[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fC19Fm4Sm0pLuRNDUkBuh5IaducI6vCUaZ-6GpfzZvGM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":140,"fingerprints":212},"pandora-feeds-for-wordpress","Pandora Feeds for WordPress","0.5.0.3","Erunafailaro","https:\u002F\u002Fprofiles.wordpress.org\u002Ferunafailaro\u002F","\u003Cp>Inspired by and building upon the great work of Jean-Paul Franssen, who developed a wordpress-sidebar-widget to display feeds coming from Pandora, I have now finished programming a WordPress plugin, which can help you to place Pandora-feeds freely anywhere in your theme-templates.\u003C\u002Fp>\n\u003Cp>For more information on Pandora, visit http:\u002F\u002Fpandora.com.\u003C\u002Fp>\n\u003Cp>I’m in no way connected to Pandora Media, Inc, this is my private, non-profit contribution to the wordpress-community.\u003C\u002Fp>\n\u003Cp>Pandora and the Music Genome Project are registered trademarks of Pandora Media, Inc.\u003C\u002Fp>\n\u003Ch3>Plugin Homepage\u003C\u002Fh3>\n\u003Cp>The complete documentation is located at my website: http:\u002F\u002Fwww.weinschenker.name\u002Fpandorafeeds\u002F\u003C\u002Fp>\n","Inspired by and building upon the great work of Jean-Paul Franssen, who developed a wordpress-sidebar-widget to display feeds coming from Pandora, I h &hellip;",10,6284,0,"2007-12-01T14:35:00.000Z","2.3.1","2.1","",[19,20,21,22,23],"feeds","multimedia","music","pandora","radio","http:\u002F\u002Fwww.weinschenker.name\u002Fpandorafeeds","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpandora-feeds-for-wordpress.0.5.0.3.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"erunafailaro",5,240,30,84,"2026-04-04T15:37:12.870Z",[38,58,81,103,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":32,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":17,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"meks-audio-player","Meks Audio Player","1.3","Meks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmekshq\u002F","\u003Cp>Easily enhance your podcast, music or any audio on the website. Meks Audio Player is first created as a support for our \u003Ca href=\"https:\u002F\u002Fmekshq.com\u002Fdemo\u002Fmegaphone\" rel=\"nofollow ugc\">Megaphone theme\u003C\u002Fa> but now it can be used on any WordPres website. The plugin will automatically detect audio inside the content and play it in a full-featured sticky audio player. Several smart options are provided to fine-tune the functionality as you wish. Perfect for personal podcasts, podcasting networks, radio stations or music websites.\u003C\u002Fp>\n\u003Cp>Meks Audio Player WordPress plugin is created by \u003Ca href=\"https:\u002F\u002Fmekshq.com\" rel=\"nofollow ugc\">Meks\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Color options to style the player to your personal taste and theme design\u003C\u002Fli>\n\u003Cli>Player Timestamps block ( Navigate audio with timestamps. Set the timestamp and the equivalent title\u002Fname. )\u003C\u002Fli>\n\u003Cli>Options to fully customize the player controls that you like to display: play\u002Fpause, skip back, jump forward, duration\u002Fprogress bar, current time, duration time, mute\u002Fvolume, playback speed…\u003C\u002Fli>\n\u003Cli>No setup required, it simply detects your existing audio inside the content\u003C\u002Fli>\n\u003Cli>Supports WordPress native audio block and audio shortcode\u003C\u002Fli>\n\u003Cli>Works on post and pages as well as all other registered custom post types on the website\u003C\u002Fli>\n\u003Cli>Hooks and filters provided for an elegant way to modify the plugin through your own WordPress theme or a plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More features?\u003C\u002Fh3>\n\u003Cp>By using the plugin with our \u003Ca href=\"https:\u002F\u002Fmekshq.com\u002Fdemo\u002Fmegaphone\" rel=\"nofollow ugc\">Megaphone WordPress theme\u003C\u002Fa>, you can also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get more styling options\u003C\u002Fli>\n\u003Cli>Display the post title inside the player\u003C\u002Fli>\n\u003Cli>Autodetect third-party embeds (i.e. SoundCloud, Spotify, YouTube, etc…)\u003C\u002Fli>\n\u003Cli>Run the player from any page on the website (not only from single posts but from archives too)\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily enhance your podcast, music or any audio files with a full-featured and customizable sticky audio player.",1000,32104,80,"2024-07-29T12:20:00.000Z","6.6.5","5.5",[53,21,54,55,23],"audio","player","podcast","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeks-audio-player.zip",92,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":13,"last_vuln_date":80,"fetched_at":28},"transcoder","Transcoder","1.4.1","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>\u003Cstrong>Transcoder plugin has been discontinued and no longer maintained\u003C\u002Fstrong>, we recommend to use our new video management solution \u003Ca href=\"https:\u002F\u002Fgodam.io\u002F?utm_source=readme&utm_medium=plugin&utm_campaign=transcoder\" rel=\"nofollow ugc\">GoDAM\u003C\u002Fa> which provides smart transcoding & adaptive bitrate, generate thumbnail, add custom layers, better way to organize media files, serve via CDN and do a lot more. Install the GoDAM plugin from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgodam\" rel=\"ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Transcoder easily converts all audio and video files uploaded to your website to a web-friendly format.\u003C\u002Fp>\n\u003Cp>Transcoder eliminates the need for a dedicated media node- no fiddling with installation, managing dependancies or renting servers! Transcoder also works on shared hosting- just install, subscribe and go!\u003C\u002Fp>\n\u003Cp>All transcoding services are available via a subscription plan through this plugin.\u003Cbr \u002F>\nSubscribe to our free plan from the plugin’s settings or from our \u003Ca href=\"https:\u002F\u002Frtmedia.io\u002Ftranscoder\u002F?utm_source=readme&utm_medium=plugin&utm_campaign=transcoder\" rel=\"nofollow ugc\">product page\u003C\u002Fa>. Note that Transcoder will not provide any services without a subscription plan.\u003C\u002Fp>\n\u003Ch4>Supported input media types:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Audio: mp3, m4a, wav, ogg, wma\u003C\u002Fli>\n\u003Cli>Video: 3g2, 3gp, avi, flv, m4v, mp4, mpg, ogv, webm, wmv\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported output media types:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Audio: mp3\u003C\u002Fli>\n\u003Cli>Video: mp4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Create the ultimate niche community by combining Transcoder with our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-media\u002F\" rel=\"ugc\">rtMedia\u003C\u002Fa> plugin. Transcoder works perfectly with rtMedia to create a social experience that is accessible across all desktop and mobile devices.\u003C\u002Fp>\n\u003Ch4>Transcoder Features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Works with ANY WordPress website\u003C\u002Fstrong> – Transcoder plugs into your current website seamlessly, instantly improving user audio\u002Fvideo experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>rtMedia integration\u003C\u002Fstrong> – Works perfectly with our own \u003Ca href=\"https:\u002F\u002Frtmedia.io\u002F?utm_source=readme&utm_medium=plugin&utm_campaign=transcoder\" rel=\"nofollow ugc\">rtMedia\u003C\u002Fa>, for a complete social media platform.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Thumbnail generation\u003C\u002Fstrong> – Automatically generate up to 10 thumbnails for every video, from which your users can choose one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[rt_media] shortcode\u003C\u002Fstrong> – Use our shortcode to display transcoded audio\u002Fvideo file on any post or page. For example, [rt_media attachment_id=xx] the attachment_id parameter specifies the file to be displayed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Privacy Warning\u003C\u002Fh4>\n\u003Cp>In order for us to transcode your media files, we need to copy it over to our server.\u003Cbr \u002F>\nAfter transcoding is completed, the media can reside on our server for a maximum of 24 hours, before it is permanently and irreversibly removed by a Cron job.\u003C\u002Fp>\n\u003Ch4>Future Roadmap\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Additional output formats for video- ogg, webm\u003C\u002Fli>\n\u003Cli>Downsampling capabilities for output video resolution\u003C\u002Fli>\n\u003Cli>RESTful API\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frtmedia.io\u002Ftranscoder\u002F?utm_source=readme&utm_medium=plugin&utm_campaign=transcoder\" title=\"Visit Transcoder's Homepage\" rel=\"nofollow ugc\">Project Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frtmedia.io\u002Fdocs\u002Ftranscoder\u002F?utm_source=readme&utm_medium=plugin&utm_campaign=transcoder\" title=\"Visit Transcoder's Documentation page\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frtmedia.io\u002Ftranscoder\u002F?utm_source=readme&utm_medium=plugin&utm_campaign=transcoder#frequently-asked-questions\" title=\"Visit FAQ page\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FrtCamp\u002Ftranscoder\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> – Please mention your wordpress.org username when sending pull requests.\u003C\u002Fli>\n\u003C\u002Ful>\n","Transcoding services for ANY WordPress website. Convert audio\u002Fvideo files of any format to a web-friendly format (mp3\u002Fmp4).",500,87382,72,8,"2025-08-22T11:38:00.000Z","6.8.5","4.1",[53,74,20,21,75],"media","songs","https:\u002F\u002Frtmedia.io\u002Ftranscoder\u002F?utm_source=dashboard&utm_medium=plugin&utm_campaign=transcoder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftranscoder.1.4.1.zip",98,2,"2025-08-27 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":89,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":17,"download_link":102,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"radiojar-player","Radiojar Audio Player","1.4","Radiojar","https:\u002F\u002Fprofiles.wordpress.org\u002Fradiojar\u002F","\u003Cp>\u003Cstrong>Important Note: \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is only functional for stations operating under \u003Ca href=\"\u002F\u002Fwww.radiojar.com\u002F\" rel=\"nofollow ugc\">Radiojar\u003C\u002Fa>.\u003Cbr \u002F>\nIt’s the simplest way to add your Radiojar station’s player to your WordPress site using widget or shortcode [rj-player].\u003Cbr \u002F>\nFill in your station’s stream name, select the player of your preference and have the player into your site or post easily.\u003Cbr \u002F>\nAn advanced selection for Ajaxify is also provided, for uninterrupted playback during the user’s navigation in the site.\u003C\u002Fp>\n\u003Cp>For details on Ajaxify, kindly refer to  \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fajaxify-wordpress-site\u002F\" rel=\"ugc\">Ajaxify WordPress Site(AWS)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Radiojar Audio Player in 3 steps:\u003C\u002Fh3>\n\u003Cp>1: Install Radiojar Audio Player plug-in.\u003Cbr \u002F>\n2: Fill in the stream name.\u003Cbr \u002F>\n3: Just drag the widget or added to any post\u002Fpage using shortcode [rj-player].\u003C\u002Fp>\n","Audio player plugin for Radiojar platform , just by dragging the widget or added shortcode [rj-player].",100,6965,1,"2020-06-10T11:24:00.000Z","5.4.19","4.8","5.6.33",[97,98,99,100,101],"audio-player","mp3-player","music-player","radiojar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fradiojar-player.1.4.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":34,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":17,"download_link":120,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"playme","PlayMe","0.2.8","ERA404","https:\u002F\u002Fprofiles.wordpress.org\u002Fera404\u002F","\u003Cp>Embeddable Song Request Form for Radio Stations\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Designed for Radio Stations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PlayMe was requested by a radio station deejay and built to best serve both the studio and the listeners.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Listeners may provide their name, the artist\u002Fsong name, and a dedication (or comments), to make realtime requests to Radio Stations and Deejays.\u003C\u002Fli>\n\u003Cli>The form is easily embeddable using the shortcode \u003Cstrong>[playme]\u003C\u002Fstrong> and can optionally require Google’s reCAPTCHA to verify requests before they’re submitted. Put “[playme]” on its own line in the page content (using Text View) to position the PlayMe form where you want it to appear on your page.\u003C\u002Fli>\n\u003Cli>On the backend, requests are shown in a list that refreshes passively every minute, and can be dismissed\u002Fhidden once the request has been addressed.\u003C\u002Fli>\n\u003Cli>For privacy, the only information captured (apart from what’s entered in the submission form) is an IP Address, to offer some insight to site owners about those who are submitting song requests. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>3rd Party Services\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Be advised about the 3rd Party services used by this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>: Optionally, site owners may configure PlayMe to use \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Frecaptcha\u002Fanswer\u002F6080904?hl=en\" title=\"What is Google's reCAPTCHA?\" rel=\"nofollow ugc\">Google’s reCAPTCHA\u003C\u002Fa> service to help minimize abuse of the Song Request form. More information about this service can be found on Google’s \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy?hl=en\" title=\"Google Privacy Policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" title=\"Google Terms of Service\" rel=\"nofollow ugc\">terms of service\u003C\u002Fa> of use. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>WhatIsMyIPAddress.com\u003C\u002Fstrong>: PlayMe offers a link for site owners to quickly discover\u002Freview the geographic location on record associated with the IP address of the submitter of the Song Request (IP-to-Location). This service is provided by a 3rd Party. More information about \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\" title=\"The WhatIsMyIPAddress Website\" rel=\"nofollow ugc\">WhatIsMyIPAddress.com\u003C\u002Fa> can be found on its \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\" title=\"The WhatIsMyIPAddress Website\" rel=\"nofollow ugc\">website\u003C\u002Fa>, its \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\u002Fprivacy-policy\" title=\"The WhatIsMyIPAddress Privacy Policy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa>, and its \u003Ca href=\"https:\u002F\u002Fwhatismyipaddress.com\u002Fterms-of-use\" title=\"The WhatIsMyIPAddress Terms of Use\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Embeddable Song Request Form for Radio Stations",2723,"2025-01-06T22:57:00.000Z","6.7.5","3.2.1","5.6",[21,23,117,118,119],"request","song","station","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplayme.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":89,"num_ratings":91,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":138,"download_link":139,"security_score":89,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"spinitron-player","Spinitron Player","1.0.9","Razorfrog Web Design","https:\u002F\u002Fprofiles.wordpress.org\u002Frazorfrog\u002F","\u003Cp>The Spinitron Player plugin integrates live streaming and playlist data from Spinitron into WordPress sites, offering listeners real-time track information and audio streaming. Designed for ease of use and customization, it provides radio stations with a straightforward solution to share their live content and connect with audiences online.\u003C\u002Fp>\n\u003Ch3>Third-Party Service Integration\u003C\u002Fh3>\n\u003Cp>This plugin makes use of the Spinitron API to fetch and display live radio show and playlist information. The integration with Spinitron’s services is essential for providing up-to-date content within the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Spinitron Website: https:\u002F\u002Fspinitron.com\u002F\u003C\u002Fli>\n\u003Cli>Spinitron API Documentation: https:\u002F\u002Fspinitron.github.io\u002Fv2api\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Legal and Privacy\u003C\u002Fh3>\n\u003Cp>Please review Spinitron’s Terms of Use and Privacy Policy to understand the data usage and legal considerations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>terms of Service: https:\u002F\u002Fforum.spinitron.com\u002Ftos\u003C\u002Fli>\n\u003Cli>Privacy Policy: https:\u002F\u002Fforum.spinitron.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using the Spinitron Player plugin, you agree to comply with these terms and acknowledge the data interactions with Spinitron’s services.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>The following shortcodes are available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[spinitron_player]\u003C\u002Fcode> – For Spinitron live player interface.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[spinitron_play_button]\u003C\u002Fcode> – For stream play button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We will be working on new UI options in future releases.\u003C\u002Fp>\n","A streaming player for radio stations using Spinitron, with live data integration.",20,2348,"2025-12-09T23:21:00.000Z","6.9.4","5.2","7.2",[21,54,23,136,137],"spinitron","stream","https:\u002F\u002Frazorfrog.com\u002Fspinitron-player\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspinitron-player.1.0.9.zip",{"attackSurface":141,"codeSignals":153,"taintFlows":200,"riskAssessment":201,"analyzedAt":211},{"hooks":142,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":13,"unprotectedCount":13},[143],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","register_with_options","pandorafeeds.php",313,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":157,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":91,"bundledLibraries":199},[],{"prepared":13,"raw":13,"locations":156},[],{"escaped":13,"rawEcho":158,"locations":159},21,[160,163,165,167,169,170,172,174,176,178,180,182,184,186,187,189,190,192,194,195,197],{"file":147,"line":161,"context":162},82,"raw output",{"file":147,"line":164,"context":162},86,{"file":147,"line":166,"context":162},134,{"file":147,"line":168,"context":162},135,{"file":147,"line":168,"context":162},{"file":147,"line":171,"context":162},136,{"file":147,"line":173,"context":162},173,{"file":147,"line":175,"context":162},174,{"file":147,"line":177,"context":162},175,{"file":147,"line":179,"context":162},176,{"file":147,"line":181,"context":162},270,{"file":147,"line":183,"context":162},272,{"file":147,"line":185,"context":162},273,{"file":147,"line":185,"context":162},{"file":147,"line":188,"context":162},274,{"file":147,"line":188,"context":162},{"file":147,"line":191,"context":162},276,{"file":147,"line":193,"context":162},277,{"file":147,"line":193,"context":162},{"file":147,"line":196,"context":162},278,{"file":147,"line":198,"context":162},310,[],[],{"summary":202,"deductions":203},"The static analysis of pandora-feeds-for-wordpress v0.5.0.3 reveals a generally positive security posture with no identified direct entry points for attackers, such as AJAX handlers, REST API routes, or shortcodes that are exposed without authentication. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries, indicating a reduced risk of SQL injection vulnerabilities. Furthermore, the absence of file operations and external HTTP requests in the analyzed code signals a contained functionality.\n\nHowever, a significant concern arises from the complete lack of proper output escaping. With 21 total outputs and 0% properly escaped, this presents a substantial risk for cross-site scripting (XSS) vulnerabilities. Any data that is displayed to users, if not carefully sanitized before output, could be leveraged by an attacker to inject malicious scripts. The presence of only one capability check, without any nonce checks on potential entry points (though none were found), suggests that privilege escalation or unauthorized actions might still be possible if new entry points were introduced or if the single capability check is not robust enough.\n\nThe vulnerability history for this plugin is clean, with no known CVEs or past security issues recorded. This is a positive indicator, suggesting a history of security-conscious development. However, the lack of past vulnerabilities does not negate the current findings of significant output escaping issues. The overall conclusion is that while the plugin has a small attack surface and follows some best practices, the critical flaw in output escaping creates a notable security risk that requires immediate attention.",[204,207,209],{"reason":205,"points":206},"All outputs are unescaped",17,{"reason":208,"points":32},"Only one capability check found",{"reason":210,"points":32},"No nonce checks on potential entry points","2026-03-17T00:50:47.431Z",{"wat":213,"direct":218},{"assetPaths":214,"generatorPatterns":215,"scriptPaths":216,"versionParams":217},[],[],[],[],{"cssClasses":219,"htmlComments":222,"htmlAttributes":223,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":226},[220,221],"pandorafeeds-stations","pandorafeeds-favoriteartists",[],[],[],[],[]]