[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fI2n2n4SYMRMDbLfy9cRay-bWgAuSgg32IRyHATMnn7c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":194},"php-widgetify","PHP-Widgetify","1.0","RMWebsec","https:\u002F\u002Fprofiles.wordpress.org\u002Frmwebsec\u002F","\u003Cp>Like a normal text widget this allows you to easily post text and HTML, but\u003Cbr \u002F>\nnow you can execute PHP too!\u003Cbr \u002F>\nThis makes merging with other themes easier.\u003C\u002Fp>\n\u003Cp>!IMPORTANT! You must use  tags for the code to be\u003Cbr \u002F>\nrecognized.\u003C\u002Fp>\n","Execute HTML, Text or PHP fast and easy with this Widgetify-widget.",40,6488,0,"2009-11-08T13:55:00.000Z","2.9.2","2.8","",[19,20,21,22,23],"execute","html","php","text","widget","http:\u002F\u002Frmwebsec.com\u002Fportfolio","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphp-widgetify.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"rmwebsec",1,30,84,"2026-04-05T02:42:46.737Z",[37,59,79,98,113],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"reve-dynamic-widget","Reve Dynamic Widget","1.7.0","Fernando García","https:\u002F\u002Fprofiles.wordpress.org\u002Fpromostudio\u002F","\u003Cp>Reve Dynamic Widget is a extended WordPress text widget that evaluates any content type (text, HTML, Javascript, PHP or shortcodes) and shows it in the posts and pages you want.\u003C\u002Fp>\n\u003Cp>It is totally free, very light-weight, fast, easy to use and versatile.\u003C\u002Fp>\n\u003Cp>This plugin is translation ready (pot file included) and translated to spanish. Translations to other languages are welcome.\u003C\u002Fp>\n\u003Ch3>Editor features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The “Show title” option allows you to show or hide the widget title in the frontend.\u003C\u002Fli>\n\u003Cli>As the core text widget, you can format the content with the “Add paragraphs automatically” option.\u003C\u002Fli>\n\u003Cli>You can enter only text as content, or any HTML, CSS, Javascript and\u002For PHP code.\u003C\u002Fli>\n\u003Cli>Also you can enter any shortcode that you normally use in your posts or pages.\u003C\u002Fli>\n\u003Cli>Activate the “Evaluate content with PHP” option to enable the PHP interpreter.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Filter options\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Show or hide the widget by template options: show in front page, blog page, posts, pages, archive, search and error pages.\u003C\u002Fli>\n\u003Cli>Use the “Exclude posts or pages” option to hide the widget in certain posts or pages, when show in post and\u002For in pages are activated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>To insert PHP code\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>PHP code must be correct and used within the open and close PHP tags: \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Note that any PHP code is executed in the scope of a PHP function, but you can do almost everything that you can do with PHP. So only administrators with PHP knowledges must use this feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin uses the native PHP \u003Ccode>eval()\u003C\u002Fcode> function with the error control operator \u003Ccode>@\u003C\u002Fcode>, to prevent error messages and broken pages. So if you don’t see your PHP output it is probably because your code have mistakes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>And don’t forget to activate the “Evaluate with PHP” option, that is disabled by default.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Need help?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>For help use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Freve-dynamic-widget\u002F\" rel=\"ugc\">WordPress Support\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Also you can \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Freve-dynamic-widget\u002Freviews\u002F#new-post\" rel=\"ugc\">write a review\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Freve-dynamic-widget\u002Freviews\u002F\" rel=\"ugc\">If you like this plugin, give us a five stars rating clicking here.\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.promostudio.es\u002Fsupport-revedw\" rel=\"nofollow ugc\">If you make this plugin profitable, give us any Paypal donation clicking here.\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Add any text, HTML, CSS, Javascript and\u002For PHP code, and show it in the pages you want.",10,1812,100,3,"2021-02-01T23:38:00.000Z","5.6.0","4.0","5.6",[54,55,56,23],"html-widget","php-widget","text-widget","https:\u002F\u002Fpromostudio.es","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freve-dynamic-widget.1.7.0.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":51,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"code-widget","Code Widget","1.0.15","Sharaz Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharaz\u002F","\u003Cp>Code Widget is simple widget allows you to insert any arbitrary Text\u002FHTML  and run  PHP Code or Short Code. This Widget parses PHP code  into simple text and much more.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003Cbr \u002F>\nThis plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsharazghouri1\" rel=\"nofollow ugc\">Sharaz Shahid\u003C\u002Fa>\u003C\u002Fp>\n","Code widget help  to  add  Short Code, PHP Code, HTML, and Simple Text in widget.",4000,60271,98,35,"2022-06-11T11:06:00.000Z","6.1.0","7.0",[75,20,21,76,23],"code","short-code","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-widget.1.0.15.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":52,"tags":92,"homepage":96,"download_link":97,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"class-widget-ats-text","widget text class ats","8.8.5","mishaATs","https:\u002F\u002Fprofiles.wordpress.org\u002Faleksats\u002F","\u003Cp>Простой текстовый виджет позволит вам запускать PHP и шорткод (shortcode) сразу после активации плагина widget text class ats (WordPress виджет по умолчанию этого не позволяет!)- widget text class ats совместим с новыми виджетами! Удобный вариант классического текстового виджета (без редакторов) после обновления WordPress 4.8.\u003Cbr \u002F>\nA simple text widget will allow you to run PHP and short code (shortcode), immediately after activation of the plugin widget text class ats (in WordPress 4.8 editors added!) – Compatibility with new widgets!\u003Cbr \u002F>\nA convenient way to install classic text widget (without editors after updating WordPress with 4.8)\u003C\u002Fp>\n\u003Ch3>Tags\u003C\u002Fh3>\n\u003Cp>is PHP in widgets, text php editor, text php widget, simple php text widget, widget text class ats\u003C\u002Fp>\n\u003Ch3>8.8.5\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>8.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>8.0\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.9\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.8\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.5\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.4\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.7.7\u003C\u002Fh3>\n\u003Cp>prevention\u003C\u002Fp>\n\u003Ch3>7.7.5\u003C\u002Fh3>\n\u003Cp>prevention\u003C\u002Fp>\n\u003Ch3>7.7.3\u003C\u002Fh3>\n\u003Cp>prevention and tested with WordPress version 4.9\u003C\u002Fp>\n\u003Ch3>7.4.8\u003C\u002Fh3>\n\u003Cp>Added folder for extensions mih-alica and files\u003C\u002Fp>\n\u003Ch3>7.4.7\u003C\u002Fh3>\n\u003Cp>Now (2) the plugin knows himself to work out the php code in the widget and work with shortcode!!\u003Cbr \u002F>\nadded file 2 and folder mih-alica\u003C\u002Fp>\n\u003Ch4>0.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ADD: Russian localization\u003C\u002Fli>\n\u003C\u002Ful>\n","Простой текстовый виджет позволит вам запускать PHP и шорткод (shortcode) сразу после активации плагина widget text class ats (WordPress виджет по умо &hellip;",80,4354,"2025-12-13T05:09:00.000Z","6.9.4","3.0",[93,94,95,56],"is-php-in-widgets","text-php-editor","text-php-widget","https:\u002F\u002Fmihalica.ru\u002Fproduct\u002Fplagin-mats-widget-privyichnyiy-tekstovyiy-vidzhet-bez-redaktora\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclass-widget-ats-text.zip",{"slug":99,"name":100,"version":6,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":13,"num_ratings":13,"last_updated":107,"tested_up_to":108,"requires_at_least":16,"requires_php":17,"tags":109,"homepage":111,"download_link":112,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"safe-php-code-widget","Safe PHP Code Widget","k0tik","https:\u002F\u002Fprofiles.wordpress.org\u002Fk0tik\u002F","\u003Cp>The usual Text widget allows you to insert arbitrary Text and\u002For HTML code. This allows that too, but also parses any PHP or JavaScript code in the text widget and executes it.\u003C\u002Fp>\n\u003Cp>This plugin is based on “PHP Code Widget”, but now available for use by site administrators ONLY, which makes it more secure.\u003C\u002Fp>\n\u003Cp>All PHP code must be enclosed in the standard php opening and closing tags ( \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode> ) for it to be recognized and executed. Also JavaScript code must be enclosed in the \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003C\u002Fscript>\u003C\u002Fcode> tags, as usual.\u003C\u002Fp>\n","Adds a secure and simple widget in which you can use PHP and JavaScript code. Also you can use unfiltered HTML or just Text. Admin Use Only.",70,2248,"2019-01-09T01:28:00.000Z","5.0.25",[75,20,110,21,23],"javascript","https:\u002F\u002Fnewbiz.online\u002Fwp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-php-code-widget.zip",{"slug":114,"name":115,"version":116,"author":114,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":51,"requires_php":17,"tags":126,"homepage":131,"download_link":132,"security_score":133,"vuln_count":134,"unpatched_count":134,"last_vuln_date":135,"fetched_at":28},"richtexteditor","Rich Text Editor","1.0.1","https:\u002F\u002Fprofiles.wordpress.org\u002Frichtexteditor\u002F","\u003Cp>Rich Text Editor for WordPress [Rich Text Editor for WordPress](http:\u002F\u002Fphphtmleditor.com\u002Fwordpress\u002F “Rich Text Editor for WordPress”1) is by far the fastest, cleanest, most powerful online wysiwyg content editor. It replaces default WordPress wysiwyg(what you see is what you get) editor with a more advanced wysiwyg editor.\u003C\u002Fp>\n\u003Ch4>Some of the features added by this plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for creating and editing tables.\u003C\u002Fli>\n\u003Cli>More options when inserting lists.\u003C\u002Fli>\n\u003Cli>Search and Replace in the editor.\u003C\u002Fli>\n\u003Cli>Ability to set Font Family and Font Size.\u003C\u002Fli>\n\u003Cli>And many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Rich Text Editor toolbar is completely configurable and it is also effortless to implement. This Advanced WordPress Editor plug-in is compatible with the WordPress v. 3.0+.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>#1 cross-browser support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most available RTEs fail to support the full spectrum of A-Grade web browsers. Following 9 year old tradition of industry #1 cross-browser support, Rich Text Editor for WordPress continues to offer even better quality and compatibility by supporting all major browsers: IE 6.0+, Firefox 2.0+, Mozilla 1.3+, Netscape 7+, Safari (1.3+), Opera 9.0, IE 9 and Chrome.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cleanest html code\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most WYSIWYG editors are just JavaScript wrappers around the editing control built into browsers such as MSHTML control found in IE. They generate bad markups and then run code clean-up routines against it. By contrast, Rich Text Editor for WordPress is built from the ground up to be a true XHTML editor in its own right.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Extremely small and fast\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Most feature-rich WYSIWYG editors suffer long loading times due to large javascript files. Rich Text Editor for WordPress only loads the necessaery scripts to client browsers. Numerous optimization methods have been applied. It’s clean, compact, extremely fast-loading, but still powerful and efficient.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Insert clean HTML from Microsoft Word\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>High Reliability, Scalability and High Load Support\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When text is pasted from Microsoft Word a lot of unnecessary word specific markup is carried across. This can result in web pages that take an unnecessarily long time to download. The Paste from Word button solves this by removing word markup before pasting the text into your page\u003C\u002Fp>\n\u003Cp>Try Demo now! \u003Ca href=\"http:\u002F\u002Fphphtmleditor.com\u002Fdemo\u002F\" title=\"RTE DEMO\" rel=\"nofollow ugc\">RTE DEMO\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Take a tour to see why you need RichTextEditor on your website: http:\u002F\u002Fphphtmleditor.com\u002Fscreenshots.html\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>http:\u002F\u002Fphphtmleditor.com\u002Fscreenshots.html\u003C\u002Fp>\n","This plugin integrates your Wordpress with RichTextEditor - the most powerful online wysiwyg content editor.",60,74079,64,22,"2016-12-31T04:52:00.000Z","4.7.32",[127,128,129,114,130],"php-editor","php-html-editor","rich-text-editor","wysiwyg-editor","http:\u002F\u002Fphphtmleditor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frichtexteditor.zip",43,2,"2025-04-02 00:00:00",{"attackSurface":137,"codeSignals":149,"taintFlows":180,"riskAssessment":181,"analyzedAt":193},{"hooks":138,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":13,"unprotectedCount":13},[139],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","widgets_init","anonymous","execphp.php",61,[],[],[],[],{"dangerousFunctions":150,"sqlUsage":154,"outputEscaping":156,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":32,"bundledLibraries":179},[151],{"fn":152,"file":143,"line":144,"context":153},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"PHP_Widgetify\");'));",{"prepared":13,"raw":13,"locations":155},[],{"escaped":134,"rawEcho":157,"locations":158},12,[159,162,164,166,168,170,171,173,174,175,177,178],{"file":143,"line":160,"context":161},23,"raw output",{"file":143,"line":163,"context":161},24,{"file":143,"line":165,"context":161},32,{"file":143,"line":167,"context":161},51,{"file":143,"line":169,"context":161},52,{"file":143,"line":169,"context":161},{"file":143,"line":172,"context":161},54,{"file":143,"line":172,"context":161},{"file":143,"line":172,"context":161},{"file":143,"line":176,"context":161},56,{"file":143,"line":176,"context":161},{"file":143,"line":176,"context":161},[],[],{"summary":182,"deductions":183},"The static analysis of php-widgetify v1.0 reveals a mixed security posture. On one hand, the plugin demonstrates good practices by having no observed AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface. Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests. However, the presence of one instance of the `create_function` dangerous function is a significant concern. This function is known to be insecure and can lead to code injection vulnerabilities if user-supplied data is used within it without proper sanitization.\n\nThe output escaping percentage is notably low at 14%, indicating a high risk of cross-site scripting (XSS) vulnerabilities where dynamic content is displayed to users without sufficient sanitization. The absence of nonce checks on any entry points, coupled with only one capability check, suggests that authentication and authorization might be weak for any code that does execute.\n\nThe vulnerability history for php-widgetify is clean, with zero recorded CVEs. This absence of past vulnerabilities is positive, but it does not negate the inherent risks identified in the static analysis. The low output escaping and the presence of `create_function` are direct code-level concerns that require attention, regardless of historical exploits. Overall, while the plugin has a minimal attack surface, the identified code quality issues, particularly concerning output escaping and the use of a dangerous function, present clear security weaknesses that should be addressed.",[184,187,190],{"reason":185,"points":186},"Use of dangerous function 'create_function'",15,{"reason":188,"points":189},"Low output escaping percentage (14%)",8,{"reason":191,"points":192},"No nonce checks on entry points",5,"2026-03-16T22:16:59.656Z",{"wat":195,"direct":200},{"assetPaths":196,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[],[],[],[],{"cssClasses":201,"htmlComments":203,"htmlAttributes":204,"restEndpoints":205,"jsGlobals":206,"shortcodeOutput":207},[202],"execphpwidget",[],[],[],[],[]]