[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGcDp87WiBabTT_d12opZmG0hPN0Mbng-4s_zc6o5Utg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":114},"multisite-post-reader","Multisite Post Reader","3.02","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Multisite Post Reader allows you to use a shortcode on a page\u002Fpost to display all posts from all sites in a multisite system. This allows you (as the SuperAdmin on network sites, or Admin on non-network sites) to monitor all posts on your multi-site system. Although meant for multisite systems by creating a page\u002Fpost on the ‘master’ site, it will also work on standalone sites. You could use it to display all posts for visitors. It will even work in a widget (although you would want to use some of the optional parameters to limit the post count and post length).\u003C\u002Fp>\n\u003Cp>If you are the SuperAdmin of the multisite, an ‘edit’ link will be shown on each post; shift-click to open in a new window\u002Ftab.\u003C\u002Fp>\n\u003Cp>A “Read more” link is provided for all posts.\u003C\u002Fp>\n\u003Cp>Each post has a clickable title, and also shows the date of the post.\u003C\u002Fp>\n","Use shortcodes on a page\u002Fpost to display\u002Fedit all posts from all multisite subsites.",20,5652,80,6,"2023-04-06T18:15:00.000Z","6.2.9","4.6","",[4],"http:\u002F\u002Fcellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-post-reader.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-04T07:22:55.243Z",[],{"attackSurface":37,"codeSignals":73,"taintFlows":103,"riskAssessment":104,"analyzedAt":113},{"hooks":38,"ajaxHandlers":64,"restRoutes":65,"shortcodes":66,"cronEvents":71,"entryPointCount":72,"unprotectedCount":23},[39,45,49,52,55,59],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_init","mpr_disable_plugin","multisite-post-reader.php",45,{"type":40,"name":46,"callback":47,"file":43,"line":48},"admin_notices","mpr_show_notice",46,{"type":40,"name":50,"callback":42,"file":43,"line":51},"network_admin_init",47,{"type":40,"name":53,"callback":47,"file":43,"line":54},"network_admin_notices",48,{"type":40,"name":56,"callback":57,"file":43,"line":58},"admin_menu","mpr_add_plugin_page",67,{"type":40,"name":60,"callback":61,"priority":62,"file":43,"line":63},"init","mpr_shortcodes_init",999,203,[],[],[67],{"tag":68,"callback":69,"file":43,"line":70},"mpr_display","mpr_setup_sites",197,[],1,{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":77,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":101,"bundledLibraries":102},[],{"prepared":23,"raw":23,"locations":76},[],{"escaped":23,"rawEcho":78,"locations":79},10,[80,83,85,87,89,91,93,95,97,99],{"file":43,"line":81,"context":82},86,"raw output",{"file":43,"line":84,"context":82},436,{"file":43,"line":86,"context":82},479,{"file":43,"line":88,"context":82},480,{"file":43,"line":90,"context":82},506,{"file":43,"line":92,"context":82},510,{"file":43,"line":94,"context":82},513,{"file":43,"line":96,"context":82},520,{"file":43,"line":98,"context":82},644,{"file":43,"line":100,"context":82},692,2,[],[],{"summary":105,"deductions":106},"The multisite-post-reader v3.02 plugin exhibits a mixed security posture. On the positive side, the plugin has no known vulnerabilities in its history, uses prepared statements exclusively for SQL queries, and avoids file operations and external HTTP requests. It also has a very small attack surface with no unprotected entry points identified in static analysis. However, there are significant concerns regarding output escaping, with 0% of its 10 identified outputs being properly escaped. This represents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as unescaped output can allow malicious code to be injected and executed within the user's browser.\n\nWhile the lack of known CVEs and critical taint flows is a strength, the complete absence of output escaping is a major weakness. The plugin's capability checks are present, but without proper output sanitization, these checks may not be sufficient to prevent XSS attacks if the data originates from untrusted sources. The absence of nonce checks, while not immediately problematic given the lack of AJAX handlers, is a general best practice that is overlooked here. In conclusion, while the plugin shows good practices in areas like SQL handling and attack surface management, the severe lack of output escaping poses a critical risk that significantly undermines its overall security.",[107,110],{"reason":108,"points":109},"0% output escaping",15,{"reason":111,"points":112},"No nonce checks",5,"2026-03-16T23:07:12.330Z",{"wat":115,"direct":122},{"assetPaths":116,"generatorPatterns":118,"scriptPaths":119,"versionParams":120},[117],"\u002Fwp-content\u002Fplugins\u002Fmultisite-post-reader\u002Fassets\u002Fbanner-1000x200.jpg",[],[],[121],"multisite-post-reader\u002Fstyle.css?ver=",{"cssClasses":123,"htmlComments":129,"htmlAttributes":153,"restEndpoints":160,"jsGlobals":161,"shortcodeOutput":162},[124,125,126,127,128],"mpr_header","mpr_shadow","mpr_options","mpr_sidebar","mpr_footer",[130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152],"Copyright (c) 2016-2019 by Rick Hellewell and CellarWeb.com","All Rights Reserved","This program is free software; you can redistribute it and\u002For modify","This program is distributed in the hope that it will be useful,","You should have received a copy of the GNU General Public License","not sure why this one is needed ...","Information about Multisite Post Reader from CellarWeb.com","Each grouping of posts has a clickable link to the subsite's home page.","There are shortcode options\u002Fparameters for (adjust the values for your needs):","show only the last 10 items (default all items, option used will be shown above each sites' posts group).","show only the last 4 days (default all dates, option used will be shown above each sites' picture group).","will select posts before the date. Note the required formatting for the date value. \u003Ci>Overridden if you select the 'days' parameter.\u003C\u002Fi>","will select posts after the date. Note the required formatting for the date value. \u003Ci>Overridden if you select the 'days' parameter.\u003C\u002Fi>","Suppress showing the date stamp of the post. (Default shows the datestamp.)","will show the post excerpt, using the current word count for excerpt. (default is the entire post). The previous \u003Cb>words\u003C\u002Fb> option now functions like \u003Cb>excerpt\u003C\u002Fb>.","show all posts, including drafts, scheduled, private; (default is  only published posts, option used will be shown above each sites' posts group). Each post will show it's current status after the post publish date. This allows you to see all types of posts, including scheduled posts.","do not show subsite info (id, path) (default is to show the site info)","do not show the selection criteria heading (default is to show selection criteria)","do not show subsites with no results (default=yes, will show 'none found' if no results for that subsite). Note that if a subsite does not have results, the subsite info (ID, path) will not be shown.","Show the horizontal rule between posts (default will not show horizontal rule).","show only site with site_id #1 and #3 (default is all sites). Numbers are the site ID number. Separate multiple site id numbers with a comma; do not include quote characters.","do not show sites with site_id of #2 and #4 (default is show all sites). Separate multiple site id numbers with a comma; do not include quote characters.","You can use both includesites\u002Fexcludesites parame",[154,155,156,157,158,159],"class='mpr_header'","width=\"95%\"","class='mpr_shadow'","class=\"mpr_options\"","class='mpr_sidebar'","class=\"mpr_footer\"",[],[],[163],"[mpr_display]"]