[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-ymdUNXeuXES7fkYg9ysjx7fSLBF7UXPjkW25vCUOVI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":118,"fingerprints":249},"paldrop-dropbox-shop","PalDrop Dropbox Shop","3.2.0","tradebit","https:\u002F\u002Fprofiles.wordpress.org\u002Ftradebit\u002F","\u003Cp>The fastest way to sell files hosted on Dropbox! With this plugin you will get:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a free Paldrop merchant account (for up to 10 registered products)\u003C\u002Fli>\n\u003Cli>an integrated button in your admin panel to fire up the member area\u003C\u002Fli>\n\u003Cli>a sidebar widget, that links with your ID to paldrop and lists your products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Paldrop.com is the standard way to sell files hosted on Dropbox and gives you\u003Cbr \u002F>\naccess to \u003Cstrong>millions of legal digital goods\u003C\u002Fstrong> that you may additionally add to your\u003Cbr \u002F>\nblog.\u003C\u002Fp>\n\u003Cp>Read more about the \u003Ca href=\"http:\u002F\u002Fwww.paldrop.com\u002F\" title=\"Downloads\" rel=\"nofollow ugc\">Paldrop features\u003C\u002Fa>\u003Cbr \u002F>\nhere. The current version provides English accounts and will be enhanced to\u003Cbr \u002F>\nother languages down the road.\u003C\u002Fp>\n","PalDrop allows you to add a simple and fast payment button for your Dropbox files! It combines your Paypal email with your Dropbox account and enables …",10,2826,0,"","3.3.2","2.7.0",[18,19,20],"admin","links","widget","http:\u002F\u002Fwww.paldrop.com\u002Fwordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaldrop-dropbox-shop.3.2.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":29,"trust_score":31,"computed_at":32},3,30,95,91,"2026-04-04T16:12:35.733Z",[34,55,73,90,108],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":23,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"dashboard-quick-link-widget","Dashboard quick links widget","1.6.0","Hem Thapa","https:\u002F\u002Fprofiles.wordpress.org\u002Fhemthapa\u002F","\u003Cp>A lightweight plugin to allows admins to create an admin dashboard widget with frequently accessed links for quick access.\u003C\u002Fp>\n\u003Cp>I originally developed this plugin after spending hours creating client\u002Fuser documentation for every WordPress project. Instead of writing step-by-step navigation documentation, I used this plugin to organise all necessary links on the single widget for non-technical users. As a developer, I also use this script myself to organise frequently accessed links for quick access.\u003C\u002Fp>\n\u003Ch4>Links format\u003C\u002Fh4>\n\u003Cp>Each link should be entered in a separate line in the following format\u003Cbr \u002F>\n(the fourth parameter, i.e. font awesome icon class is optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ccode>Link text|Button link|Button text|font-awesome icon class\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>Post blog|\u002Fwp-admin\u002Fpost-new.php|Post blog\nPost blog|\u002Fwp-admin\u002Fpost-new.php|Post blog|fa fa-cog\nPost blog|\u002Fwp-admin\u002Fpost-new.php newtab|Post blog|fa fa-cog`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you have any feedback or queries please contact me at \u003Ca href=\"http:\u002F\u002Fhemthapa.com?ref=wp_dqlw\"hemthapa.com\"\" rel=\"nofollow ugc\">hemthapa.com\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin to allows admins to create a admin dashboard widget with frequently accessed links for quick access.",700,8592,8,"2026-01-23T07:08:00.000Z","6.9.4","3.0","7.3",[18,50,19,51,20],"dashboard","shortcut-widget","http:\u002F\u002Fwww.hemthapa.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-quick-link-widget.1.6.0.zip","2026-03-15T15:16:48.613Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":14,"tags":68,"homepage":70,"download_link":71,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"combined-image-and-text-widget","Combined Image and Text Widget","1.1","Nadav Rotchild","https:\u002F\u002Fprofiles.wordpress.org\u002Fnadav-rotchild\u002F","\u003Cp>Combined Image and Text Widget is a plugin that allows you to effortlessly add text and images to your sidebars, with or without links.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily add images to your sidebar using the native WordPress media uploader.\u003C\u002Fli>\n\u003Cli>Add classes, an id, an image alt and a link to your sidebar widget without touching any code.\u003C\u002Fli>\n\u003Cli>Supports WPML multilanguage capabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n","A widget plugin for text and image combinations, with multilingual support.",90,5375,"2016-10-07T01:21:00.000Z","4.6.30","2.8",[18,69,19,20],"images","http:\u002F\u002Fwww.nadavr.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcombined-image-and-text-widget.1.1.zip",85,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":13,"num_ratings":13,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":14,"tags":86,"homepage":88,"download_link":89,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"admin-links-sidebar-widget","Admin Links Widget","1.4.0","kdmurray","https:\u002F\u002Fprofiles.wordpress.org\u002Fkdmurray\u002F","\u003Cp>This plugin provides a widget which can contain links to pages in the administration panel in one of your sidebars.  These links are only visible to those already logged in as an administrator.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Extract admin-links-sidebar-widget.php  into your wp-content\u002Fplugins folder (or a subfolder)\u003C\u002Fli>\n\u003Cli>Activate the plugin in WordPress\u003C\u002Fli>\n\u003Cli>Add the widget to your page\u003C\u002Fli>\n\u003Cli>Set the options to select which links you want displayed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Release History\u003C\u002Fh3>\n\u003Cp>1.4.0 — Fixed a couple of things for WP 3.0, tested up to 3.0.1 successfully.\u003Cbr \u002F>\n1.3.1 — Tested for 2.7.1, minor code change\u003Cbr \u002F>\n1.3.0 — Refactoring to split the admin page and improve performance\u003Cbr \u002F>\n1.1.4 — Minor changes for compatibility with WordPress 2.5.x\u003Cbr \u002F>\n1.1.1 — Minor changes for compatibility with WordPress 2.3.3\u003Cbr \u002F>\n1.1.0 — Added two major features.  “Edit this post” and “Edit this page”\u003Cbr \u002F>\n1.0.9 — Fixed major bug in the URL construction which caused problems on blogs\u003Cbr \u002F>\n         which were not in the root folder of the web server.\u003Cbr \u002F>\n1.0.8 — Added Themes and Widgets admin links\u003Cbr \u002F>\n1.0.5 — Bug Fix: missing comments and plugins items\u003Cbr \u002F>\n1.0.3 — Documentation correction\u003Cbr \u002F>\n1.0.2 — Initial release\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>kdmurray.at.kdmurray.dot.net\u003Cbr \u002F>\nPlugin page: http:\u002F\u002Fkdmurray.net\u002F2010\u002F09\u002F22\u002Fadmin-links-plugin-updated-to-1-4-0\u002F\u003C\u002Fp>\n","This plugin provides a widget which can contain links to pages in the administration panel in one of your sidebars.  These links are only visible to t …",20,16674,"2010-09-22T07:29:00.000Z","3.0.5","1.5",[87,18,50,19,20],"adinistration","http:\u002F\u002Fkdmurray.net\u002F2010\u002F09\u002F22\u002Fadmin-links-plugin-updated-to-1-4-0\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-links-sidebar-widget.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":81,"downloaded":98,"rating":13,"num_ratings":13,"last_updated":99,"tested_up_to":46,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"quicklinks-manager","QuickLinks Manager by Press.Zone","2.1.2","Avi Ezra","https:\u002F\u002Fprofiles.wordpress.org\u002Fresite\u002F","\u003Cp>QuickLinks Manager by Press.Zone is a powerful plugin designed to simplify navigation in the WordPress dashboard. It allows users to create a customizable widget on the dashboard screen with their chosen quick links. This functionality is particularly useful for frequent tasks, like accessing draft posts. The plugin offers full control over link selection with import and export options, making it ideal for managing multiple sites or setting up client websites with custom navigation paths.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dashboard widget displaying your custom quick links\u003C\u002Fli>\n\u003Cli>Admin Bar integration with Quick Links dropdown menu\u003C\u002Fli>\n\u003Cli>Drag-and-drop reordering of links\u003C\u002Fli>\n\u003Cli>Role-based access control for Admin Bar visibility\u003C\u002Fli>\n\u003Cli>Import\u002FExport functionality for easy migration\u003C\u002Fli>\n\u003Cli>Modern, responsive settings interface\u003C\u002Fli>\n\u003Cli>Open links in new tab option\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later. See LICENSE.md for more details.\u003C\u002Fp>\n","QuickLinks Manager by Press.Zone lets you create and manage custom quick links in the WordPress dashboard for easier navigation.",611,"2025-12-21T18:29:00.000Z","5.2.4","7.0",[103,50,104,105,20],"admin-bar","management","quick-links","https:\u002F\u002Fpress.zone\u002Fplugins\u002Fquicklinks-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquicklinks-manager.2.1.2.zip",{"slug":109,"name":110,"version":111,"author":7,"author_profile":8,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":84,"requires_at_least":16,"requires_php":14,"tags":115,"homepage":116,"download_link":117,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"tradebit-download-shop","Tradebit Download and Affiliate Shop","3.0.0","\u003Cp>The ultimate plugin to upload and sell digital goods like photos, MP3 music or\u003Cbr \u002F>\nwebsite templates. With this plugin you will get:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a free Tradebit merchant account (waives the $4.95 activation fee)\u003C\u002Fli>\n\u003Cli>an integrated button in your admin panel to fire up the member area\u003C\u002Fli>\n\u003Cli>a sidebar widget, that links with your ID to tradebit and lists your products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tradebit.com is the marketplace for digital goods and gives you access to\u003Cbr \u002F>\n\u003Cstrong>millions of legal digital goods\u003C\u002Fstrong> that you may additionally add to your\u003Cbr \u002F>\nblog.\u003C\u002Fp>\n\u003Cp>This plugin gives you secure storage space of 99 Gigabytes on tradebit to\u003Cbr \u002F>\nhost your digital inventory and includes the option to integrate affiliate\u003Cbr \u002F>\nlinks to the existing catalog on tradebit.\u003C\u002Fp>\n\u003Cp>Read more about the \u003Ca href=\"http:\u002F\u002Fwww.tradebit.com\u002Fdigital-goods-marketplace.php\" title=\"Download Shop\" rel=\"nofollow ugc\">Tradebit features\u003C\u002Fa>\u003Cbr \u002F>\nhere. The current version provides English accounts and will be enhanced to\u003Cbr \u002F>\nother languages down the road.\u003C\u002Fp>\n","Tradebit is the leading platform to publish and sell digital goods like photos and music. This plugin integrates it into your Wordpress blog!",3613,[18,19,20],"http:\u002F\u002Fwww.tradebit.info\u002Fdownloads\u002Fwordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftradebit-download-shop.zip",{"attackSurface":119,"codeSignals":140,"taintFlows":168,"riskAssessment":233,"analyzedAt":248},{"hooks":120,"ajaxHandlers":136,"restRoutes":137,"shortcodes":138,"cronEvents":139,"entryPointCount":13,"unprotectedCount":13},[121,127,132],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","admin_menu","pd_adminoptions","paldrop.php",289,{"type":128,"name":129,"callback":130,"file":125,"line":131},"filter","media_buttons_context","paldrop_edit_plug",290,{"type":122,"name":133,"callback":134,"file":125,"line":135},"plugins_loaded","pdropWidget_install",293,[],[],[],[],{"dangerousFunctions":141,"sqlUsage":142,"outputEscaping":144,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":167},[],{"prepared":13,"raw":13,"locations":143},[],{"escaped":13,"rawEcho":11,"locations":145},[146,149,151,153,155,157,159,161,163,165],{"file":125,"line":147,"context":148},51,"raw output",{"file":125,"line":150,"context":148},79,{"file":125,"line":152,"context":148},134,{"file":125,"line":154,"context":148},144,{"file":125,"line":156,"context":148},152,{"file":125,"line":158,"context":148},211,{"file":125,"line":160,"context":148},212,{"file":125,"line":162,"context":148},214,{"file":125,"line":164,"context":148},266,{"file":125,"line":166,"context":148},271,[],[169,188,197,214],{"entryPoint":170,"graph":171,"unsanitizedCount":186,"severity":187},"paldrop_edit_settings (paldrop.php:22)",{"nodes":172,"edges":183},[173,178],{"id":174,"type":175,"label":176,"file":125,"line":177},"n0","source","$_SERVER['REQUEST_URI']",67,{"id":179,"type":180,"label":181,"file":125,"line":147,"wp_function":182},"n1","sink","echo() [XSS]","echo",[184],{"from":174,"to":179,"sanitized":185},false,1,"medium",{"entryPoint":189,"graph":190,"unsanitizedCount":186,"severity":187},"pdropcreateuserform (paldrop.php:77)",{"nodes":191,"edges":195},[192,194],{"id":174,"type":175,"label":176,"file":125,"line":193},88,{"id":179,"type":180,"label":181,"file":125,"line":150,"wp_function":182},[196],{"from":174,"to":179,"sanitized":185},{"entryPoint":198,"graph":199,"unsanitizedCount":213,"severity":187},"pdropcreateuserremote (paldrop.php:112)",{"nodes":200,"edges":210},[201,204,205,208],{"id":174,"type":175,"label":202,"file":125,"line":203},"$_REQUEST",116,{"id":179,"type":180,"label":181,"file":125,"line":154,"wp_function":182},{"id":206,"type":175,"label":207,"file":125,"line":156},"n2","$_REQUEST['l']",{"id":209,"type":180,"label":181,"file":125,"line":156,"wp_function":182},"n3",[211,212],{"from":174,"to":179,"sanitized":185},{"from":206,"to":209,"sanitized":185},2,{"entryPoint":215,"graph":216,"unsanitizedCount":231,"severity":232},"\u003Cpaldrop> (paldrop.php:0)",{"nodes":217,"edges":227},[218,220,221,222,223,225],{"id":174,"type":175,"label":219,"file":125,"line":177},"$_SERVER['REQUEST_URI'] (x2)",{"id":179,"type":180,"label":181,"file":125,"line":147,"wp_function":182},{"id":206,"type":175,"label":202,"file":125,"line":203},{"id":209,"type":180,"label":181,"file":125,"line":154,"wp_function":182},{"id":224,"type":175,"label":207,"file":125,"line":156},"n4",{"id":226,"type":180,"label":181,"file":125,"line":156,"wp_function":182},"n5",[228,229,230],{"from":174,"to":179,"sanitized":185},{"from":206,"to":209,"sanitized":185},{"from":224,"to":226,"sanitized":185},4,"low",{"summary":234,"deductions":235},"The 'paldrop-dropbox-shop' plugin, version 3.2.0, exhibits a mixed security posture.  On the positive side, the static analysis reveals no obvious critical vulnerabilities such as dangerous functions, raw SQL queries, file operations, external requests, or bundled libraries.  The absence of known CVEs in its history further suggests a generally well-maintained codebase in terms of historical patching.\n\nHowever, significant concerns arise from the taint analysis, which identified four flows with unsanitized paths, although none were classified as critical or high severity. More alarmingly, a substantial portion of the output escaping (0%) is not properly handled, indicating a high risk of cross-site scripting (XSS) vulnerabilities.  The lack of capability checks and nonce checks across all entry points, combined with zero protected entry points, means that any interaction with the plugin's functionality is potentially accessible without proper authorization or protection, creating a broad attack surface.\n\nIn conclusion, while the plugin's historical security record and absence of known critical flaws are strengths, the identified taint flows and, most critically, the complete lack of output escaping and authorization checks on its entry points, present significant security weaknesses.  These issues necessitate immediate attention to prevent potential exploitation.",[236,239,241,243,246],{"reason":237,"points":238},"0% output escaping",15,{"reason":240,"points":11},"4 unsanitized paths in taint flows",{"reason":242,"points":44},"0% protected entry points",{"reason":244,"points":245},"0 capability checks",5,{"reason":247,"points":245},"0 nonce checks","2026-03-16T23:21:25.076Z",{"wat":250,"direct":257},{"assetPaths":251,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[252],"\u002Fwp-content\u002Fplugins\u002Fpaldrop-dropbox-shop\u002Fpaldrop.php",[],[],[256],"paldrop-dropbox-shop\u002Fpaldrop.php?ver=",{"cssClasses":258,"htmlComments":259,"htmlAttributes":260,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":263},[],[],[],[],[],[]]