[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDX61bygQoHUn4fwvIN441KEQrKJeiorhcXyX_luapmo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":34,"fingerprints":253},"mz-post-and-page-excerpts-widgets","MZ Post and Page Excerpts Widgets","1.2","maztch","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaztch\u002F","\u003Cp>Creates widgets that display content excerpts or excerpts from posts or pages in the sidebar.\u003Cbr \u002F>\nYou may use ‘more’ links, show featured image, set excerpt length of the post or page.\u003C\u002Fp>\n\u003Cp>This also adds an excerpt field to your pages like posts have.\u003C\u002Fp>\n\u003Cp>You can show content excerpt, the excerpt or both.\u003C\u002Fp>\n\u003Cp>Option to highlight the output added.\u003C\u002Fp>\n\u003Ch3>MZ Post and Page Excerpts Widgets Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Shows posts excerpts.\u003C\u002Fli>\n\u003Cli>Shows pages excerpts.\u003C\u002Fli>\n\u003Cli>Shows posts content excerpts.\u003C\u002Fli>\n\u003Cli>Shows pages content excerpts.\u003C\u002Fli>\n\u003Cli>The excerpts length can be customized.\u003C\u002Fli>\n\u003Cli>The featured image can be displayed.\u003C\u002Fli>\n\u003Cli>Read more text can be customized.\u003C\u002Fli>\n\u003Cli>Add page excerpt like posts have.\u003C\u002Fli>\n\u003C\u002Ful>\n","Creates widgets that display excerpts from posts or pages in the sidebar.",10,2360,0,"2013-08-09T15:12:00.000Z","3.6.1","3.0","",[19,20,21],"page-excerpts","post-and-page-excerpts-widgets","post-excerpts","http:\u002F\u002Fmaztch.es\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmz-post-and-page-excerpts-widgets.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T17:04:18.951Z",[],{"attackSurface":35,"codeSignals":61,"taintFlows":238,"riskAssessment":239,"analyzedAt":252},{"hooks":36,"ajaxHandlers":57,"restRoutes":58,"shortcodes":59,"cronEvents":60,"entryPointCount":13,"unprotectedCount":13},[37,43,47,49,53],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","wp_enqueue_scripts","mz_posts_pages_style","mz-post-and-page-excerpts-widgets.php",17,{"type":38,"name":44,"callback":45,"file":41,"line":46},"widgets_init","anonymous",26,{"type":38,"name":44,"callback":45,"file":41,"line":48},32,{"type":38,"name":50,"callback":51,"file":41,"line":52},"edit_page_form","mz_add_box",36,{"type":38,"name":54,"callback":55,"file":41,"line":56},"init","mz_init",37,[],[],[],[],{"dangerousFunctions":62,"sqlUsage":68,"outputEscaping":70,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":237},[63,66],{"fn":64,"file":41,"line":46,"context":65},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget( \"mz_post_widget\" );' ) );",{"fn":64,"file":41,"line":48,"context":67},"add_action( 'widgets_init', create_function( '', 'register_widget( \"mz_page_widget\" );' ) );",{"prepared":13,"raw":13,"locations":69},[],{"escaped":71,"rawEcho":72,"locations":73},22,99,[74,78,80,82,84,86,88,90,92,94,96,98,100,102,103,105,107,108,110,111,113,115,116,118,120,121,123,125,126,128,130,131,133,135,136,138,140,141,143,145,146,148,150,151,153,155,156,158,160,161,163,165,166,167,168,169,170,171,172,173,174,175,177,179,180,182,184,185,187,188,190,192,193,195,197,198,200,202,203,205,206,207,209,211,212,214,216,217,219,221,222,224,226,227,229,231,232,234,236],{"file":75,"line":76,"context":77},"mz-page-widget.php",42,"raw output",{"file":75,"line":79,"context":77},44,{"file":75,"line":81,"context":77},48,{"file":75,"line":83,"context":77},54,{"file":75,"line":85,"context":77},55,{"file":75,"line":87,"context":77},60,{"file":75,"line":89,"context":77},64,{"file":75,"line":91,"context":77},68,{"file":75,"line":93,"context":77},72,{"file":75,"line":95,"context":77},74,{"file":75,"line":97,"context":77},81,{"file":75,"line":99,"context":77},176,{"file":75,"line":101,"context":77},177,{"file":75,"line":101,"context":77},{"file":75,"line":104,"context":77},181,{"file":75,"line":106,"context":77},182,{"file":75,"line":106,"context":77},{"file":75,"line":109,"context":77},190,{"file":75,"line":109,"context":77},{"file":75,"line":112,"context":77},195,{"file":75,"line":114,"context":77},196,{"file":75,"line":114,"context":77},{"file":75,"line":117,"context":77},202,{"file":75,"line":119,"context":77},203,{"file":75,"line":119,"context":77},{"file":75,"line":122,"context":77},209,{"file":75,"line":124,"context":77},210,{"file":75,"line":124,"context":77},{"file":75,"line":127,"context":77},216,{"file":75,"line":129,"context":77},217,{"file":75,"line":129,"context":77},{"file":75,"line":132,"context":77},220,{"file":75,"line":134,"context":77},221,{"file":75,"line":134,"context":77},{"file":75,"line":137,"context":77},227,{"file":75,"line":139,"context":77},228,{"file":75,"line":139,"context":77},{"file":75,"line":142,"context":77},236,{"file":75,"line":144,"context":77},237,{"file":75,"line":144,"context":77},{"file":75,"line":147,"context":77},246,{"file":75,"line":149,"context":77},247,{"file":75,"line":149,"context":77},{"file":75,"line":152,"context":77},251,{"file":75,"line":154,"context":77},252,{"file":75,"line":154,"context":77},{"file":75,"line":157,"context":77},258,{"file":75,"line":159,"context":77},259,{"file":75,"line":159,"context":77},{"file":41,"line":162,"context":77},49,{"file":164,"line":76,"context":77},"mz-post-widget.php",{"file":164,"line":79,"context":77},{"file":164,"line":81,"context":77},{"file":164,"line":83,"context":77},{"file":164,"line":85,"context":77},{"file":164,"line":87,"context":77},{"file":164,"line":89,"context":77},{"file":164,"line":91,"context":77},{"file":164,"line":93,"context":77},{"file":164,"line":95,"context":77},{"file":164,"line":97,"context":77},{"file":164,"line":176,"context":77},179,{"file":164,"line":178,"context":77},180,{"file":164,"line":178,"context":77},{"file":164,"line":181,"context":77},184,{"file":164,"line":183,"context":77},185,{"file":164,"line":183,"context":77},{"file":164,"line":186,"context":77},193,{"file":164,"line":186,"context":77},{"file":164,"line":189,"context":77},198,{"file":164,"line":191,"context":77},199,{"file":164,"line":191,"context":77},{"file":164,"line":194,"context":77},205,{"file":164,"line":196,"context":77},206,{"file":164,"line":196,"context":77},{"file":164,"line":199,"context":77},212,{"file":164,"line":201,"context":77},213,{"file":164,"line":201,"context":77},{"file":164,"line":204,"context":77},219,{"file":164,"line":132,"context":77},{"file":164,"line":132,"context":77},{"file":164,"line":208,"context":77},223,{"file":164,"line":210,"context":77},224,{"file":164,"line":210,"context":77},{"file":164,"line":213,"context":77},230,{"file":164,"line":215,"context":77},231,{"file":164,"line":215,"context":77},{"file":164,"line":218,"context":77},239,{"file":164,"line":220,"context":77},240,{"file":164,"line":220,"context":77},{"file":164,"line":223,"context":77},249,{"file":164,"line":225,"context":77},250,{"file":164,"line":225,"context":77},{"file":164,"line":228,"context":77},254,{"file":164,"line":230,"context":77},255,{"file":164,"line":230,"context":77},{"file":164,"line":233,"context":77},261,{"file":164,"line":235,"context":77},262,{"file":164,"line":235,"context":77},[],[],{"summary":240,"deductions":241},"The \"mz-post-and-page-excerpts-widgets\" plugin version 1.2 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities in its history, suggesting a generally stable and well-maintained codebase. The static analysis reveals a minimal attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces the potential for external exploitation. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, indicating good practices in these areas.\n\nHowever, there are significant concerns regarding code quality and security implementation. The presence of two \"dangerous functions\" (create_function), even if not directly exposed in the current analysis, is a red flag. More critically, only 18% of output is properly escaped. This low percentage suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website content or administration area. The absence of nonce checks and capability checks on any potential entry points, coupled with the lack of taint analysis data, further amplifies these risks, as there are no explicit protections against CSRF or unauthorized access if any vulnerabilities are present.\n\nIn conclusion, while the plugin benefits from a lack of historical vulnerabilities and a small attack surface, the high rate of unescaped output and the use of dangerous functions represent substantial security weaknesses that could lead to significant risks, particularly XSS attacks. The lack of taint analysis and protection mechanisms like nonces means that even minor coding errors could be exploited.",[242,245,248,250],{"reason":243,"points":244},"High percentage of unescaped output",7,{"reason":246,"points":247},"Presence of dangerous functions (create_function)",5,{"reason":249,"points":247},"No nonce checks on potential entry points",{"reason":251,"points":247},"No capability checks on potential entry points","2026-03-16T23:42:38.842Z",{"wat":254,"direct":261},{"assetPaths":255,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[256],"\u002Fwp-content\u002Fplugins\u002Fmz-post-and-page-excerpts-widgets\u002Fcss\u002Fstyles.css",[],[],[260],"\u002Fwp-content\u002Fplugins\u002Fmz-post-and-page-excerpts-widgets\u002Fcss\u002Fstyles.css?ver=",{"cssClasses":262,"htmlComments":263,"htmlAttributes":264,"restEndpoints":265,"jsGlobals":266,"shortcodeOutput":267},[],[],[],[],[],[]]