[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAo6dqlcRxqviWoUUqi5ZxhhuhsyBRL1tfn_oEP_WR2E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":138,"fingerprints":267},"penanggalan-hijriyah-masehi","Penanggalan Hijriyah & Masehi","2.0","Darto KLoning","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarto\u002F","\u003Cp>Terkadang sering kita bertanya pada diri kita sendiri, sekarang tanggal berapa yah kalau di tahun Hijriyah?\u003Cbr \u002F> \u003Cem>Have you wonder what day now in hijri?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Dengan plugin ini anda akan dibantu untuk memudahkan mengetahuinya dan Insya Allah tidak akan lupa lagi, karena setiap anda membuka blog, anda bisa melihat penanggalan Hijriyah dan masehi.\u003Cbr \u002F> \u003Cem>With this plugin you will be helped to know it and never wonder again to know hijr dates, Insha Allah.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Plugin ini sangat flexible, karena anda bisa menyesuaikan perhitungan yang ada. Dan langkahnya pun mudah karena anda cukup mengaturnya melalui panel yang sudah disediakan. Begitu juga jika anda ingin merubah pemisah (separator) antara tanggal Hijriyah dan masehi ataupun ingin mempercantik tampilan penanggalan Hijriyah dan masehi di blog anda dengan menggunakan CSS.\u003Cbr \u002F> \u003Cem>This plugin is so flexible, coz you can adjust the hijr date by the panel. Not just the date you can customize the separator between hijri date and gregorian date or even you can stylized the date with CSS.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Semoga bermanfaat.\u003Cbr \u002F>\u003Cem>Hope useful\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Anda juga bisa mencoba plugin lainnya yang tidak jauh lebih menarik lagi, yaitu \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Farabic-font\u002F\" rel=\"ugc\">WordPress Arabic Font Plugin\u003C\u002Fa>\u003Cbr \u002F> \u003Cem>You can try another interesting plugin to stylized Arabic font with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Farabic-font\u002F\" rel=\"ugc\">WordPress Arabic Font Plugin\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n","Memudahkan anda untuk menampilkan penanggalan Hijriyah & Masehi \u002F\u002F Easy to add Hijri and Gregorian dates",10,2221,0,"2014-10-31T07:10:00.000Z","4.0.38","3.0","",[19,20,21,22,23],"arab","arabic","hijri","penanggalan","tanggal","http:\u002F\u002Fwww.kloningspoon.com\u002Fpenanggalan-hijriyah-masehi\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpenanggalan-hijriyah-masehi.2.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"darto",2,20,30,84,"2026-04-04T22:04:58.166Z",[38,58,74,96,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-hijri-calendar","Simple Hijri Calendar","2.1.2","Tommy","https:\u002F\u002Fprofiles.wordpress.org\u002Ftompradana\u002F","\u003Cp>“Simple Hijri Calendar” is a very simple, light and easy to use wordpress plugin that allows you to show curent hijri date. Just instal and active plugin. Then drag and drop “Simple Hijri Calendar” widget in your widget area!.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Date format\u003C\u002Fli>\n\u003Cli>Arabic or English text\u003C\u002Fli>\n\u003Cli>Google arabic font\u003C\u002Fli>\n\u003Cli>Translation ready\u003C\u002Fli>\n\u003Cli>Easy to style\u003C\u002Fli>\n\u003Cli>Time based background image\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>http:\u002F\u002Faziz.oraij.com\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.phpclasses.org\u002Fcontact\u002Fpackage\u002F6626.html\u003C\u002Fli>\n\u003C\u002Ful>\n","Very simple hijri calendar widget plugin.",90,3427,100,3,"2016-10-20T15:15:00.000Z","4.6.30","3.9",[54,55,21],"arabic-calendar","calendar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-hijri-calendar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-hijri-calendar.zip",{"slug":21,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":11,"downloaded":65,"rating":48,"num_ratings":32,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":72,"download_link":73,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"Hijri","1.1","holooli","https:\u002F\u002Fprofiles.wordpress.org\u002Fholooli\u002F","\u003Cp>Display Hijri and\u002For Gregorian dates on your blog.\u003C\u002Fp>\n","Display Hijri and\u002For Gregorian dates on your blog.",6374,"2011-02-05T13:42:00.000Z","3.1.4","2.5",[20,55,70,71,21],"date","gregorian","http:\u002F\u002Fkhaledalhourani.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhijri.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":17,"download_link":94,"security_score":95,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"ltrrtl-admin-content","LTR  RTL Admin content","0.6.6","Ronny Sherer","https:\u002F\u002Fprofiles.wordpress.org\u002Fronshe\u002F","\u003Cp>Enable LTR in admin content area. Click the admin bar button to switch between RTL & LTR. This plugin adds a button to  the admin bar. Clicking the button switches between RTL & LTR text direction of current page content only. The LTR\u002FRTL state is saved in current browser only.\u003C\u002Fp>\n","Enable LTR in admin content area. Click the admin bar button to switch between RTL & LTR.",4000,58108,94,14,"2024-07-06T09:10:00.000Z","6.6.5","3.6",[90,20,91,92,93],"admin","farsi","hebrew","rtl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fltrrtl-admin-content.0.6.6.zip",92,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":48,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":115,"download_link":116,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"widget-visibility-time-scheduler","Widget Visibility Time Scheduler","5.3.13","Kybernetik Services","https:\u002F\u002Fprofiles.wordpress.org\u002Fkybernetikservices\u002F","\u003Cp>Widget Visibility Time Scheduler displays and hides widgets based on desired date, time and weekday automatically.\u003C\u002Fp>\n\u003Cp>Try it out on your free demo site https:\u002F\u002Fdemo.tastewp.com\u002Fwidget-visibility-time-scheduler\u003C\u002Fp>\n\u003Cp>The plugin is available in English, Spanish (Español), German (Deutsch), Brazilian Portuguese (Português do Brasil), Persian (Farsi), Hungarian (Magyar), Arabic (العربية), Polish (Polski) and Catalan (Català). It does not collect any personal data, so it is ready for EU General Data Protection Regulation (GDPR) compliance.\u003C\u002Fp>\n\u003Cp>NOTE: Widget Visibility Time Scheduler is currently NOT compatible with WordPress 5.8 introduced block-based widgets editor. If you have already updated to WordPress 5.8, or you want to do this, but you want to still use Widget Visibility Time Scheduler you need to switch back to the classic widget editor. For this we provided a new setting page where you can do this.\u003Cbr \u002F>\nIf you don’t want to do this, Widget Visibility Time Scheduler is not the right plugin for you.\u003C\u002Fp>\n\u003Ch3>Compatibility with block based widgets\u003C\u002Fh3>\n\u003Cp>With WordPress 5.8 the block based widgets were introduced. The technique behind these new widget concept is more complex. One of the changes is, the widgets are now using API call to display.\u003Cbr \u002F>\nExtensive programming is required to prepare Widget Visibility Time Scheduler for this new feature. Nothing I could do in the short time I was able to test this feature.\u003Cbr \u002F>\nEven so, Widget Visibility Time Scheduler works with WordPress 5.8 and higher. The only adjustment you need to make is to turn off the block-based widgets for a while.\u003Cbr \u002F>\nAs known from the Gutenberg block editor, there is also a plug-in to deactivate the block-based widgets.\u003C\u002Fp>\n\u003Cp>Please download, install and activate \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F\" rel=\"ugc\">Classic Widgets\u003C\u002Fa> from wordpress.org and switch back to the usual widget area.\u003C\u002Fp>\n\u003Cp>I’m working hard to make Widget Visibility Time Scheduler compatible for the block based widgets. It takes some time to provide a stable and error-free code base.\u003Cbr \u002F>\nStay tuned for a brand-new version soon. And thank you for your understanding.\u003C\u002Fp>\n\u003Ch4>What users said\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>“&hellip;a handy tool&hellip;”\u003C\u002Fstrong> in \u003Ca href=\"http:\u002F\u002Fwww.wpsolver.com\u002Fwidget-visibility-time-scheduler\u002F\" rel=\"nofollow ugc\">Make WP Widgets Visible Based On Date\u003C\u002Fa> by WordPress Jedi on March 10th, 2016.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“The plugin is perfect for seasonal widgets, temporary sales\u002Fpromotions, events, live chat buttons, and any other time\u002Fdate-dependent content.”\u003C\u002Fstrong> in \u003Ca href=\"http:\u002F\u002Fwptavern.com\u002Fcontrol-the-visibility-of-wordpress-widgets-based-on-time-and-date\" rel=\"nofollow ugc\">Control the Visibility of WordPress Widgets Based on Time and Date\u003C\u002Fa> by Sarah Gooding on January 5, 2015.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Show and hide widgets within a desired period and at given weekdays\u003C\u002Fh4>\n\u003Cp>The Widget Visibility Time Scheduler enables you to set the period and weekdays of the visibility of each widget easily. You can set to show or to hide the widget during schedule. It is available in english, german, spanish, brazilian portuguese, persian, hungarian and arabic language.\u003C\u002Fp>\n\u003Ch4>Daytime version available in the Pro version\u003C\u002Fh4>\n\u003Cp>If you want to schedule the visibility based on the daytime of each weekday \u003Ca href=\"https:\u002F\u002Fwww.kybernetik-services.com\u002Fshop\u002Fwordpress\u002Fplugin\u002Fwidget-visibility-time-scheduler-pro\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=widget-visibility-time-scheduler&utm_content=update-notice-readme\" rel=\"nofollow ugc\">go to the Pro version of the plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Automatic cache clearing available in the Pro version\u003C\u002Fh4>\n\u003Cp>Doesn’t the activated cache react when a widget is hidden or displayed by the scheduler? So if you want the cache to empty\u002Fclear\u002Fpurge\u002Fflush automatically, the Pro version is the right tool for you.\u003C\u002Fp>\n\u003Cp>Widget Visibility Time Scheduler Pro clears the cache of the following plugins automatically:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Autoptimize\u003C\u002Fli>\n\u003Cli>Cache Enabler\u003C\u002Fli>\n\u003Cli>Hummingbird\u003C\u002Fli>\n\u003Cli>W3 Total Cache\u003C\u002Fli>\n\u003Cli>WP Fastest Cache\u003C\u002Fli>\n\u003Cli>WP Optimize\u003C\u002Fli>\n\u003Cli>WP Super Cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.kybernetik-services.com\u002Fshop\u002Fwordpress\u002Fplugin\u002Fwidget-visibility-time-scheduler-pro\u002F?utm_source=wordpress_org&utm_medium=plugin&utm_campaign=widget-visibility-time-scheduler&utm_content=update-notice-readme\" rel=\"nofollow ugc\">Go to the Pro version of the plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility with Jetpack\u003C\u002Fh4>\n\u003Cp>This plugin works perfectly with Jetpack’s “Widget Visibility” module. Both plugins enhance each other to give you great control about when and where to display which widget on your website.\u003C\u002Fp>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>The user interface is available in\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Arabic (العربية), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fsalzard\" rel=\"ugc\">Shadi AlZard\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese (Português do Brasil), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fcristianoalbanop\" rel=\"nofollow ugc\">Christiano Albano P.\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Catalan (Català), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fwww.ibidemgroup.com\u002F\" rel=\"nofollow ugc\">Ibidem Group\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German (Deutsch)\u003C\u002Fli>\n\u003Cli>Greek (Ελληνικά)\u003C\u002Fli>\n\u003Cli>Hungarian (Magyar), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fvalucky\" rel=\"ugc\">V.A.Lucky\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Persian (Farsi), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fasreelm\" rel=\"nofollow ugc\">Sajjad Panahi\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Polish (Polski), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fmarcinmik\" rel=\"ugc\">Marcin Mikolajczyk\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (Español), kindly drawn up by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Felarequi\" rel=\"nofollow ugc\">Eduardo Larequi\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Further translations are welcome. If you want to give in your translation please leave a notice in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwidget-visibility-time-scheduler\" rel=\"ugc\">plugin’s support forum\u003C\u002Fa>.\u003C\u002Fp>\n","Control the visibility of each widget easily based on date, time and weekday.",1000,53272,8,"2025-12-01T17:14:00.000Z","6.9.4","3.5","5.2",[20,112,113,70,114],"brazilian","control","day","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwidget-visibility-time-scheduler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-visibility-time-scheduler.5.3.13.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":48,"num_ratings":32,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":136,"download_link":137,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"khattat-arabic-fonts","Khattat – Arabic Fonts","2.6.0","Mokhtar Bensaid","https:\u002F\u002Fprofiles.wordpress.org\u002Fmokhtarbsaid\u002F","\u003Cp>Choose a beautiful Arabic font for your site from over 110 stunning fonts to enhance user experience.\u003Cbr \u002F>\nCairo, Lateef, Tajawal, Amiri, Rubik, Sky… and others beautiful fonts.\u003C\u002Fp>\n\u003Cp>The new official Saudi font announced has been added.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Beautiful arabic fonts.\u003C\u002Fli>\n\u003Cli>Select custom font for each element: body, h1, h2, h3, h4, h5, h6.\u003C\u002Fli>\n\u003Cli>Translation ready of the plugin strings to arabic see language folder from the plugin root folder.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin helped website owners who have an Arabic language website\u003C\u002Fp>\n\u003Ch4>Font Ressources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffontface.me\" rel=\"nofollow ugc\">Font Face\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffonts.google.com\" rel=\"nofollow ugc\">Google Fonts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>My GitHub Repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmokhtarbsaid\u002Fsaudi-font\" rel=\"nofollow ugc\">Saudi Font\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>My GitHub Repository \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmokhtarbsaid\u002Frare-arabic-fonts\" rel=\"nofollow ugc\">Rare Arabic Fonts\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003C\u002Ful>\n","Choose a beautiful Arabic font for your site from over 110 stunning fonts to enhance user experience.",500,3615,"2025-08-13T05:21:00.000Z","6.7.5","5.8","7.4",[20,132,133,134,135],"fonts","%d8%a7%d9%84%d8%b9%d8%b1%d8%a8%d9%8a%d8%a9","%d8%ae%d8%b7%d9%88%d8%b7","%d8%ae%d8%b7%d9%88%d8%b7-%d8%b9%d8%b1%d8%a8%d9%8a%d8%a9","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fkhattat-arabic-fonts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkhattat-arabic-fonts.2.6.0.zip",{"attackSurface":139,"codeSignals":168,"taintFlows":226,"riskAssessment":253,"analyzedAt":266},{"hooks":140,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":166,"entryPointCount":167,"unprotectedCount":13},[141,147,151,155],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","widgets_init","PHM_load_widget","tanggalan.php",307,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_menu","PHM_add_settings_page",340,{"type":142,"name":152,"callback":153,"file":145,"line":154},"admin_head","PHM_admin_script",341,{"type":142,"name":156,"callback":157,"file":145,"line":158},"wp_head","PHM_scripts",342,[],[],[162],{"tag":163,"callback":164,"file":145,"line":165},"hijriyah-masehi","hijr_calendar",335,[],1,{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":225},[],{"prepared":13,"raw":13,"locations":171},[],{"escaped":32,"rawEcho":173,"locations":174},29,[175,178,180,182,184,186,188,189,190,191,192,194,196,197,199,200,201,203,205,206,208,210,212,214,216,218,220,221,223],{"file":145,"line":176,"context":177},135,"raw output",{"file":145,"line":179,"context":177},137,{"file":145,"line":181,"context":177},157,{"file":145,"line":183,"context":177},163,{"file":145,"line":185,"context":177},164,{"file":145,"line":187,"context":177},165,{"file":145,"line":187,"context":177},{"file":145,"line":187,"context":177},{"file":145,"line":187,"context":177},{"file":145,"line":187,"context":177},{"file":145,"line":193,"context":177},166,{"file":145,"line":195,"context":177},173,{"file":145,"line":195,"context":177},{"file":145,"line":198,"context":177},174,{"file":145,"line":198,"context":177},{"file":145,"line":198,"context":177},{"file":145,"line":202,"context":177},175,{"file":145,"line":204,"context":177},185,{"file":145,"line":204,"context":177},{"file":145,"line":207,"context":177},186,{"file":145,"line":209,"context":177},269,{"file":145,"line":211,"context":177},271,{"file":145,"line":213,"context":177},274,{"file":145,"line":215,"context":177},275,{"file":145,"line":217,"context":177},289,{"file":145,"line":219,"context":177},290,{"file":145,"line":219,"context":177},{"file":145,"line":222,"context":177},319,{"file":145,"line":224,"context":177},321,[],[227,245],{"entryPoint":228,"graph":229,"unsanitizedCount":32,"severity":244},"PHM_settings_page (tanggalan.php:110)",{"nodes":230,"edges":241},[231,236],{"id":232,"type":233,"label":234,"file":145,"line":235},"n0","source","$_REQUEST[?] (x2)",117,{"id":237,"type":238,"label":239,"file":145,"line":235,"wp_function":240},"n1","sink","update_option() [Settings Manipulation]","update_option",[242],{"from":232,"to":237,"sanitized":243},false,"low",{"entryPoint":246,"graph":247,"unsanitizedCount":32,"severity":244},"\u003Ctanggalan> (tanggalan.php:0)",{"nodes":248,"edges":251},[249,250],{"id":232,"type":233,"label":234,"file":145,"line":235},{"id":237,"type":238,"label":239,"file":145,"line":235,"wp_function":240},[252],{"from":232,"to":237,"sanitized":243},{"summary":254,"deductions":255},"The \"penanggalan-hijriyah-masehi\" plugin v2.0 exhibits a generally good security posture with no recorded vulnerabilities or CVEs. The static analysis reveals no dangerous functions, no SQL queries that are not prepared statements, and no file operations or external HTTP requests, all of which are positive security indicators. The limited attack surface, with only one shortcode and no unprotected entry points, further contributes to its perceived safety.\n\nHowever, there are significant concerns regarding output escaping and taint analysis. A mere 6% of outputs are properly escaped, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while not yielding critical or high severity issues, did find two flows with unsanitized paths, suggesting potential for data manipulation or unintended behavior if these paths are exploited, even if the immediate impact is not severe. The absence of nonce checks and capability checks, while not directly leading to a deduction based on the limited entry points, is a general weakness that could be exploited if the attack surface were to expand or if new entry points were introduced in future versions.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and a small, seemingly well-controlled attack surface, the severe lack of output escaping is a critical flaw that exposes users to XSS attacks. The unsanitized taint flows, though not currently critical, warrant attention. Developers should prioritize addressing the output escaping issues and carefully review the identified taint flows.",[256,259,261,264],{"reason":257,"points":258},"Low percentage of properly escaped output",15,{"reason":260,"points":106},"Taint flows with unsanitized paths",{"reason":262,"points":263},"Missing nonce checks",5,{"reason":265,"points":263},"Missing capability checks","2026-03-16T23:48:28.947Z",{"wat":268,"direct":277},{"assetPaths":269,"generatorPatterns":272,"scriptPaths":273,"versionParams":274},[270,271],"\u002Fwp-content\u002Fplugins\u002Fpenanggalan-hijriyah-masehi\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fpenanggalan-hijriyah-masehi\u002Fjs\u002Fscript.js",[],[271],[275,276],"penanggalan-hijriyah-masehi\u002Fstyle.css?ver=","penanggalan-hijriyah-masehi\u002Fjs\u002Fscript.js?ver=",{"cssClasses":278,"htmlComments":282,"htmlAttributes":283,"restEndpoints":291,"jsGlobals":292,"shortcodeOutput":293},[279,280,281],"hijriyah","masehi","separator",[],[284,285,286,287,288,289,290],"PHM_adjust","PHM_separator","PHM_style","PHM_hijrday","PHM_hijrmonth","PHM_masehiday","PHM_masehimonth",[],[],[]]