[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIaybw66-fX1b2nkCHpLLAV4mH_bG2Szh0PRqRPXZmD0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":241},"pauls-latest-posts","Pauls Latest Posts","1.9","paulmac","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaulmac\u002F","\u003Cp>Pauls Latest Posts displays a list of your latest posts and comments in the sidebar with excerpts. Excerpts length can be modified or left out completely. Useful for sites that display one post on the main page, and want to link to previous posts.\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>Feedback is welcome as are feature requests. Just leave a comment on the \u003Ca href=\"http:\u002F\u002Fwww.paulmc.org\u002Fwhatithink\u002Fwordpress\u002Fplugins\u002Fpauls-latest-posts\u002F\" rel=\"nofollow ugc\">Plugin Page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Thanks\u003C\u002Fh3>\n\u003Cp>Thanks goes to the following people: Simon who suggested that I add the Latest Comments functionality, Juno for suggesting the HTML functionality, the ability to change the Read More text, specify post and comment titles, disabling and enabling post title, comment title and styles. Wil for suggesting the Randomised Offset setting, Farabi for suggesting the category option, Peter for reporting the bug fixed in version 1.8, Charles for the post date.\u003C\u002Fp>\n","Display latest posts with excerpts and comments in a sidebar widget.",30,5421,0,"2009-04-13T04:37:00.000Z","2.7.1","2.3","",[19,20,21,22,23],"excerpts","lastest","posts","sidebar","widget","http:\u002F\u002Fwww.paulmc.org\u002Fwhatithink\u002Fwordpress\u002Fplugins\u002Fpauls-latest-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpauls-latest-posts.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},4,80,89,86,"2026-04-04T16:47:51.831Z",[37,57,80,98,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":32,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"advanced-random-posts-widget","Advanced Random Posts Widget","2.2.1","Ga Satrya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatrya\u002F","\u003Ch4>Notice\u003C\u002Fh4>\n\u003Cp>This plugin is no longer supported, please use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frecent-posts-widget-extended\u002F\" rel=\"ugc\">Recent posts widget Extended\u003C\u002Fa> instead.\u003C\u002Fp>\n\u003Cp>This plugin will enable a custom, flexible and advanced random posts. It allows you to display a list of random posts via shortcode or widget with thumbnail, excerpt and post date, also you can display it from all or specific or multiple taxonomy.\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow you to set title url.\u003C\u002Fli>\n\u003Cli>Display thumbnails, with customizable size and alignment.\u003C\u002Fli>\n\u003Cli>Display excerpt, with customizable length.\u003C\u002Fli>\n\u003Cli>Display from all, specific or multiple category.\u003C\u002Fli>\n\u003Cli>Display from all, specific or multiple tag.\u003C\u002Fli>\n\u003Cli>Display from all, specific or multiple taxonomy.\u003C\u002Fli>\n\u003Cli>Display post date.\u003C\u002Fli>\n\u003Cli>Display post modified date.\u003C\u002Fli>\n\u003Cli>Post types.\u003C\u002Fli>\n\u003Cli>Post status.\u003C\u002Fli>\n\u003Cli>Allow you to set custom css class per widget.\u003C\u002Fli>\n\u003Cli>Add custom html or text before and\u002For after random posts.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support Me\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Purchase or download my \u003Ca href=\"https:\u002F\u002Fwp.idenovasi.com\u002F\" rel=\"nofollow ugc\">WordPress themes\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Purchase my \u003Ca href=\"https:\u002F\u002Fwww.fiverr.com\u002Fidenovasi\" rel=\"nofollow ugc\">Services\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Try another \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fidenovasi\u002F#content-plugins\" rel=\"nofollow ugc\">WordPress plugin\u003C\u002Fa> from me.\u003C\u002Fli>\n\u003Cli>Contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fidenovasi\u002Fadvanced-random-posts-widget\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shorcode Explanation\u003C\u002Fh3>\n\u003Cp>Explanation of shortcode options:\u003C\u002Fp>\n\u003Cp>Basic shortcode\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display 10 random posts\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw limit=\"10\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display with thumbnail and set the size\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw thumbnail=\"true\" thumbnail_size=\"arpw-thumbnail\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display posts based on category by id\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw thumbnail=\"true\" cat=\"10\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Display portfolio post type\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[arpw post_type=\"portfolio\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Here’s the full default shortcode arguments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>title=\"\"\noffset=\"\"\nlimit=\"5\"\npost_type=\"post\"\npost_status=\"publish\"\nignore_sticky=\"1\"\ntaxonomy=\"\"\ncat=\"\"\ntag=\"\"\nthumbnail=\"false\"\nthumbnail_size=\"arpw-thumbnail\"\nthumbnail_align=\"left\"\nexcerpt=\"false\"\nexcerpt_length=\"10\"\ndate=\"false\"\ndate_modified=\"false\"\ndate_relative=\"false\"\ncss_class=\"\"\nbefore=\"\"\nafter=\"\"\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Provides flexible and advanced random posts. Display it via shortcode or widget with thumbnails, post excerpt, and much more!",10000,216217,39,"2023-08-05T11:11:00.000Z","6.1.10","4.5",[52,22,53,23,54],"random-posts","thumbnail","widgets","https:\u002F\u002Fgithub.com\u002Fidenovasi\u002Fadvanced-random-posts-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-random-posts-widget.2.2.1.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":45,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":77,"vuln_count":78,"unpatched_count":13,"last_vuln_date":79,"fetched_at":28},"newpost-catch","Newpost Catch","1.3.22","Tetsuya Imamura","https:\u002F\u002Fprofiles.wordpress.org\u002Fs56bouya\u002F","\u003Cp>Thumbnails in new articles setting widget.\u003C\u002Fp>\n","Thumbnails in new articles setting widget.",288091,100,2,"2025-03-03T00:21:00.000Z","6.7.5","5.6","7.2",[73,74,21,22,23],"image","images","http:\u002F\u002Fwww.imamura.biz\u002Fblog\u002Fnewpost-catch\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnewpost-catch.1.3.22.zip",91,1,"2025-02-20 15:03:22",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":45,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":66,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"raratheme-companion","RaraTheme Companion","1.4.4","Rara Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fraratheme\u002F","\u003Cp>RaraTheme Companion is truly a must have companion for your website. It provides 23 useful and frequently used widgets that you can add to the sidebars to create an engaging website.\u003C\u002Fp>\n\u003Ch3>Widgets offered\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Advertisement\u003C\u002Fli>\n\u003Cli>A Featured Page\u003C\u002Fli>\n\u003Cli>Author Bio\u003C\u002Fli>\n\u003Cli>Call to Action\u003C\u002Fli>\n\u003Cli>Client Logo\u003C\u002Fli>\n\u003Cli>Contact\u003C\u002Fli>\n\u003Cli>Custom Categories\u003C\u002Fli>\n\u003Cli>Facebook Page\u003C\u002Fli>\n\u003Cli>FAQs\u003C\u002Fli>\n\u003Cli>Featured Post\u003C\u002Fli>\n\u003Cli>Icon Text\u003C\u002Fli>\n\u003Cli>Image Text\u003C\u002Fli>\n\u003Cli>Image\u003C\u002Fli>\n\u003Cli>Latest Tweets\u003C\u002Fli>\n\u003Cli>Pinterest\u003C\u002Fli>\n\u003Cli>Popular Post\u003C\u002Fli>\n\u003Cli>Posts Category Slider\u003C\u002Fli>\n\u003Cli>Recent Post\u003C\u002Fli>\n\u003Cli>Snapchat\u003C\u002Fli>\n\u003Cli>Social Media\u003C\u002Fli>\n\u003Cli>Stat Counter\u003C\u002Fli>\n\u003Cli>Team Member\u003C\u002Fli>\n\u003Cli>Testimonial\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The plugin works best with themes developed by Rara Theme.\u003C\u002Fp>\n\u003Cp>The plugin also provides simple yet clean code which allows developers to overwrite the plugin properties. The plugin offers a multiple numbers of filters and action hooks which for maximum flexibility to the developers.\u003C\u002Fp>\n","23 extremely useful custom widgets to create an engaging website.",497772,"2026-01-06T05:43:00.000Z","6.9.4","4.4.0","7.4",[21,94,95,54],"sidebars","social-links","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fraratheme-companion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraratheme-companion.1.4.4.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":17,"tags":113,"homepage":17,"download_link":117,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"recent-posts-by-category-widget","Recent Posts by Category Widget","1.3","Ross Cornell","https:\u002F\u002Fprofiles.wordpress.org\u002Frossc\u002F","\u003Cp>This plugin adds a simple widget that allows you to display a number of recent blog posts from a specific category. You have the options to choose a title, category, number of posts and whether or not to show the post date. The posts will be ordered by date just like the default Recent Posts widget included with WordPress.\u003C\u002Fp>\n","Just like the default Recent Posts widget except you can choose a category to pull posts from.",4000,33251,94,12,"2017-11-28T16:45:00.000Z","4.2.39","3.0.1",[114,115,116,22,23],"categories","category","recent-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-by-category-widget.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":108,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":92,"tags":132,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"expanding-archives","Expanding Archives","2.1.0","Ashley","https:\u002F\u002Fprofiles.wordpress.org\u002Fnosegraze\u002F","\u003Cp>Expanding Archives adds a widget that shows your old posts in an expandable\u002Fcollapsible format. Each post is categorized under its year and month, so you can expand all the posts in a given month and year.\u003C\u002Fp>\n\u003Cp>This plugin comes with very minimal CSS styling so you can easily customize it to match your design.\u003C\u002Fp>\n\u003Cp>JavaScript is required. No IE support.\u003C\u002Fp>\n","This plugin adds a new widget where you can view your old posts by expanding certain years and months.",2000,22798,6,"2024-03-23T14:55:00.000Z","6.4.8","3.0",[133,134,21,22,23],"archives","navigation","https:\u002F\u002Fshop.nosegraze.com\u002Fproduct\u002Fexpanding-archives\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpanding-archives.zip",{"attackSurface":138,"codeSignals":154,"taintFlows":233,"riskAssessment":234,"analyzedAt":240},{"hooks":139,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":13,"unprotectedCount":13},[140,146],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","widget_pmcLatestPosts_init","pmc-latest-posts.php",415,{"type":141,"name":147,"callback":148,"file":144,"line":149},"wp_head","pmcLoadStyles",417,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":232},[],{"prepared":13,"raw":13,"locations":157},[],{"escaped":13,"rawEcho":159,"locations":160},35,[161,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230],{"file":144,"line":162,"context":163},75,"raw output",{"file":144,"line":165,"context":163},79,{"file":144,"line":167,"context":163},88,{"file":144,"line":169,"context":163},115,{"file":144,"line":171,"context":163},120,{"file":144,"line":173,"context":163},135,{"file":144,"line":175,"context":163},137,{"file":144,"line":177,"context":163},157,{"file":144,"line":179,"context":163},171,{"file":144,"line":181,"context":163},299,{"file":144,"line":183,"context":163},300,{"file":144,"line":185,"context":163},302,{"file":144,"line":187,"context":163},303,{"file":144,"line":189,"context":163},304,{"file":144,"line":191,"context":163},305,{"file":144,"line":193,"context":163},306,{"file":144,"line":195,"context":163},308,{"file":144,"line":197,"context":163},309,{"file":144,"line":199,"context":163},310,{"file":144,"line":201,"context":163},311,{"file":144,"line":203,"context":163},312,{"file":144,"line":205,"context":163},313,{"file":144,"line":207,"context":163},314,{"file":144,"line":209,"context":163},315,{"file":144,"line":211,"context":163},317,{"file":144,"line":213,"context":163},318,{"file":144,"line":215,"context":163},319,{"file":144,"line":217,"context":163},320,{"file":144,"line":219,"context":163},324,{"file":144,"line":221,"context":163},325,{"file":144,"line":223,"context":163},326,{"file":144,"line":225,"context":163},327,{"file":144,"line":227,"context":163},328,{"file":144,"line":229,"context":163},329,{"file":144,"line":231,"context":163},368,[],[],{"summary":235,"deductions":236},"The 'pauls-latest-posts' plugin version 1.9 exhibits a generally positive security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate that all SQL queries are properly prepared, and there are no file operations or external HTTP requests, all of which are strong security practices. The complete lack of any recorded vulnerabilities, including CVEs, further reinforces this positive assessment.\n\nHowever, a significant concern arises from the output escaping analysis, where 100% of the 35 identified outputs are not properly escaped. This represents a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly outputted without sanitization. While taint analysis did not reveal any issues, the lack of output escaping is a direct indicator of potential XSS risks. The absence of nonce and capability checks on potential entry points, though the entry points themselves are currently zero, means that if any were introduced in future versions without proper checks, it could create immediate security holes.\n\nIn conclusion, while the plugin's current design minimizes attack vectors and avoids common vulnerabilities like raw SQL or unpatched CVEs, the pervasive issue of unescaped output is a serious concern that requires immediate attention. Addressing this would significantly improve the plugin's security.",[237],{"reason":238,"points":239},"100% of outputs not properly escaped",8,"2026-03-16T22:36:18.099Z",{"wat":242,"direct":247},{"assetPaths":243,"generatorPatterns":244,"scriptPaths":245,"versionParams":246},[],[],[],[],{"cssClasses":248,"htmlComments":254,"htmlAttributes":255,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":258},[249,250,251,252,253],"pmc-h3","pmc-link","pmc-date","pmc-excerpt","pmc-read-more",[],[],[],[],[]]