,"file":149,"line":184,"wp_function":224},[239,240],{"from":209,"to":214,"sanitized":227},{"from":219,"to":222,"sanitized":227},{"summary":242,"deductions":243},"The \"meet-your-commenters\" plugin v1.2 presents a mixed security posture. While the static analysis indicates a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, this is overshadowed by significant concerns within its code.\n\nThe most critical issues stem from the lack of proper security checks and data handling. Specifically, none of the SQL queries use prepared statements, meaning there's a high risk of SQL injection vulnerabilities. Furthermore, a concerning 100% of output is not properly escaped, creating a strong potential for Cross-Site Scripting (XSS) attacks. The presence of two taint flows with unsanitized paths, identified as high severity, directly supports these risks. The plugin also lacks essential security measures like nonce checks and capability checks on its entry points (even though they are currently zero), which are fundamental for preventing unauthorized actions.\n\nThe plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive sign but does not negate the immediate code-level risks. The absence of past vulnerabilities might be due to the plugin's limited complexity or a lack of focused security auditing. In conclusion, while the plugin has minimal direct attack vectors exposed, the internal code quality is poor, with a high likelihood of exploitable vulnerabilities due to unescaped output and raw SQL queries. The lack of any security checks further exacerbates these weaknesses.",[244,247,250,252,254],{"reason":245,"points":246},"All SQL queries lack prepared statements",15,{"reason":248,"points":249},"100% of output not properly escaped",12,{"reason":251,"points":11},"Two high severity unsanitized taint flows",{"reason":253,"points":115},"No nonce checks implemented",{"reason":255,"points":115},"No capability checks implemented","2026-03-16T23:59:43.640Z",{"wat":258,"direct":267},{"assetPaths":259,"generatorPatterns":262,"scriptPaths":263,"versionParams":264},[260,261],"\u002Fwp-content\u002Fplugins\u002Fmeet-your-commenters\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmeet-your-commenters\u002Fjs\u002Fmeet-your-commenters.js",[],[261],[265,266],"meet-your-commenters\u002Fcss\u002Fstyle.css?ver=","meet-your-commenters\u002Fjs\u002Fmeet-your-commenters.js?ver=",{"cssClasses":268,"htmlComments":270,"htmlAttributes":271,"restEndpoints":272,"jsGlobals":273,"shortcodeOutput":274},[269],"textright",[],[],[],[],[]]