[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9lSqpFsvuZhmJyCR4Lkr8X2DaNh5gg5nqBMNb7SBVhM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":15,"requires_php":15,"tags":17,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":125,"fingerprints":185},"multisite-dashboard-broadcast","Multisite Dashboard Broadcast","0.1","mogita","https:\u002F\u002Fprofiles.wordpress.org\u002Fck65\u002F","\u003Cp>NOTE: ONLY works with multisite (aka WordPress Network) mode for now.\u003C\u002Fp>\n\u003Cp>A super-easy-to-use Multisite WordPress news broadcasting tool for the Super Admin of the Network.\u003C\u002Fp>\n\u003Cp>This plugin can be helpful for the Super Admins to push a notification, some kind of messages, even some Ads if they like, to every site admins who registered under your Multisite WordPress network. The added widget will go to the first place of all widgets, unless the site admins move it elsewhere.\u003C\u002Fp>\n\u003Cp>This is a very simple task but yet no plugins ever met my simple need, so I made one for myself, and hope it helps you too.\u003C\u002Fp>\n\u003Cp>Key Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a widget to every site admin’s dashboard (by Super Admin only)\u003C\u002Fli>\n\u003Cli>Support HTML content\u003C\u002Fli>\n\u003Cli>Comes at the top of all widgets\u003C\u002Fli>\n\u003Cli>Site admins can move or hide it as they wish\u003C\u002Fli>\n\u003Cli>Multi languages support (available in English and Chinese till now)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can find the configuration page at Manage Network -> Settings -> Dashbaord Broadcast.\u003C\u002Fp>\n","Place a widget on top of every site's dashboard under the same Multisite installation, containing whatever content the Super Admin writes.",10,2361,100,2,"","3.5.2",[18,19,20,21,22],"dashboard","multisite","network","widget","wpmu","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultisite-dashboard-broadcast\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-dashboard-broadcast.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"ck65",1,30,94,"2026-04-04T10:36:07.909Z",[36,54,73,92,108],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":25,"num_ratings":25,"last_updated":15,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":52,"download_link":53,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"network-sites-counts-dashboard-widget","Network Sites Counts Dashboard Widget","1.0.0","Michael Beckwith","https:\u002F\u002Fprofiles.wordpress.org\u002Ftw2113\u002F","\u003Cp>A new dashboard widget in your network admin dashboard will show total published and draft posts and pages across all the sites in your network, giving you a snapshot of the current status of your total content.\u003C\u002Fp>\n\u003Cp>Contribute \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftw2113\u002FNetwork-Sites-Counts-Dashboard-Widget\" rel=\"nofollow ugc\">on Github\u003C\u002Fa>.\u003C\u002Fp>\n","Display a list of post counts for all your sites in your network.",2069,"6.2.9","3.5.0","7.4",[49,50,19,20,51],"dashboard-widget","mu","post-count","https:\u002F\u002Fmichaelbox.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-sites-counts-dashboard-widget.1.0.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":13,"downloaded":62,"rating":13,"num_ratings":14,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":15,"tags":66,"homepage":69,"download_link":70,"security_score":71,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":72},"network-username-restrictions-override","Network Username Restrictions Override","1.3","Daniel Westermann-Clark","https:\u002F\u002Fprofiles.wordpress.org\u002Fdwc\u002F","\u003Cp>By default, WordPress network usernames cannot contain anything but lowercase letters and numbers. This plugin adds network options to let you include hyphens, underscores, or uppercase letters, if desired.\u003C\u002Fp>\n\u003Cp>Furthermore, this plugin gives you the option to allow email addresses as usernames, or to allow all-numeric usernames (e.g. “1234”).\u003C\u002Fp>\n\u003Cp>Finally, this plugin lets you override the minimum length for usernames (which defaults to four characters).\u003C\u002Fp>\n\u003Cp>To follow updates to this plugin, visit:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdanieltwc.com\u002F\u003C\u002Fp>\n\u003Cp>For help with this version, visit:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdanieltwc.com\u002F2011\u002Fnetwork-username-restrictions-override-1-0\u002F\u003C\u002Fp>\n","Override restrictions on WordPress network usernames.",10464,"2024-04-24T14:02:00.000Z","6.5.8","3.4",[67,68,19,20,22],"admin","authentication","https:\u002F\u002Fdanieltwc.com\u002F2011\u002Fnetwork-username-restrictions-override-1-0\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-username-restrictions-override.1.3.zip",92,"2026-03-15T15:16:48.613Z",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":25,"num_ratings":25,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":15,"tags":86,"homepage":89,"download_link":90,"security_score":91,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":72},"wpms-sidebar-login-widget","WPMS Sidebar Login Widget","1.9.4","Joshua Parker","https:\u002F\u002Fprofiles.wordpress.org\u002Fparkerj\u002F","\u003Cp>If you are running a WPMS (Multisite) blogging network, the issue with most login widgets that you add to the main site’s sidebar is that it doesn’t pull the user’s own blog info. That is why the WPMS Sidebar Login Widget was created. Instead of the user trying to remember the login page of their own site\u002Fblog, when a user logs into your main site, the widget will conveniently contain links to navigate to 3 different pages of the user’s blog: dashboard, new post page, and profile page.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Link to Network Admin page (only shows if user logged in is a super admin)\u003C\u002Fli>\n\u003Cli>Link to user’s dashboard\u003C\u002Fli>\n\u003Cli>Link to user’s new post page\u003C\u002Fli>\n\u003Cli>Link to user’s profile page\u003C\u002Fli>\n\u003Cli>Link to forums page\u003C\u002Fli>\n\u003Cli>Subblog registration detection\u003C\u002Fli>\n\u003Cli>Custom CSS settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To make sure it works, activate the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> plugin on the main site only to switch to a different user.\u003C\u002Fp>\n","Adds a sidebar widget to the main site of a WPMU\u002FWPMS install.",50,22785,"2012-02-19T04:23:00.000Z","3.3.2","2.8",[87,19,21,88,22],"login","wpms","http:\u002F\u002Fwww.7mediaws.org\u002Fblog\u002Fwpms_sidebar_login_widget.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpms-sidebar-login-widget.1.9.4.zip",85,{"slug":93,"name":94,"version":57,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":13,"num_ratings":31,"last_updated":15,"tested_up_to":101,"requires_at_least":102,"requires_php":15,"tags":103,"homepage":106,"download_link":107,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"sort-my-sites","Sort My Sites","Tryon Eggleston","https:\u002F\u002Fprofiles.wordpress.org\u002Ftryon\u002F","\u003Cp>Sort My Sites lets you change the ordering of the My Sites menu on the dashboard and in the admin bar.\u003C\u002Fp>\n\u003Cp>Options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sort by None, Site ID, Site Name, Domain, Site Path, Site URL\u003C\u002Fli>\n\u003Cli>Case Sensitive Sorting\u003C\u002Fli>\n\u003Cli>Keep the primary site at the top of the list\u003C\u002Fli>\n\u003C\u002Ful>\n","Sort My Sites lets you change the ordering of the My Sites menu on the dashboard and in the admin bar.",20,6135,"6.4.8","3.0",[19,104,20,105,22],"my-sites","sites","https:\u002F\u002Fgithub.com\u002Ftryonegg\u002Fsort-my-sites","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsort-my-sites.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":11,"downloaded":116,"rating":117,"num_ratings":31,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":15,"tags":121,"homepage":123,"download_link":124,"security_score":91,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":72},"meet-your-commenters","Meet Your Commenters","1.2","Artberri","https:\u002F\u002Fprofiles.wordpress.org\u002Fartberri\u002F","\u003Cp>When someone comments on your blog and writes a comment with his\u002Fher URL, is leaving more information than you think. This plugin displays web pages and profiles of those users in the dashboard, so you can add them as friends if you are in the same social network.\u003C\u002Fp>\n\u003Cp>This is possible thanks to the Google Social Graph API. The profiles are showed because the commenter claims them as its owner on his web linking them with \u003Ccode>rel=\"me\"\u003C\u002Fcode>. The ones which are with italic font are not reliable and they could not be of the user.\u003C\u002Fp>\n\u003Cp>Comments, questions and bug reports are welcome: \u003Ca href=\"http:\u002F\u002Fwww.berriart.com\u002Fmeet-your-commenters\u002F\" title=\"Meet Your Commenters\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.berriart.com\u002Fmeet-your-commenters\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Displays web pages and social networks' profiles of your commenters in the dashboard.",12189,80,"2010-06-27T23:13:00.000Z","3.0.5","2.5",[67,18,122,21],"social-networks","http:\u002F\u002Fwww.berriart.com\u002Fmeet-your-commenters\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeet-your-commenters.1.2.zip",{"attackSurface":126,"codeSignals":152,"taintFlows":175,"riskAssessment":176,"analyzedAt":184},{"hooks":127,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":25,"unprotectedCount":25},[128,134,138,141,145],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","init","broadcast_message_init","multisite-dashboard-broadcast.php",41,{"type":129,"name":135,"callback":136,"file":132,"line":137},"admin_menu","broadcast_message_plug_pages",42,{"type":129,"name":139,"callback":136,"file":132,"line":140},"network_admin_menu",43,{"type":129,"name":142,"callback":143,"file":132,"line":144},"wp_dashboard_setup","add_dashboard_widgets",44,{"type":129,"name":146,"callback":143,"file":132,"line":147},"wp_network_dashboard_setup",45,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":31,"bundledLibraries":174},[],{"prepared":25,"raw":25,"locations":155},[],{"escaped":25,"rawEcho":157,"locations":158},7,[159,162,164,166,168,170,172],{"file":132,"line":160,"context":161},60,"raw output",{"file":132,"line":163,"context":161},88,{"file":132,"line":165,"context":161},109,{"file":132,"line":167,"context":161},114,{"file":132,"line":169,"context":161},120,{"file":132,"line":171,"context":161},150,{"file":132,"line":173,"context":161},169,[],[],{"summary":177,"deductions":178},"The multisite-dashboard-broadcast plugin v0.1 exhibits a generally positive security posture based on the provided static analysis.  There are no identified dangerous functions, SQL queries are all prepared, and there are no file operations or external HTTP requests.  The absence of taint analysis findings and a clean vulnerability history further contribute to this positive outlook.  This suggests good coding practices and a lack of known exploitable issues.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 7 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed back to users without proper sanitization can be exploited to inject malicious scripts.  Additionally, the absence of nonce checks, while not directly linked to an unprotected entry point in this analysis, is a common security best practice that is missing. The single capability check is a positive sign but doesn't mitigate the XSS risk.\n\nGiven the lack of historical vulnerabilities and a seemingly small attack surface, the plugin's core functionality might be sound. However, the critical flaw in output escaping presents a substantial security risk that overshadows these strengths.  The plugin needs immediate attention to address the unescaped output to prevent potential XSS attacks.",[179,181],{"reason":180,"points":99},"No output escaping on 7 outputs",{"reason":182,"points":183},"No nonce checks implemented",5,"2026-03-16T23:27:13.175Z",{"wat":186,"direct":191},{"assetPaths":187,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[],[],[],[],{"cssClasses":192,"htmlComments":193,"htmlAttributes":194,"restEndpoints":197,"jsGlobals":198,"shortcodeOutput":200},[],[],[195,196],"id=\"broadcast_message_title\"","id=\"broadcast_message\"",[],[199],"window.location",[]]