[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fK4qWDvHtmCt2cKx3fLgW66a8ZluYUNTarUDNqG8m2Zc":3,"$fsJztI5MMUKN41HGluQ83CBAPbtWnUOoB7JXKrxdoMVY":402,"$f6bA3bpDbxpthntrBX592585XBLUID4Mxz35-c4AET8Q":406},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":130,"fingerprints":378},"pbp-newsticker","PBP Newsticker","1.3.2","projoktibangla","https:\u002F\u002Fprofiles.wordpress.org\u002Fprojoktibangla\u002F","\u003Cp>Create as many Newstickers as you want and display them using shortcodes, widgets or PHP.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create many tickers.\u003C\u002Fli>\n\u003Cli>Choose skin from many skins.\u003C\u002Fli>\n\u003Cli>Set ticker title.\u003C\u002Fli>\n\u003Cli>Choose animation & Set animation settings.\u003C\u002Fli>\n\u003Cli>Set tickers with Own News Item.\u003C\u002Fli>\n\u003Cli>Set tickers by Most Recent Post.\u003C\u002Fli>\n\u003Cli>Set tickers with Custom Post Type.\u003C\u002Fli>\n\u003Cli>Set tickers by Recent Comments.\u003C\u002Fli>\n\u003Cli>Create tickers with latest Tweets from Twitter.\u003C\u002Fli>\n\u003Cli>Create tickers from latest RSS feeds.\u003C\u002Fli>\n\u003Cli>Create tickers with latest Post from Facebook.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create many newsticker with display using shortscode, widgets or PHP",10,2926,66,3,"2015-04-24T21:18:00.000Z","4.2.39","3.0.1","",[20],"newsticker","http:\u002F\u002Fprojoktibangla.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpbp-newsticker.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},6,70,30,84,"2026-05-20T06:57:51.920Z",[36,56,77,93,113],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":18,"download_link":54,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":55},"awesome-wp-widget-newsticker","Awesome Wp Widget Newsticker","1.0","nayon46","https:\u002F\u002Fprofiles.wordpress.org\u002Fnayon46\u002F","\u003Cp>news Ticker is a multi-functional data display plugin. Easily add custom news tickers to your site either through shortcodes, direct functions, or in a custom Ditty News Ticker Widget.\u003C\u002Fp>\n\u003Cp>News Ticker is a free, flat, stylish, modern, easy to use and flexible wordpress jQuery news ticker. If you have a magazine or blogging site then then it’s a highly recommend plugin for your website\u002Fblog.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>You may provide arbitrary sections, in the same format as the ones above.  This may be of use for extremely complicated\u003Cbr \u002F>\nplugins where more information needs to be conveyed that doesn’t fit into the categories of “description” or\u003Cbr \u002F>\n“installation.”  Arbitrary sections will be shown below the built-in sections outlined above.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Some feature\u003C\u002Fli>\n\u003Cli>Another feature\u003C\u002Fli>\n\u003Cli>Something else about the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>something\u003C\u002Fli>\n\u003Cli>something else\u003C\u002Fli>\n\u003Cli>third thing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s a link to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" title=\"Your favorite software\" rel=\"ugc\">WordPress\u003C\u002Fa> and one to \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" title=\"Markdown is what the parser uses to process much of the readme file\" rel=\"nofollow ugc\">Markdown’s Syntax Documentation\u003C\u002Fa>.\u003Cbr \u002F>\nTitles are optional, naturally.\u003C\u002Fp>\n\u003Cp>Markdown uses email style notation for blockquotes and I’ve been told:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Asterisks for \u003Cem>emphasis\u003C\u002Fem>. Double it up  for \u003Cstrong>strong\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cpre>\u003Ccode>\u003C?php code(); \u002F\u002F goes in backticks ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","news Ticker widget is a multi-functional data display plugin.",200,6569,100,1,"2024-01-07T03:02:00.000Z","6.4.8","5.0.1",[20,52,53],"widget-newsticker","wordpress-newsticker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawesome-wp-widget-newsticker.zip","2026-04-16T10:56:18.058Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":46,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":75,"download_link":76,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":55},"fikraticker","FikraTicker","0.2","Nael Bawadekji","https:\u002F\u002Fprofiles.wordpress.org\u002Ffikratech\u002F","\u003Cp>FikraTicker provides WordPress with a sleek and multi-options newsticker. It can be displayed in any place in your website\u002Fblog. This ticker shows the latest news\u002Fposts. You can control the news display from the control panel.\u003C\u002Fp>\n\u003Cp>This newsticker is an ideal solution for anyone who wants to give his site a magazine\u002Fnews style.\u003C\u002Fp>\n\u003Cp>This newsticker comes with the following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It supports the languages that are written from right to left and vice versa (RTL, LTR);  \u003C\u002Fli>\n\u003Cli>A Control Panel, that enables you to control the ticker in detail, such as the style, speed, width and the number of  publications;  \u003C\u002Fli>\n\u003Cli>It supports 4 basic effects: Slide, Fade, Scroll and Ticker.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out the \u003Ca href=\"http:\u002F\u002Ffikratech.com\u002Fticker\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fp>\n","FikraTicker is a simple and multi-effects newsticker that displays the recent news\u002Fposts on your website\u002Fblog",15929,92,5,"2013-11-08T14:36:00.000Z","3.5.2","3.0",[71,20,72,73,74],"fade","posts","slide","ticker","http:\u002F\u002Ffikratech.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffikraticker.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":46,"num_ratings":47,"last_updated":86,"tested_up_to":87,"requires_at_least":69,"requires_php":18,"tags":88,"homepage":91,"download_link":92,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":55},"announceme","AnnounceME","0.3.3","Berni1337","https:\u002F\u002Fprofiles.wordpress.org\u002Fberni1337\u002F","\u003Cp>AnnounceME is a simple plugin, coded to help you publishing important Announcements, which can be read by every user of your Blog. AnnounceME uses the same design as WordPress in backend, to make it easier to handle with it.\u003C\u002Fp>\n","AnnounceME is a simple plugin, coded to help you publishing important Announcements.",3331,"2011-05-11T18:07:00.000Z","3.1.4",[89,90,20],"announce","announcement","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fannounceme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fannounceme.zip",{"slug":94,"name":95,"version":39,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":11,"downloaded":100,"rating":46,"num_ratings":47,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":111,"download_link":112,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":55},"newstick-ultra","NewsTick Ultra","Geeky Nigeria","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnvictor82\u002F","\u003Cp>NewsTick Ultra is a stylish and beautifully designed news ticker plugin that brings the freedom of customisation at your fingertips!\u003C\u002Fp>\n\u003Cp>With NewsTick Ultra, you can conveniently set a category for posts to display on the bar or use an alternative content instead. Use the shortcode, [newstick-ultra] to display the ticker on relevant places.\u003C\u002Fp>\n\u003Cp>Major features in NewsTick Ultra include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily accessible shortcode.\u003C\u002Fli>\n\u003Cli>Colour Customisation\u003C\u002Fli>\n\u003Cli>Display custom content\u003C\u002Fli>\n\u003Cli>Select number of posts to display.  \u003C\u002Fli>\n\u003Cli>Low on memory usage\u003C\u002Fli>\n\u003C\u002Ful>\n","A stylish and customisable news ticker that displays news or alternative content.",1089,"2020-07-21T08:29:00.000Z","5.4.19","5.4","7.2",[106,107,108,109,110],"beautiful-newsticker","customisable-newticker-plugin","flexible-newsticker-plugin","newsticker-for-wordpress","well-designed-newsticker","https:\u002F\u002Fgeeky.com.ng\u002Fnewstick-ultra-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnewstick-ultra.1.0.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":46,"num_ratings":47,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":18,"download_link":129,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":55},"posts-news-ticker","Posts News Ticker","1.0.0","hamzarauf","https:\u002F\u002Fprofiles.wordpress.org\u002Fhamzarauf\u002F","\u003Cp>Show Latest posts news ticker at bottom…\u003C\u002Fp>\n\u003Cp>For backwards compatibility, if this section is missing, the full length of the short description will be used, and\u003Cbr \u002F>\nMarkdown parsed.\u003C\u002Fp>\n\u003Cp>A few notes about the sections above:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“Contributors” is a comma separated list of wordpress.org usernames\u003C\u002Fli>\n\u003Cli>“Tags” is a comma separated list of tags that apply to the plugin\u003C\u002Fli>\n\u003Cli>“Requires at least” is the lowest version that the plugin will work on\u003C\u002Fli>\n\u003Cli>“Tested up to” is the highest version that you’ve \u003Cem>successfully used to test the plugin\u003C\u002Fem>. Note that it might work on\u003Cbr \u002F>\nhigher versions… this is just the highest one you’ve verified.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Stable tag should indicate the Subversion “tag” of the latest stable version, or “trunk,” if you use \u003Ccode>\u002Ftrunk\u002F\u003C\u002Fcode> for\u003Cbr \u002F>\nstable.\u003C\u002Fp>\n\u003Cp>Note that the \u003Ccode>readme.txt\u003C\u002Fcode> of the stable tag is the one that is considered the defining one for the plugin, so\u003Cbr \u002F>\nif the \u003Ccode>\u002Ftrunk\u002Freadme.txt\u003C\u002Fcode> file says that the stable tag is \u003Ccode>4.3\u003C\u002Fcode>, then it is \u003Ccode>\u002Ftags\u002F4.3\u002Freadme.txt\u003C\u002Fcode> that’ll be used\u003Cbr \u002F>\nfor displaying information about the plugin.  In this situation, the only thing considered from the trunk \u003Ccode>readme.txt\u003C\u002Fcode>\u003Cbr \u002F>\nis the stable tag pointer.  Thus, if you develop in trunk, you can update the trunk \u003Ccode>readme.txt\u003C\u002Fcode> to reflect changes in\u003Cbr \u002F>\nyour in-development version, without having that information incorrectly disclosed about the current stable version\u003Cbr \u002F>\nthat lacks those changes — as long as the trunk’s \u003Ccode>readme.txt\u003C\u002Fcode> points to the correct stable tag.\u003C\u002Fp>\n\u003Cp>If no stable tag is provided, it is assumed that trunk is stable, but you should specify “trunk” if that’s where\u003Cbr \u002F>\nyou put the stable version, in order to eliminate any doubt.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>You may provide arbitrary sections, in the same format as the ones above.  This may be of use for extremely complicated\u003Cbr \u002F>\nplugins where more information needs to be conveyed that doesn’t fit into the categories of “description” or\u003Cbr \u002F>\n“installation.”  Arbitrary sections will be shown below the built-in sections outlined above.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>10 Latest Blog posts \u003C\u002Fli>\n\u003Cli>Rotating text \u003C\u002Fli>\n\u003Cli>Current time\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Here’s a link to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" title=\"Your favorite software\" rel=\"ugc\">WordPress\u003C\u002Fa> and one to \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" title=\"Markdown is what the parser uses to process much of the readme file\" rel=\"nofollow ugc\">Markdown’s Syntax Documentation\u003C\u002Fa>.\u003Cbr \u002F>\nTitles are optional, naturally.\u003C\u002Fp>\n\u003Cp>Markdown uses email style notation for blockquotes and I’ve been told:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Asterisks for \u003Cem>emphasis\u003C\u002Fem>. Double it up  for \u003Cstrong>strong\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cpre>\u003Ccode>\u003C?php code(); \u002F\u002F goes in backticks ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Show Latest posts news ticker at bottom",3434,"2017-01-22T16:33:00.000Z","4.7.33","4.6",[126,127,20,72,128],"blog","news","rotate","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-news-ticker.zip",{"attackSurface":131,"codeSignals":200,"taintFlows":304,"riskAssessment":366,"analyzedAt":377},{"hooks":132,"ajaxHandlers":189,"restRoutes":194,"shortcodes":195,"cronEvents":198,"entryPointCount":199,"unprotectedCount":47},[133,139,143,145,150,153,157,160,164,167,170,173,177,180,183,186],{"type":134,"name":135,"callback":136,"priority":11,"file":137,"line":138},"action","pbpNewsticker_save_settings","save_ticker_settings","data_source.class.php",549,{"type":140,"name":141,"callback":141,"priority":11,"file":137,"line":142},"filter","pbpNewsticker_ticker_settings",552,{"type":140,"name":141,"callback":141,"priority":11,"file":137,"line":144},553,{"type":140,"name":146,"callback":147,"priority":11,"file":148,"line":149},"wp_feed_cache_transient_lifetime","set_feed_cache_lifetime","data_sources\u002Frss.class.php",55,{"type":140,"name":146,"callback":147,"priority":11,"file":151,"line":152},"data_sources\u002Ftwitter.class.php",54,{"type":134,"name":154,"callback":154,"file":155,"line":156},"init","pbp-newsticker.php",78,{"type":134,"name":158,"callback":158,"file":155,"line":159},"admin_init",79,{"type":134,"name":161,"callback":162,"file":155,"line":163},"wp_enqueue_scripts","enqueue_scripts",80,{"type":134,"name":165,"callback":165,"file":155,"line":166},"admin_enqueue_scripts",81,{"type":134,"name":168,"callback":168,"file":155,"line":169},"admin_menu",82,{"type":140,"name":171,"callback":172,"file":155,"line":23},"pbpNewsticker_item_time_ago_format","time_ago_format",{"type":140,"name":174,"callback":175,"file":155,"line":176},"pbpNewsticker_string","wptexturize",86,{"type":140,"name":174,"callback":178,"file":155,"line":179},"convert_smilies",87,{"type":140,"name":174,"callback":181,"file":155,"line":182},"convert_chars",88,{"type":140,"name":174,"callback":184,"file":155,"line":185},"shortcode_unautop",89,{"type":140,"name":174,"callback":187,"file":155,"line":188},"prepend_attachment",90,[190],{"action":191,"nopriv":192,"callback":191,"hasNonce":192,"hasCapCheck":192,"file":155,"line":193},"create_data_source_instance",false,83,[],[196],{"tag":20,"callback":197,"file":155,"line":65},"shortcode",[],2,{"dangerousFunctions":201,"sqlUsage":202,"outputEscaping":204,"fileOperations":24,"externalRequests":199,"nonceChecks":14,"capabilityChecks":24,"bundledLibraries":300},[],{"prepared":24,"raw":24,"locations":203},[],{"escaped":24,"rawEcho":205,"locations":206},50,[207,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,245,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,279,281,282,284,285,286,287,288,289,291,293,294,296,298],{"file":137,"line":208,"context":209},216,"raw output",{"file":137,"line":211,"context":209},218,{"file":137,"line":213,"context":209},225,{"file":137,"line":215,"context":209},231,{"file":137,"line":217,"context":209},466,{"file":155,"line":219,"context":209},350,{"file":155,"line":221,"context":209},368,{"file":155,"line":223,"context":209},373,{"file":155,"line":225,"context":209},415,{"file":155,"line":227,"context":209},422,{"file":155,"line":229,"context":209},424,{"file":155,"line":231,"context":209},431,{"file":155,"line":233,"context":209},438,{"file":155,"line":235,"context":209},441,{"file":155,"line":237,"context":209},443,{"file":155,"line":239,"context":209},455,{"file":155,"line":241,"context":209},467,{"file":155,"line":243,"context":209},472,{"file":155,"line":243,"context":209},{"file":246,"line":247,"context":209},"pbpnewsticker.class.php",258,{"file":246,"line":249,"context":209},275,{"file":246,"line":251,"context":209},278,{"file":246,"line":253,"context":209},284,{"file":246,"line":255,"context":209},289,{"file":246,"line":257,"context":209},333,{"file":246,"line":259,"context":209},338,{"file":246,"line":261,"context":209},347,{"file":246,"line":263,"context":209},353,{"file":246,"line":265,"context":209},359,{"file":246,"line":267,"context":209},369,{"file":246,"line":269,"context":209},375,{"file":246,"line":271,"context":209},385,{"file":246,"line":273,"context":209},390,{"file":246,"line":275,"context":209},395,{"file":246,"line":277,"context":209},407,{"file":246,"line":277,"context":209},{"file":246,"line":280,"context":209},408,{"file":246,"line":280,"context":209},{"file":246,"line":283,"context":209},410,{"file":246,"line":227,"context":209},{"file":246,"line":227,"context":209},{"file":246,"line":227,"context":209},{"file":246,"line":235,"context":209},{"file":246,"line":237,"context":209},{"file":246,"line":290,"context":209},586,{"file":246,"line":292,"context":209},588,{"file":246,"line":292,"context":209},{"file":246,"line":295,"context":209},594,{"file":246,"line":297,"context":209},597,{"file":246,"line":299,"context":209},605,[301],{"name":302,"version":25,"knownCves":303},"jQuery",[],[305,322,332,347,358],{"entryPoint":306,"graph":307,"unsanitizedCount":47,"severity":321},"create_data_source_instance (pbp-newsticker.php:347)",{"nodes":308,"edges":319},[309,314],{"id":310,"type":311,"label":312,"file":155,"line":313},"n0","source","$_POST",348,{"id":315,"type":316,"label":317,"file":155,"line":219,"wp_function":318},"n1","sink","echo() [XSS]","echo",[320],{"from":310,"to":315,"sanitized":192},"medium",{"entryPoint":323,"graph":324,"unsanitizedCount":47,"severity":321},"admin_page (pbp-newsticker.php:358)",{"nodes":325,"edges":330},[326,329],{"id":310,"type":311,"label":327,"file":155,"line":328},"$_GET",367,{"id":315,"type":316,"label":317,"file":155,"line":229,"wp_function":318},[331],{"from":310,"to":315,"sanitized":192},{"entryPoint":333,"graph":334,"unsanitizedCount":24,"severity":346},"\u003Cpbp-newsticker> (pbp-newsticker.php:0)",{"nodes":335,"edges":342},[336,337,338,340],{"id":310,"type":311,"label":312,"file":155,"line":313},{"id":315,"type":316,"label":317,"file":155,"line":219,"wp_function":318},{"id":339,"type":311,"label":327,"file":155,"line":328},"n2",{"id":341,"type":316,"label":317,"file":155,"line":229,"wp_function":318},"n3",[343,345],{"from":310,"to":315,"sanitized":344},true,{"from":339,"to":341,"sanitized":344},"low",{"entryPoint":348,"graph":349,"unsanitizedCount":24,"severity":346},"save_from_post (pbpnewsticker.class.php:453)",{"nodes":350,"edges":356},[351,353],{"id":310,"type":311,"label":312,"file":246,"line":352},456,{"id":315,"type":316,"label":354,"file":246,"line":243,"wp_function":355},"wp_redirect() [Open Redirect]","wp_redirect",[357],{"from":310,"to":315,"sanitized":344},{"entryPoint":359,"graph":360,"unsanitizedCount":24,"severity":346},"\u003Cpbpnewsticker.class> (pbpnewsticker.class.php:0)",{"nodes":361,"edges":364},[362,363],{"id":310,"type":311,"label":312,"file":246,"line":352},{"id":315,"type":316,"label":354,"file":246,"line":243,"wp_function":355},[365],{"from":310,"to":315,"sanitized":344},{"summary":367,"deductions":368},"The \"pbp-newsticker\" v1.3.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerabilities or CVEs, suggesting a generally stable and well-maintained codebase historically. It also performs external HTTP requests and uses jQuery, which are common in WordPress plugins.\n\nHowever, significant security concerns arise from the static analysis. The plugin has an unprotected AJAX handler, which represents a direct entry point for attackers that lacks authentication. Furthermore, a substantial 50% of its output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also indicates two flows with unsanitized paths, though these are not classified as critical or high severity, they still represent potential weaknesses if they interact with user-supplied data.\n\nWhile the lack of historical vulnerabilities is a strength, the current static analysis findings, particularly the unauthenticated AJAX handler and widespread unescaped output, present immediate and tangible risks. The plugin's overall security is compromised by these specific weaknesses, despite its adherence to some secure coding practices and its clean vulnerability history.",[369,372,375],{"reason":370,"points":371},"Unprotected AJAX handler",7,{"reason":373,"points":374},"50% of outputs not properly escaped",15,{"reason":376,"points":30},"Flows with unsanitized paths","2026-04-16T11:54:29.310Z",{"wat":379,"direct":393},{"assetPaths":380,"generatorPatterns":388,"scriptPaths":389,"versionParams":390},[381,382,383,384,385,386,387],"\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fjs\u002FpbpNewsticker.js","\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fcss\u002FpbpNewsticker.css","\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fmedia\u002FpbpNewsticker\u002Fskins\u002Fdark.css","\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fmedia\u002FpbpNewsticker\u002Fskins\u002Fgreen.css","\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fmedia\u002FpbpNewsticker\u002Fskins\u002Fblue.css","\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fmedia\u002FpbpNewsticker\u002Fskins\u002Fred.css","\u002Fwp-content\u002Fplugins\u002Fpbp-newsticker\u002Fmedia\u002FpbpNewsticker\u002Fskins\u002Fyellow.css",[],[381],[391,392],"pbp-newsticker\u002Fjs\u002FpbpNewsticker.js?ver=","pbp-newsticker\u002Fcss\u002FpbpNewsticker.css?ver=",{"cssClasses":394,"htmlComments":396,"htmlAttributes":397,"restEndpoints":398,"jsGlobals":399,"shortcodeOutput":400},[395],"pbp-newsticker-container",[],[],[],[],[401],"[newsticker",{"error":344,"url":403,"statusCode":404,"statusMessage":405,"message":405},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpbp-newsticker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":407,"versions":408},4,[409,416,423,430],{"version":410,"download_url":411,"svn_tag_url":412,"released_at":25,"has_diff":192,"diff_files_changed":413,"diff_lines":25,"trac_diff_url":414,"vulnerabilities":415,"is_current":192},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpbp-newsticker.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpbp-newsticker\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpbp-newsticker%2Ftags%2F1.2&new_path=%2Fpbp-newsticker%2Ftags%2F1.3.1",[],{"version":417,"download_url":418,"svn_tag_url":419,"released_at":25,"has_diff":192,"diff_files_changed":420,"diff_lines":25,"trac_diff_url":421,"vulnerabilities":422,"is_current":192},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpbp-newsticker.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpbp-newsticker\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpbp-newsticker%2Ftags%2F1.1&new_path=%2Fpbp-newsticker%2Ftags%2F1.2",[],{"version":424,"download_url":425,"svn_tag_url":426,"released_at":25,"has_diff":192,"diff_files_changed":427,"diff_lines":25,"trac_diff_url":428,"vulnerabilities":429,"is_current":192},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpbp-newsticker.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpbp-newsticker\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpbp-newsticker%2Ftags%2F1.0&new_path=%2Fpbp-newsticker%2Ftags%2F1.1",[],{"version":39,"download_url":431,"svn_tag_url":432,"released_at":25,"has_diff":192,"diff_files_changed":433,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":434,"is_current":192},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpbp-newsticker.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpbp-newsticker\u002Ftags\u002F1.0\u002F",[],[]]