[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmWw2OGPX2DDx23BHlkOarhpA2cztFPsKips8xuXlMzM":3,"$fqcvDtilROfkv3KmoB0HQ19-g6iUytkfdTrrHB4vMfuA":273,"$f36e2ixJeiFjxqTfnFK-GgDT9lFZB6EVdjjdz-C-YWxk":278},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":138,"fingerprints":258},"nofollow-links-in-posts","Nofollow Links in Posts","1.1.1","Asad Zulfahri","https:\u002F\u002Fprofiles.wordpress.org\u002Fibnuasad\u002F","\u003Cp>Nofollow Links in Posts plugin enables you to add the “nofollow” attribute into links in a post within a specified category. This plugin\u003Cbr \u002F>\nis useful if you are doing sponsored posts. You can set the plugin to add the “nofollow” attribute for posts older than “X” days.\u003C\u002Fp>\n","Adds the rel=\"nofollow\" to links in posts within a selected category. Useful for sponsored posts.",10,11884,0,"2008-12-13T04:32:00.000Z","2.7","2.5","",[19,20,21,22,23],"link","links","nofollow","post","sponsored","http:\u002F\u002Fwww.themiak.com\u002Fwp-plugins\u002Fnofollow-links-in-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnofollow-links-in-posts.1.1.1.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ibnuasad",1,30,84,"2026-05-20T07:23:03.921Z",[38,51,77,95,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":10,"active_installs":11,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":47,"requires_php":17,"tags":48,"homepage":49,"download_link":50,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"nolip-nofollow-links-in-posts-reborn","NoLiP – Nofollow Links in Posts Reborn","2.0","patrickcurl","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatrickcurl\u002F","\u003Cp>The NoLiP plugin enables you to add the “nofollow” attribute into links in a post within a specified category. This plugin is useful if you are doing sponsored posts. You can set the plugin to add the “nofollow” attribute for posts older than “X” days.\u003C\u002Fp>\n\u003Cp>Originally the Nofollow Links in Post Plugin found here:\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.themiak.com\u002Fwp-plugins\u002Fnofollow-links-in-posts\u002F\u003C\u002Fp>\n",4785,"2009-06-25T01:03:00.000Z","2.8",[19,20,21,22,23],"http:\u002F\u002Fwww.theresabloginmysoup.com\u002Fwordpress-plugins\u002Fnolip\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnolip-nofollow-links-in-posts-reborn.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":17,"download_link":73,"security_score":74,"vuln_count":75,"unpatched_count":13,"last_vuln_date":76,"fetched_at":28},"mww-disclaimer-buttons","MWW Disclaimer Buttons","3.51","Jennifer Moss","https:\u002F\u002Fprofiles.wordpress.org\u002Fmossifer\u002F","\u003Cp>For bloggers\u002Fcontent creators that accept free products or compensation for reviews, or use affiliate links, the FTC requires that you put disclosures at the top of any post or page.\u003C\u002Fp>\n\u003Cp>This plugin creates an options box in the POST or PAGE editor for you to add each of these buttons to your post without having to include it in post text.\u003C\u002Fp>\n\u003Cp>[Affiliate Links] – Blogger makes money when someone clicks on link and purchases product from 3rd party vendor.\u003C\u002Fp>\n\u003Cp>[PR Sample] – Free product was received by blogger in exchange for a review and\u002For post.\u003C\u002Fp>\n\u003Cp>[Sponsored] – Blogger was paid directly for the post\u002Fpage.\u003C\u002Fp>\n\u003Cp>The disclaimer buttons appear below the title and above the text on a single post or page–they do not appear on excerpts nor your RSS feed.\u003C\u002Fp>\n\u003Ch3>Markdown\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Admin Page for entering disclaimer URL\u003C\u002Fli>\n\u003Cli>Settings box on post page\u003C\u002Fli>\n\u003Cli>Appends buttons to the_content() (post text) on single post or page only.\u003C\u002Fli>\n\u003C\u002Fol>\n","The FTC requires that you put disclosures at the top of your post if you were compensated in any way (affiliate links, free products, or payment).",500,14488,100,3,"2026-03-23T23:49:00.000Z","6.9.4","4.2","7.0",[68,69,70,71,72],"affiliate-links","disclaimers","disclosures","pr-samples","sponsored-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmww-disclaimer-buttons.3.51.zip",98,2,"2025-09-26 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":61,"num_ratings":87,"last_updated":88,"tested_up_to":64,"requires_at_least":89,"requires_php":66,"tags":90,"homepage":93,"download_link":94,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"affiliate-link-marker","Affiliate Link Marker","1.0.9","Johannes Kinast","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoaroundagain\u002F","\u003Cp>A WordPress Plugin to mark your Affiliate Links with a \u003Ccode>*\u003C\u002Fcode>, add \u003Ccode>rel=\"nofollow sponsored noopener\"\u003C\u002Fcode> to affiliate links and attach a disclosure at the end of every post which contains at least one affiliate link.\u003C\u002Fp>\n\u003Cp>You can manage your own list of affiliate tracking domains or URL parts (used to detect affiliate links) and change the disclosure text.\u003C\u002Fp>\n\u003Cp>Works great with Multisites. If activated networkwide, you can manage your affiliate domains from your Network Admin Area and the disclosure (e.g. translated) for every single page.\u003C\u002Fp>\n\u003Cp>The following Affiliate Networks with the corresponding tracking domains are supported out of the box (but you can add your own or remove unused):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Amazon PartnerNet \u003Ccode>amazon\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Webgains \u003Ccode>track.webgains.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>AWIN \u003Ccode>awin1.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>financeAds \u003Ccode>financeads.net\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Performance Horizon\u002FPartnerize \u003Ccode>prf.hn\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Belboon \u003Ccode>belboon.de\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Tradedoubler \u003Ccode>tradedoubler.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Adcell \u003Ccode>adcell.de\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>TradeTracker \u003Ccode>tc.tradetracker.net\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Daisycon \u003Ccode>ds1.nl\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>ShareASale \u003Ccode>shareasale.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>CJ.com \u003Ccode>jdoqocy.com\u003C\u002Fcode> \u003Ccode>tkqlhce.com\u003C\u002Fcode> \u003Ccode>anrdoezrs.net\u003C\u002Fcode> \u003Ccode>dpbolvw.net\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>FinanceQuality \u003Ccode>l.neqty.net\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Target Circle \u003Ccode>c.trackmytarget.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>NetAffiliation \u003Ccode>action.metaffiliation.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Selecdoo \u003Ccode>work.selecdoo.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Viglink \u003Ccode>viglink.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>eBay Partner Network \u003Ccode>rover.ebay.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Groupon Partner Network \u003Ccode>t.groupon\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Saturn + Media Markt Private Network \u003Ccode>pvn.mediamarkt.de\u003C\u002Fcode> \u003Ccode>pvn.saturn.de\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>StackCommerce \u003Ccode>stacksocial.com\u003C\u002Fcode> \u003Ccode>citizengoods.com\u003C\u002Fcode> \u003Ccode>skillwise.com\u003C\u002Fcode> \u003Ccode>joyus.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n","Mark your Affiliate Links with a *, add rel=\"nofollow sponsored noopener\" to affiliate links and attach a disclosure at the end of e &hellip;",400,5946,6,"2025-12-05T12:51:00.000Z","4.6",[91,20,92,21,23],"affiliate","multisite","https:\u002F\u002Fgo-around.de\u002Fplugin\u002Faffiliate-marker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliate-link-marker.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":64,"requires_at_least":65,"requires_php":108,"tags":109,"homepage":114,"download_link":115,"security_score":116,"vuln_count":62,"unpatched_count":13,"last_vuln_date":117,"fetched_at":28},"wp-external-links","External Links – nofollow, noopener & new window","2.64","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Cstrong>Manage all external & internal links on your site\u003C\u002Fstrong>. Control icons, nofollow, noopener, ugc (User Generated Content), sponsored and if links open in new window or new tab.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwplinks.com\u002F\" rel=\"nofollow ugc\">WP Links\u003C\u002Fa> plugin was completely rebuilt in v2 and has lots of new features, like noopener, ugc and sponsored values for rel; font icons, internal links options and full WPMU support.\u003C\u002Fp>\n\u003Ch4>Link Scanner – PRO feature\u003C\u002Fh4>\n\u003Cp>Check every single link on your site! See if it’s broken or not, if it’s redirected, what’s the target and rel attribute and what page exactly it’s linking to. This feature is a part of the \u003Ca href=\"https:\u002F\u002Fgetwplinks.com\u002F\" rel=\"nofollow ugc\">WP Links PRO\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Manage external and internal links\u003C\u002Fli>\n\u003Cli>Open links in new window or tab\u003C\u002Fli>\n\u003Cli>Add follow or nofollow (for SEO)\u003C\u002Fli>\n\u003Cli>Add noopener and noreferrer (for security)\u003C\u002Fli>\n\u003Cli>Add ugc (User Generated Content) and sponsored values to rel (\u003Ca href=\"https:\u002F\u002Fwebmasters.googleblog.com\u002F2019\u002F09\u002Fevolving-nofollow-new-ways-to-identify.html\" rel=\"nofollow ugc\">Google announcement\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Add link icons (FontAwesome and Dashicons)\u003C\u002Fli>\n\u003Cli>Set other attributes like title and CSS classes\u003C\u002Fli>\n\u003Cli>Scan complete page (or just posts, comments, widgets)\u003C\u002Fli>\n\u003Cli>SEO friendly\u003C\u002Fli>\n\u003Cli>Link Scanner – check all links on your site – PRO feature\u003C\u002Fli>\n\u003Cli>Exit Confirmation – protect visitors and traffic when external links are clicked – PRO feature\u003C\u002Fli>\n\u003Cli>Link Rules – create advanced link rules for chosen link groups – PRO feature\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>And more…\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Network Settings (WPMU support)\u003C\u002Fli>\n\u003Cli>Use template tag to apply plugin settings on specific contents\u003C\u002Fli>\n\u003Cli>Set data-attribute to change how individual links will be treated\u003C\u002Fli>\n\u003Cli>Use built-in actions and filters to implement your specific needs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>After activating you can set all options for external and internal links on the plugins admin page.\u003C\u002Fp>\n\u003Ch4>On the fly\u003C\u002Fh4>\n\u003Cp>The plugin filters the output and changes the links on the fly. The real contents (posts, pages, widget etcetera) will not be changed in the database.\u003Cbr \u002F>\nWhen deactivating the plugin, all contents will be the same as it was before.\u003C\u002Fp>\n\u003Ch4>GDPR compatibility\u003C\u002Fh4>\n\u003Cp>We are not lawyers. Please do not take any of the following as legal advice.\u003Cbr \u002F>\nWP External Links does not track, collect or process any user data. Nothing is logged or pushed to any 3rd parties. We also don’t use any 3rd party services or CDNs. Based on that, we feel it’s GDPR compatible, but again, please, don’t take this as legal advice.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like the plugin?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fwp-external-links\" rel=\"ugc\">Rate it\u003C\u002Fa> to support the development.\u003C\u002Fp>\n\u003Cp>If you’re having \u003Cstrong>problems with SSL or HTTPS\u003C\u002Fstrong> try our free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-force-ssl\u002F\" rel=\"ugc\">WP Force SSL\u003C\u002Fa> plugin. It’s a great way to enable SSL and fix SSL problems.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>After activating you can set all options for external and internal links.\u003C\u002Fp>\n\u003Ch4>Data attribute “data-wpel-link”\u003C\u002Fh4>\n\u003Cp>Links being processed by this plugin will also contain the data-attribute \u003Ccode>data-wpel-link\u003C\u002Fcode>.\u003Cbr \u002F>\nThe plugin could set the value to \u003Ccode>external\u003C\u002Fcode>, \u003Ccode>internal\u003C\u002Fcode> or \u003Ccode>exclude\u003C\u002Fcode>, meaning how the\u003Cbr \u002F>\nlink was processed.\u003C\u002Fp>\n\u003Cp>You can also set the data-attribute yourself. This way you can force how the plugin will process\u003Cbr \u002F>\ncertain links.\u003C\u002Fp>\n\u003Cp>When you add the value \u003Ccode>ignore\u003C\u002Fcode>, the link will be completely ignored by the plugin:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"http:\u002F\u002Fsomedomain.com\" data-wpel-link=\"ignore\">Go to somedomain\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Action “wpel_link”\u003C\u002Fh4>\n\u003Cp>Use this action to change the link object after all plugin settings have been applied.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action( 'wpel_link', ( $link_object ) {\n    if ( $link_object->is_external() ) {\n        \u002F\u002F get current url\n        $url = $link_object->getAttribute( 'href' );\n\n        \u002F\u002F set redirect url\n        $redirect_url = '\u002F\u002Fsomedom.com?url='. urlencode( $url );\n        $link_object->setAttribute( 'href', $redirect_url );\n    }\n}, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The link object is an instance of \u003Ccode>WPEL_Link\u003C\u002Fcode> class.\u003C\u002Fp>\n\u003Ch4>Action hook “wpel_before_apply_link”\u003C\u002Fh4>\n\u003Cp>Use this action to change the link object before the plugin settings will be applied on the link.\u003Cbr \u002F>\nYou can use this filter f.e. to ignore individual links from being processed. Or change dynamically how\u003Cbr \u002F>\nthey will be treated by this plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action( 'wpel_before_apply_link', function ( $link ) {\n    \u002F\u002F ignore links with class \"some-cls\"\n    if ( $link->has_attr_value( 'class', 'some-cls' ) ) {\n        $link->set_ignore();\n    }\n\n    \u002F\u002F mark and treat links with class \"ext-cls\" as external link\n    if ( $link->has_attr_value( 'class', 'ext-cls' ) ) {\n        $link->set_external();\n    }\n}, 10 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter hook “wpel_apply_settings”\u003C\u002Fh4>\n\u003Cp>When filter returns false the plugin settings will not be applied. Can be used when f.e. certain posts or pages should be ignored by this plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'wpel_apply_settings', '__return_false' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-external-links\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info.\u003C\u002Fp>\n","Internal links & external links manager: open in new window or tab, control nofollow, ugc, sponsored & noopener. SEO friendly.",90000,1682418,86,247,"2026-03-25T19:48:00.000Z","7.2",[110,111,112,21,113],"external-links","new-tab","new-window","noopener","https:\u002F\u002Fgetwplinks.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-external-links.2.64.zip",99,"2023-03-08 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":64,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":136,"download_link":137,"security_score":61,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"raratheme-companion","RaraTheme Companion","1.4.4","Rara Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fraratheme\u002F","\u003Cp>RaraTheme Companion is truly a must have companion for your website. It provides 23 useful and frequently used widgets that you can add to the sidebars to create an engaging website.\u003C\u002Fp>\n\u003Ch3>Widgets offered\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Advertisement\u003C\u002Fli>\n\u003Cli>A Featured Page\u003C\u002Fli>\n\u003Cli>Author Bio\u003C\u002Fli>\n\u003Cli>Call to Action\u003C\u002Fli>\n\u003Cli>Client Logo\u003C\u002Fli>\n\u003Cli>Contact\u003C\u002Fli>\n\u003Cli>Custom Categories\u003C\u002Fli>\n\u003Cli>Facebook Page\u003C\u002Fli>\n\u003Cli>FAQs\u003C\u002Fli>\n\u003Cli>Featured Post\u003C\u002Fli>\n\u003Cli>Icon Text\u003C\u002Fli>\n\u003Cli>Image Text\u003C\u002Fli>\n\u003Cli>Image\u003C\u002Fli>\n\u003Cli>Latest Tweets\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Popular Post\u003C\u002Fli>\n\u003Cli>Posts Category Slider\u003C\u002Fli>\n\u003Cli>Recent Post\u003C\u002Fli>\n\u003Cli>Snapchat\u003C\u002Fli>\n\u003Cli>Social Media\u003C\u002Fli>\n\u003Cli>Stat Counter\u003C\u002Fli>\n\u003Cli>Team Member\u003C\u002Fli>\n\u003Cli>Testimonial\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The plugin works best with themes developed by Rara Theme.\u003C\u002Fp>\n\u003Cp>The plugin also provides simple yet clean code which allows developers to overwrite the plugin properties. The plugin offers a multiple numbers of filters and action hooks which for maximum flexibility to the developers.\u003C\u002Fp>\n","23 extremely useful custom widgets to create an engaging website.",10000,500140,"2026-01-06T05:43:00.000Z","4.4.0","7.4",[132,133,134,135],"posts","sidebars","social-links","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fraratheme-companion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraratheme-companion.1.4.4.zip",{"attackSurface":139,"codeSignals":172,"taintFlows":206,"riskAssessment":246,"analyzedAt":257},{"hooks":140,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":13,"unprotectedCount":13},[141,147,151,155,158,162,165],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","the_content","make_nofollow_links","nofollow-links-in-posts.php",119,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_menu","add_makenofollowoption_page",144,{"type":142,"name":152,"callback":153,"file":145,"line":154},"edit_form_advanced","advanced_makefollow",467,{"type":142,"name":156,"callback":153,"file":145,"line":157},"dbx_post_advanced",469,{"type":142,"name":159,"callback":160,"file":145,"line":161},"edit_post","nofollow2posts",474,{"type":142,"name":163,"callback":160,"file":145,"line":164},"publish_post",475,{"type":142,"name":166,"callback":160,"file":145,"line":167},"save_post",476,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":182,"outputEscaping":184,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":205},[174,178,180],{"fn":175,"file":145,"line":176,"context":177},"unserialize",46,"$added_no_follow_cats = !is_array($added_no_follow_cats)?unserialize($added_no_follow_cats):$added_n",{"fn":175,"file":145,"line":179,"context":177},177,{"fn":175,"file":145,"line":181,"context":177},213,{"prepared":13,"raw":13,"locations":183},[],{"escaped":13,"rawEcho":185,"locations":186},9,[187,190,192,194,196,198,199,201,203],{"file":145,"line":188,"context":189},123,"raw output",{"file":145,"line":191,"context":189},132,{"file":145,"line":193,"context":189},322,{"file":145,"line":195,"context":189},326,{"file":145,"line":197,"context":189},332,{"file":145,"line":197,"context":189},{"file":145,"line":200,"context":189},343,{"file":145,"line":202,"context":189},366,{"file":145,"line":204,"context":189},368,[],[207,234],{"entryPoint":208,"graph":209,"unsanitizedCount":75,"severity":233},"display_makenofollow_settings (nofollow-links-in-posts.php:156)",{"nodes":210,"edges":229},[211,216,221,225],{"id":212,"type":213,"label":214,"file":145,"line":215},"n0","source","$_POST['older_than_days']",163,{"id":217,"type":218,"label":219,"file":145,"line":215,"wp_function":220},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":222,"type":213,"label":223,"file":145,"line":224},"n2","$_SERVER",158,{"id":226,"type":218,"label":227,"file":145,"line":204,"wp_function":228},"n3","echo() [XSS]","echo",[230,232],{"from":212,"to":217,"sanitized":231},false,{"from":222,"to":226,"sanitized":231},"medium",{"entryPoint":235,"graph":236,"unsanitizedCount":75,"severity":245},"\u003Cnofollow-links-in-posts> (nofollow-links-in-posts.php:0)",{"nodes":237,"edges":242},[238,239,240,241],{"id":212,"type":213,"label":214,"file":145,"line":215},{"id":217,"type":218,"label":219,"file":145,"line":215,"wp_function":220},{"id":222,"type":213,"label":223,"file":145,"line":224},{"id":226,"type":218,"label":227,"file":145,"line":204,"wp_function":228},[243,244],{"from":212,"to":217,"sanitized":231},{"from":222,"to":226,"sanitized":231},"low",{"summary":247,"deductions":248},"The nofollow-links-in-posts plugin v1.1.1 exhibits a concerning security posture despite having no recorded historical vulnerabilities or critical taint analysis findings.  The static analysis reveals significant weaknesses, most notably the presence of three instances of the `unserialize` function, which is notoriously dangerous if used with untrusted input. Compounding this, 100% of its output is not properly escaped, meaning any data processed by the plugin could be rendered in a way that leads to cross-site scripting (XSS) vulnerabilities.  The lack of any authorization checks on entry points, while the attack surface appears minimal at 0, still leaves room for potential issues if functionality is added later without proper checks.\n\nWhile the plugin has no known CVEs and uses prepared statements for its SQL queries, these strengths are overshadowed by the critical risks introduced by `unserialize` and unescaped output. The absence of vulnerability history is a positive sign, but it does not negate the inherent dangers identified in the current codebase. The plugin's strengths lie in its adherence to prepared statements and lack of external dependencies or file operations. However, the identified code signals present immediate and severe risks that require attention before this plugin can be considered secure.",[249,252,255],{"reason":250,"points":251},"Presence of dangerous unserialize function",15,{"reason":253,"points":254},"100% of output not properly escaped",8,{"reason":256,"points":62},"0 unprotected entry points (potential future risk)","2026-04-16T12:42:42.031Z",{"wat":259,"direct":266},{"assetPaths":260,"generatorPatterns":262,"scriptPaths":263,"versionParams":264},[261],"\u002Fwp-content\u002Fplugins\u002Fnofollow-links-in-posts\u002Fcss\u002Fstyle.css",[],[],[265],"nofollow-links-in-posts\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":267,"htmlComments":268,"htmlAttributes":269,"restEndpoints":270,"jsGlobals":271,"shortcodeOutput":272},[],[],[],[],[],[],{"error":274,"url":275,"statusCode":276,"statusMessage":277,"message":277},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnofollow-links-in-posts\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":62,"versions":279},[280,285,292],{"version":6,"download_url":25,"svn_tag_url":281,"released_at":27,"has_diff":231,"diff_files_changed":282,"diff_lines":27,"trac_diff_url":283,"vulnerabilities":284,"is_current":274},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnofollow-links-in-posts\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnofollow-links-in-posts%2Ftags%2F1.1&new_path=%2Fnofollow-links-in-posts%2Ftags%2F1.1.1",[],{"version":286,"download_url":287,"svn_tag_url":288,"released_at":27,"has_diff":231,"diff_files_changed":289,"diff_lines":27,"trac_diff_url":290,"vulnerabilities":291,"is_current":231},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnofollow-links-in-posts.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnofollow-links-in-posts\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnofollow-links-in-posts%2Ftags%2F1.0&new_path=%2Fnofollow-links-in-posts%2Ftags%2F1.1",[],{"version":293,"download_url":294,"svn_tag_url":295,"released_at":27,"has_diff":231,"diff_files_changed":296,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":297,"is_current":231},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnofollow-links-in-posts.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnofollow-links-in-posts\u002Ftags\u002F1.0\u002F",[],[]]