[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH4SQplWwWCeW20Tc8FFTcJHHSeuWLdeSv_9wHCrURZ4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":142,"fingerprints":192},"php-code-widget","PHP Code Widget","2.4","Samuel Wood (Otto)","https:\u002F\u002Fprofiles.wordpress.org\u002Fotto42\u002F","\u003Cp>The normal Text widget allows you to insert arbitrary Text and\u002For HTML code. This allows that too, but also parses any PHP code in the text widget and executes it.\u003C\u002Fp>\n\u003Cp>This can make it easier to migrate to a widget-based theme. However, this plugin should not be used long term, as anybody with access to edit the widgets on your site will be able to execute arbitrary PHP code.\u003C\u002Fp>\n\u003Cp>All PHP code must be enclosed in the standard php opening and closing tags ( \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode> ) for it to be recognized and executed.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003C\u002Fp>\n","Like the Text widget, but also allows working PHP code to be inserted.",90000,994300,94,61,"2022-03-30T16:55:00.000Z","5.9.13","2.8","",[20,21,22],"execphp","php","widget","http:\u002F\u002Fottopress.com\u002Fwordpress-plugins\u002Fphp-code-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphp-code-widget.2.4.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"otto42",9,166640,87,3759,70,"2026-04-04T04:13:54.520Z",[39,65,87,107,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":26,"last_vuln_date":64,"fetched_at":28},"error-log-monitor","Error Log Monitor","1.7.12","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>This plugin adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send you email notifications about newly logged errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically detects error log location.\u003C\u002Fli>\n\u003Cli>Explains how to configure PHP error logging if it’s not enabled yet.\u003C\u002Fli>\n\u003Cli>The number of displayed log entries is configurable.\u003C\u002Fli>\n\u003Cli>Sends you email notifications about logged errors (optional).\u003C\u002Fli>\n\u003Cli>Configurable email address and frequency.\u003C\u002Fli>\n\u003Cli>You can easily clear the log file.\u003C\u002Fli>\n\u003Cli>The dashboard widget is only visible to administrators.\u003C\u002Fli>\n\u003Cli>Optimized to work well even with very large log files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you’ve installed the plugin, go to the Dashboard and enable the “PHP Error Log” widget through the “Screen Options” panel. The widget should automatically display the last 20 lines from your PHP error log. If you see an error message like “Error logging is disabled” instead, follow the displayed instructions to configure error logging.\u003C\u002Fp>\n\u003Cp>Email notifications are disabled by default. To enable them, click the “Configure” link in the top-right corner of the widget and enter your email address in the “Periodically email logged errors to:” box. If desired, you can also change email frequency by selecting the minimum time interval between emails from the “How often to send email” drop-down.\u003C\u002Fp>\n","Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.",20000,631204,86,48,"2025-10-01T15:12:00.000Z","6.8.5","4.5","7.4",[56,57,58,59,21],"admin","administration","dashboard-widget","error-reporting","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2012\u002F07\u002F25\u002Ferror-log-monitor-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ferror-log-monitor.1.7.12.zip",99,1,"2019-02-25 00:00:00",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":75,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":85,"download_link":86,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"code-widget","Code Widget","1.0.15","Sharaz Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharaz\u002F","\u003Cp>Code Widget is simple widget allows you to insert any arbitrary Text\u002FHTML  and run  PHP Code or Short Code. This Widget parses PHP code  into simple text and much more.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003Cbr \u002F>\nThis plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsharazghouri1\" rel=\"nofollow ugc\">Sharaz Shahid\u003C\u002Fa>\u003C\u002Fp>\n","Code widget help  to  add  Short Code, PHP Code, HTML, and Simple Text in widget.",4000,60271,98,35,"2022-06-11T11:06:00.000Z","6.1.0","4.0","7.0",[82,83,21,84,22],"code","html","short-code","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-widget.1.0.15.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":63,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":105,"download_link":106,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"widget-entries","Widget Entries","0.1","marquex","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarquex\u002F","\u003Cp>The text widget that comes with WordPress is one of the its most useful features because of its power and flexibility. It admits HTML code but it is not very comfortable to code in that small box, so that is the reason because some WYSIWYG widgets were created some later, you can add images, and format the text easily.\u003C\u002Fp>\n\u003Cp>But widgets are pieces of our sites intended to change some often, and it would be nice to have revisions, or upload images just for them, use shortcodes… cutting the story short, to \u003Cstrong>handle widgets as they were posts\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Widget Entries plugin creates the Widget post-type in the administration area to make easier the edition of the text widgets, and also register a new widget to import the widget entries easily.\u003C\u002Fp>\n\u003Cp>This way of working has many advantages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can format your widget with the WordPress editor.\u003C\u002Fli>\n\u003Cli>You can upload images directly to be shown in your widgets.\u003C\u002Fli>\n\u003Cli>You can have widgets drafts.\u003C\u002Fli>\n\u003Cli>You can use shortcodes inside your widget.\u003C\u002Fli>\n\u003Cli>You can get back to a previous version of your widgets thanks to the revision feature.\u003C\u002Fli>\n\u003Cli>You can export your widgets contents.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And you have more benefits like \u003Cstrong>using php scripts inside the widgets\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>This is the best way to manage your widgets when your theme has several sidebars, or different sidebars for every page. I recommend to use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcustom-sidebars\u002F\" rel=\"ugc\">Custom Sidebars plugin\u003C\u002Fa> to create and assign sidebars to posts and pages.\u003C\u002Fp>\n\u003Cp>This plugin uses the \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Fvtardia\u002F\" rel=\"nofollow ugc\">vtardia’s\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fimproved-include-page\u002F\" rel=\"ugc\">Improved Include Page Plugin\u003C\u002Fa> to show the Widget posts. Thanks for his outstanding job.\u003C\u002Fp>\n\u003Cp>Translations are welcome! I will write your name down here if you donate your translation work. Thanks very much to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>marquex – English\u003C\u002Fli>\n\u003Cli>marquex – Spanish\u003C\u002Fli>\n\u003C\u002Ful>\n","Widget Entries plugin creates the Widget post-type in the administration area to make easier the edition of the text widgets, and it also register a n …",400,18235,100,"2011-01-24T13:28:00.000Z","3.1.4","3.0",[102,21,103,104,22],"custom-widgets","post-type","sidebars","http:\u002F\u002Fmarquex.posterous.com\u002Fpages\u002Fwidget-entries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-entries.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":26,"num_ratings":26,"last_updated":117,"tested_up_to":118,"requires_at_least":18,"requires_php":18,"tags":119,"homepage":18,"download_link":123,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"dashboard-server-specs","Dashboard Server Specs","1.0.2","Christian Leuenberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fcleuenberg\u002F","\u003Cp>This plugin adds a handy widget to the dashboard displaying several server specifications like the PHP, Zend and MySQL version or the installed OS on your server.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Server information as dashboard widget\u003C\u002Fli>\n\u003Cli>PHP, Zend and MySQL versions\u003C\u002Fli>\n\u003Cli>Server OS\u003C\u002Fli>\n\u003Cli>Type of web server\u003C\u002Fli>\n\u003Cli>WordPress version\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a dashboard widget displaying server specs like current PHP version.",90,2692,"2023-09-11T08:05:00.000Z","6.3.8",[120,121,21,122,22],"apache","dashboard","server","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-server-specs.1.0.2.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":115,"downloaded":132,"rating":26,"num_ratings":26,"last_updated":133,"tested_up_to":99,"requires_at_least":134,"requires_php":18,"tags":135,"homepage":140,"download_link":141,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"gpp-base-hook-widgets","GPP Base Hook Widgets","1.2","Thad Allender","https:\u002F\u002Fprofiles.wordpress.org\u002Fendortrails\u002F","\u003Cp>\u003Cem>GPP Base Hook Widgets\u003C\u002Fem> is a plugin that creates new widget areas for the \u003Ca href=\"http:\u002F\u002Fgraphpaperpress.com\u002Fthemes\u002Fbase\u002F\" rel=\"nofollow ugc\">Base theme\u003C\u002Fa> by \u003Ca href=\"http:\u002F\u002Fgraphpaperpress.com\" rel=\"nofollow ugc\">Graph Paper Press\u003C\u002Fa> and attaches them to the theme’s action hooks.  Basically, it allows you to add widgets pretty much anywhere.\u003C\u002Fp>\n\u003Cp>Typically, to add extra stuff to the theme, you must use one of \u003Cem>Base’s\u003C\u002Fem> action hooks.  This can be quite confusing to some users.  This plugin was created mainly for those users without much PHP knowledge.  It allows them to take advantage of \u003Cem>Base’s\u003C\u002Fem> hook system without the need to understand how it works.  Of course, even advanced users can take advantage of this, especially when dealing with client work.\u003C\u002Fp>\n\u003Cp>This plugin is for \u003Cstrong>WordPress 3.0+ only\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You must have the \u003Ca href=\"http:\u002F\u002Fgraphpaperpress.com\u002Fthemes\u002Fbase\u002F\" rel=\"nofollow ugc\">Base theme\u003C\u002Fa> installed to use it.\u003C\u002Fp>\n","Adds 12 new widget areas to the Base WordPress theme framework using its action hooks.",15676,"2011-04-08T02:17:00.000Z","3.0.4",[136,137,138,22,139],"custom","graphpaperpress","hooks","widgets","http:\u002F\u002Fgraphpaperpress.com\u002Fplugins\u002Fgpp-base-hook-widgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgpp-base-hook-widgets.1.2.zip",{"attackSurface":143,"codeSignals":155,"taintFlows":184,"riskAssessment":185,"analyzedAt":191},{"hooks":144,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":26,"unprotectedCount":26},[145],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","widgets_init","php_code_widget_register","execphp.php",62,[],[],[],[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":63,"bundledLibraries":183},[],{"prepared":26,"raw":26,"locations":158},[],{"escaped":160,"rawEcho":161,"locations":162},2,12,[163,166,168,170,172,174,175,177,178,179,181,182],{"file":149,"line":164,"context":165},24,"raw output",{"file":149,"line":167,"context":165},25,{"file":149,"line":169,"context":165},33,{"file":149,"line":171,"context":165},52,{"file":149,"line":173,"context":165},53,{"file":149,"line":173,"context":165},{"file":149,"line":176,"context":165},55,{"file":149,"line":176,"context":165},{"file":149,"line":176,"context":165},{"file":149,"line":180,"context":165},57,{"file":149,"line":180,"context":165},{"file":149,"line":180,"context":165},[],[],{"summary":186,"deductions":187},"The \"php-code-widget\" plugin v2.4 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the analysis indicates a clean code base with no dangerous functions, no direct external HTTP requests, and the proper use of prepared statements for SQL queries. The presence of a capability check is also a positive sign. However, a significant concern arises from the output escaping, where only 14% of outputs are properly escaped. This could leave the plugin vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not sufficiently sanitized before being displayed.",[188],{"reason":189,"points":190},"Low output escaping percentage",8,"2026-03-16T17:11:16.010Z",{"wat":193,"direct":198},{"assetPaths":194,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[],[],[],[],{"cssClasses":199,"htmlComments":201,"htmlAttributes":202,"restEndpoints":203,"jsGlobals":204,"shortcodeOutput":205},[200],"execphpwidget",[],[],[],[],[]]