[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkCGj5K2QFbtfmhdKp2YB3wGeohEYxOH6rzWrZjSFmB4":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":110,"fingerprints":289},"pinglunla","评论啦系统 Pinglunla Comment System","0.2","https:\u002F\u002Fprofiles.wordpress.org\u002Fpinglunla\u002F","\u003Cp>评论啦可以帮助您实现更加便捷, 更富交互性的评论社区。\u003Cbr \u002F>\n通过评论啦提供的社会化功能, 网站主可以有效的提高用户的活跃度和回访率。\u003Cbr \u002F>\n用户使用评论啦, 可以存储、管理自己在互联网上的评论记录。\u003C\u002Fp>\n\u003Ch4>评论啦WordPress插件\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>可以直接在wordpress后台设置评论参数\u003C\u002Fli>\n\u003Cli>评论内容可以被搜索引擎收录(支持SEO)`\u003C\u002Fli>\n\u003Cli>可一键导入wordpress已有的评论内容\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>论啦功能特色\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>支持评论内容一键导入评论啦, 一键导回wordpress！\u003C\u002Fli>\n\u003Cli>开通了微博同步功能（可自定义）和评论回流功能\u003C\u002Fli>\n\u003Cli>评论分享, 社交网络内广泛传播\u003C\u002Fli>\n\u003Cli>评论和回复的邮件通知\u003C\u002Fli>\n\u003Cli>评论关注, 找到志同道合的人\u003C\u002Fli>\n\u003Cli>评论里可插入多媒体内容\u003C\u002Fli>\n\u003Cli>强大的后台管理工具\u003C\u002Fli>\n\u003Cli>垃圾评论过滤, 黑名单设置\u003C\u002Fli>\n\u003Cli>支持社区小插件, 了解社区动态\u003C\u002Fli>\n\u003Cli>汇集来自各大SNS的用户, 形成大的讨论社区\u003C\u002Fli>\n\u003Cli>为网站带来活跃用户\u003C\u002Fli>\n\u003C\u002Ful>\n","评论啦, 功能强大的社会化评论系统, 提升活跃度, 带流量, 一起发现评论, 发现互联网",10,7601,0,"2012-06-07T04:51:00.000Z","3.3.2","2.0.2","",[18,19,20,21,4],"%e7%a4%be%e4%bc%9a%e5%8c%96%e8%af%84%e8%ae%ba%e7%b3%bb%e7%bb%9f","%e8%af%84%e8%ae%ba","%e8%af%84%e8%ae%ba%e7%ae%a1%e7%90%86","%e8%af%84%e8%ae%ba%e5%95%a6","http:\u002F\u002Fwww.pinglunla.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpinglunla.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":4,"display_name":4,"profile_url":7,"plugin_count":29,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,84,"2026-04-04T23:14:16.089Z",[34,56,74,94],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":12,"num_ratings":12,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":53,"download_link":54,"security_score":55,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"baidu-textcensor","Baidu TextCensor For Comments","1.2.0","沈唁","https:\u002F\u002Fprofiles.wordpress.org\u002Fshenyanzhi\u002F","\u003Cp>基于百度文本内容审核技术来提供 WordPress 评论内容审核，对网站用户的评论信息检测，一旦发现用户提交恶意垃圾内容，可以做到文本的自动审核与实时过滤。\u003C\u002Fp>\n\u003Ch3>依赖第三方服务\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>依赖百度 AI 文本审核技术：https:\u002F\u002Fai.baidu.com\u002Ftech\u002Ftextcensoring\u003C\u002Fli>\n\u003Cli>使用说明：https:\u002F\u002Fai.baidu.com\u002Fai-doc\u002FANTIPORN\u002FVk3h6xaga\u003C\u002Fli>\n\u003Cli>即在 WordPress 中有新的评论时，将会调用百度文本审核接口进行验证，验证结果分为 4 种：1. 合规、2. 不合规、3. 疑似、4. 审核失败\u003C\u002Fli>\n\u003Cli>不改变原有的讨论规则，不合规时提示重新评论；疑似和审核失败时写数据库，人工二次审核\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>主要功能\u003C\u002Fh3>\n\u003Col>\n\u003Cli>基于百度 Api，一站式检测文本中夹杂的色情、推广、辱骂、违禁、涉政、灌水等垃圾内容，净化网络环境；\u003C\u002Fli>\n\u003Cli>用户可以在平台上自助选择审核维度、审核标签，审核松紧度、自定义文本黑白名单，让文本按照勾选的维度、松紧度进行审核。\u003C\u002Fli>\n\u003Cli>插件更多详细介绍和安装：\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsy-records\u002Fwp-baidu-textcensor\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsy-records\u002Fwp-baidu-textcensor\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>作者博客\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fqq52o.me\" title=\"沈唁志\" rel=\"nofollow ugc\">沈唁志\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>相关插件\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>文章内容审核\u003C\u002Fstrong>：\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsy-records\u002Ftextcensor-for-articles\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>，\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftextcensor-for-articles\" rel=\"ugc\">WordPress Plugins\u003C\u002Fa>\u003C\u002Fp>\n","基于百度文本内容审核技术来提供 WordPress 评论内容审核",40,4261,"2025-12-05T03:13:00.000Z","6.9.4","5.6","7.0",[49,50,51,52],"baidu","comments","%e8%af%84%e8%ae%ba%e8%bf%87%e6%bb%a4","textcensor","https:\u002F\u002Fgithub.com\u002Fsy-records\u002Fwp-baidu-textcensor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbaidu-textcensor.1.2.0.zip",100,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":30,"downloaded":64,"rating":12,"num_ratings":12,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":16,"tags":68,"homepage":72,"download_link":73,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"wp-jquery-spam","WP jQuery Spam","1.2","Soar360","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoar360\u002F","\u003Cp>WP jQuery Spam是一个适用于WordPress的反垃圾评论插件，它可以通过动态向评论表单增加隐藏域的方式来拦截垃圾评论。只要评论信息不是通过浏览器正规提交，那么评论就会被拦截，并写入当天的robot日志。\u003C\u002Fp>\n\u003Cp>此插件可以拦截大部分垃圾评论机器人。在此之前，博主也深受垃圾评论的烦恼，每天收到的垃圾评论邮件就有数十封，这个插件启用后，再也邮箱再也没有被Robot垃圾邮件惊扰，这真真是极好的。\u003C\u002Fp>\n\u003Ch4>特色\u003C\u002Fh4>\n\u003Cp>该插件体积小巧，安装方便，无需额外设置，可谓“即插即用”。兼容WP-Super-Cache插件，并且针对“Invoker”主题做了优化。程序代码不足百行，且做足了优化，对程序性能影响极小，实乃站长开博，居家旅行的必备良品。\u003C\u002Fp>\n\u003Ch4>官方网站\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.sum16.com\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.sum16.com\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","帮助广大WordPress用户拦截垃圾评论",1754,"2014-01-26T06:00:00.000Z","3.7.41","2.8",[50,69,70,4,71],"jquery","junk","spam","http:\u002F\u002Fwww.sum16.com\u002Fmy\u002Fwp-jquery-spam.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-jquery-spam.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":10,"downloaded":82,"rating":12,"num_ratings":12,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":16,"tags":86,"homepage":91,"download_link":92,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":93},"wumii-comment","无觅评论插件","1.0.0.0","wumii team","https:\u002F\u002Fprofiles.wordpress.org\u002Fwumii-team\u002F","\u003Cp>无觅社会化评论框让你的网站轻松接入新浪微博、QQ（腾讯微博和 QQ 空间）、无觅网等社交网站，让每一个人都能轻松加入你的社区并参与讨论，同时还能智能聚合与文章相关的微博评论，为您打造更活跃、更具互动性的评论平台，稳步提升网站流量。\u003C\u002Fp>\n\u003Cp>官方网站：\u003Ca href=\"http:\u002F\u002Fwww.wumii.com\u002Fwidget\u002Fcomment\" title=\"无觅评论插件\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.wumii.com\u002Fwidget\u002Fcomment\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>功能特色\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>社会化一键登录\u003C\u002Fstrong>：可用新浪微博、QQ（腾讯微博和 QQ 空间）和无觅账号直接登录发表评论\u003C\u002Fli>\n\u003Cli>\u003Cstrong>智能评论聚合\u003C\u002Fstrong>：独家利用大数据能力智能识别文章内容，自动聚合相同文章的评论及微博\u003C\u002Fli>\n\u003Cli>\u003Cstrong>互动社区功能\u003C\u002Fstrong>：实时展示网站的动态和热门排行，让用户之间的互动更容易形成社区\u003C\u002Fli>\n\u003Cli>\u003Cstrong>提高活跃度\u003C\u002Fstrong>：实时提醒、实时评论展示，并且与无觅网数百万用户相关联，远离 0 评论状态\u003C\u002Fli>\n\u003Cli>\u003Cstrong>提升社交流量\u003C\u002Fstrong>：任何一次评论都会自动同步到无觅网及关联的微博社区，给网站带回流量\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>提升网站流量\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>评论微博分享：只需简单勾选，即可分享评论到各大社交网站，吸引评论者的好友来您问你的网站\u003C\u002Fli>\n\u003Cli>回复提醒：如果评论收到回复，评论者在任何安装了无觅评论插件的网站都能收到提示，回访你的网站\u003C\u002Fli>\n\u003Cli>跨网站单点登录：访客在其它网站上登录无觅评论后，再访问你的网站时，可以自动登录、直接评论\u003C\u002Fli>\n\u003Cli>鼓励优质评论：用户可以「赞」自己喜欢的评论，并将评论顶到前面，鼓励大家发表言之有物的优质评论\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>众多实用特性\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>智能过滤垃圾评论\u003C\u002Fli>\n\u003Cli>便捷安装，一键启用\u003C\u002Fli>\n\u003Cli>社区热门评论排行\u003C\u002Fli>\n\u003Cli>完美兼容\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwumii-related-posts\u002F\" rel=\"ugc\">无觅相关文章插件\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","为您打造更活跃、更具互动性的评论平台，智能连接新浪微博、QQ等社交网络，迅速提升网站的优质评论。",3536,"2013-09-30T03:33:00.000Z","3.6.1","2.5.1",[87,19,88,89,90],"%e7%95%99%e8%a8%80","wumii","%e6%97%a0%e8%a7%85","%e6%97%a0%e8%a7%85%e7%bd%91","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwumii-comment-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwumii-comment.1.0.0.0.zip","2026-03-15T14:54:45.397Z",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":12,"downloaded":102,"rating":12,"num_ratings":12,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":47,"tags":106,"homepage":108,"download_link":109,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"wpcomment2bark","WPComment2Bark","1.0.1","7gugu","https:\u002F\u002Fprofiles.wordpress.org\u002F7gugu\u002F","\u003Cp>WPComment2Bark\u003C\u002Fp>\n\u003Ch3>背景 🏞\u003C\u002Fh3>\n\u003Cp>最近大半年都在搞实习和雅思，其实没做多少实用的工具出来，有点手痒痒了。因此接着博客重建的契机，动手搞了一个评论信息推送的小插件。\u003C\u002Fp>\n\u003Ch3>思考 🤔\u003C\u002Fh3>\n\u003Ch3>技术指标:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>高触达率 🚀\u003C\u002Fli>\n\u003Cli>开箱即用 📦\u003C\u002Fli>\n\u003Cli>高度安全 🔐\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>解决方案:\u003C\u002Fh3>\n\u003Cp>1.邮件推送\u003C\u002Fp>\n\u003Cp>原来的推送方式就是通过Email的形式来推送，有可能会出现消息推送不及时或者被拒信，无法满足高触达率的技术要求，故摒弃这种推送方式。\u003C\u002Fp>\n\u003Cp>2.Server酱\u003C\u002Fp>\n\u003Cp>Server酱年初也因为各种外部原因，降级成了企业微信推送，其实不是特别方便，用户还得去装一个企业微信，然后配置Bot，再去配置APIKEY。对于我们做开发的用户来说，已经是挺繁琐的步骤了，对于普通用户而言简直就是噩梦。无法满足开箱即用的要求，故放弃。\u003C\u002Fp>\n\u003Cp>3.Bark\u003C\u002Fp>\n\u003Cp>最后我将目光投到了Bark身上，Bark是V站的一个dalao搞的一套利用Apple消息推送机制做的Web信息推送框架。Bark也同时满足我们三项技术要求:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>高触达率\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>借助Apple推送机制，我们甚至可以在息屏的情况下，都能正常收到推送消息。无视任何垃圾回收机制，绝对在线。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>开箱即用\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>用户只要下载Bark客户端，博客安装插件，配置插件，即可投入实际使用。\u003C\u002Fp>\n\u003Cul>\n\u003Cli>高度安全\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Bark提供免费服务器的同时，也提供了源代码供用户进行审查。如果是对于隐私比较敏感的用户，还能选择通过Docker部署自己的私有推送服务器。\u003C\u002Fp>\n\u003Cp>综合上述优点，我选择了使用Bark作为消息推送的核心功能支持。\u003C\u002Fp>\n\u003Ch3>作用 🏄🏼‍♀️\u003C\u002Fh3>\n\u003Cp>每当有人评论你的文章时，可以推送到你的 Bark App。\u003C\u002Fp>\n\u003Ch3>配置指南 🧭\u003C\u002Fh3>\n\u003Cp>1.从AppStore下载Bark客户端\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Cp>2.上传 & 安装插件\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Cp>3.配置推送链接\u003C\u002Fp>\n\u003Cp>首先从客户端上复制出推送API和API密钥\u003C\u002Fp>\n\u003C\u002Fp>\n\u003Cp>第二步，切换到博客后台，依次点击【设置->讨论】，滚动到底部，找到【Bark推送设置】\u003C\u002Fp>\n\u003Cp>至此就完成了全部配置工作，只要有新的评论被发出，就会调用API想您推送消息。\u003C\u002Fp>\n\u003Ch3>插件仓库 ⛺️\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002F7gugu\u002FWPComment2Bark\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002F7gugu\u002FWPComment2Bark\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>点击【Code -> Download ZIP】下载压缩包后，按照配置指南，一步一步的安装即可。\u003C\u002Fp>\n\u003Ch3>联系方式\u003C\u002Fh3>\n\u003Col>\n\u003Cli>博客: \u003Ca href=\"https:\u002F\u002Fwww.7gugu.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.7gugu.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>邮箱: gz7gugu@qq.com\u003C\u002Fli>\n\u003C\u002Fol>\n","Wordpress新评论Bark通知",9494,"2021-10-13T14:23:00.000Z","5.8.13","4.7",[19,107],"%e6%b6%88%e6%81%af%e9%80%9a%e7%9f%a5","https:\u002F\u002F7gugu.com\u002Findex.php\u002F2021\u002F09\u002F21\u002Fwp%e6%8f%92%e4%bb%b6-wpcomment2bark\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcomment2bark.zip",{"attackSurface":111,"codeSignals":143,"taintFlows":195,"riskAssessment":278,"analyzedAt":288},{"hooks":112,"ajaxHandlers":139,"restRoutes":140,"shortcodes":141,"cronEvents":142,"entryPointCount":12,"unprotectedCount":12},[113,119,122,127,131,135],{"type":114,"name":115,"callback":116,"priority":10,"file":117,"line":118},"action","admin_menu","pinglunla_create_menu","pinglunla-comment-system.php",27,{"type":114,"name":120,"callback":121,"file":117,"line":42},"admin_head","pinglunla_menu_admin_head",{"type":123,"name":124,"callback":125,"priority":12,"file":117,"line":126},"filter","comments_template","pinglunla_comments_template",353,{"type":123,"name":128,"callback":129,"file":117,"line":130},"comments_number","pinglunla_comments_text",354,{"type":123,"name":132,"callback":133,"file":117,"line":134},"get_comments_number","pinglunla_comments_number",355,{"type":114,"name":136,"callback":137,"file":117,"line":138},"wp_footer","pinglunla_output_footer_comment_js",356,[],[],[],[],{"dangerousFunctions":144,"sqlUsage":145,"outputEscaping":148,"fileOperations":193,"externalRequests":29,"nonceChecks":12,"capabilityChecks":29,"bundledLibraries":194},[],{"prepared":146,"raw":12,"locations":147},14,[],{"escaped":149,"rawEcho":150,"locations":151},2,17,[152,156,159,162,165,167,169,171,173,175,177,179,181,183,185,187,190],{"file":153,"line":154,"context":155},"comments.php",12,"raw output",{"file":157,"line":158,"context":155},"export-comments.php",64,{"file":160,"line":161,"context":155},"export-json-comments.php",68,{"file":163,"line":164,"context":155},"import-comments.php",15,{"file":117,"line":166,"context":155},151,{"file":117,"line":168,"context":155},181,{"file":117,"line":170,"context":155},207,{"file":117,"line":172,"context":155},236,{"file":117,"line":174,"context":155},241,{"file":117,"line":176,"context":155},246,{"file":117,"line":178,"context":155},260,{"file":117,"line":180,"context":155},269,{"file":117,"line":182,"context":155},278,{"file":117,"line":184,"context":155},303,{"file":117,"line":186,"context":155},304,{"file":188,"line":189,"context":155},"pinglunla-save-cc.php",26,{"file":191,"line":192,"context":155},"pinglunla-toggle-seo.php",19,3,[],[196,214,225,233,250],{"entryPoint":197,"graph":198,"unsanitizedCount":29,"severity":213},"pinglunla_comments_manage_page (pinglunla-comment-system.php:45)",{"nodes":199,"edges":210},[200,205],{"id":201,"type":202,"label":203,"file":117,"line":204},"n0","source","$_SERVER",55,{"id":206,"type":207,"label":208,"file":117,"line":172,"wp_function":209},"n1","sink","echo() [XSS]","echo",[211],{"from":201,"to":206,"sanitized":212},false,"medium",{"entryPoint":215,"graph":216,"unsanitizedCount":29,"severity":224},"\u003Cimport-comments> (import-comments.php:0)",{"nodes":217,"edges":222},[218,221],{"id":201,"type":202,"label":219,"file":163,"line":220},"$_GET",13,{"id":206,"type":207,"label":208,"file":163,"line":164,"wp_function":209},[223],{"from":201,"to":206,"sanitized":212},"low",{"entryPoint":226,"graph":227,"unsanitizedCount":29,"severity":224},"\u003Cpinglunla-comment-system> (pinglunla-comment-system.php:0)",{"nodes":228,"edges":231},[229,230],{"id":201,"type":202,"label":203,"file":117,"line":204},{"id":206,"type":207,"label":208,"file":117,"line":172,"wp_function":209},[232],{"from":201,"to":206,"sanitized":212},{"entryPoint":234,"graph":235,"unsanitizedCount":149,"severity":224},"\u003Cpinglunla-save-cc> (pinglunla-save-cc.php:0)",{"nodes":236,"edges":247},[237,239,242,245],{"id":201,"type":202,"label":238,"file":188,"line":146},"$_GET['cc0']",{"id":206,"type":207,"label":240,"file":188,"line":146,"wp_function":241},"update_option() [Settings Manipulation]","update_option",{"id":243,"type":202,"label":244,"file":188,"line":192},"n2","$_GET['cc1']",{"id":246,"type":207,"label":240,"file":188,"line":192,"wp_function":241},"n3",[248,249],{"from":201,"to":206,"sanitized":212},{"from":243,"to":246,"sanitized":212},{"entryPoint":251,"graph":252,"unsanitizedCount":29,"severity":277},"\u003Cexport-comments> (export-comments.php:0)",{"nodes":253,"edges":271},[254,256,258,259,262,265,269],{"id":201,"type":202,"label":219,"file":157,"line":255},21,{"id":206,"type":207,"label":240,"file":157,"line":257,"wp_function":241},44,{"id":243,"type":202,"label":219,"file":157,"line":255},{"id":246,"type":207,"label":260,"file":157,"line":24,"wp_function":261},"get_results() [SQLi]","get_results",{"id":263,"type":202,"label":219,"file":157,"line":264},"n4",28,{"id":266,"type":267,"label":268,"file":157,"line":264},"n5","transform","→ pinglunla_retrieve_comment()",{"id":270,"type":207,"label":260,"file":157,"line":24,"wp_function":261},"n6",[272,274,275,276],{"from":201,"to":206,"sanitized":273},true,{"from":243,"to":246,"sanitized":273},{"from":263,"to":266,"sanitized":212},{"from":266,"to":270,"sanitized":212},"high",{"summary":279,"deductions":280},"The plugin \"pinglunla\" v0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all its SQL queries and has no known historical vulnerabilities. The attack surface is reported as zero entry points, which is a strong indicator of potentially secure design.\n\nHowever, significant concerns arise from the static analysis. A critical finding is the presence of one high-severity taint flow, indicating a potential pathway for malicious data to be processed without proper sanitization, which could lead to various vulnerabilities depending on the context of the flow. Furthermore, only 11% of output escaping is properly implemented, leaving a substantial portion of outputs vulnerable to cross-site scripting (XSS) attacks. The absence of nonce checks and a single capability check on its limited entry points are also notable weaknesses, suggesting that even if entry points are limited, their security relies heavily on other mechanisms that might be insufficient on their own.\n\nWhile the lack of vulnerability history is encouraging, it should not be the sole basis for a security assessment. The identified taint flow and the very low rate of output escaping are significant enough risks to warrant careful attention. The plugin has strengths in its SQL handling and lack of historical issues, but the identified code-level risks present immediate security concerns that need to be addressed.",[281,283,286],{"reason":282,"points":164},"High severity taint flow found",{"reason":284,"points":285},"Low output escaping rate (11%)",8,{"reason":287,"points":10},"No nonce checks","2026-03-17T00:35:25.801Z",{"wat":290,"direct":297},{"assetPaths":291,"generatorPatterns":294,"scriptPaths":295,"versionParams":296},[292,293],"\u002Fwp-content\u002Fplugins\u002Fpinglunla\u002Fcss\u002Fpinglunla.css","\u002Fwp-content\u002Fplugins\u002Fpinglunla\u002Fjs\u002Fpinglunla.js",[],[293],[],{"cssClasses":298,"htmlComments":307,"htmlAttributes":308,"restEndpoints":310,"jsGlobals":311,"shortcodeOutput":316},[299,300,301,302,303,304,305,306],"pinglunla_clear","pinglunla_tabpage_item","pinglunla_tab","pinglunla_tab_wrapper","pinglunla_tabpages","pinglunla-export-fail","pinglunla-exporting","pinglunla-importing",[],[309],"dv",[],[312,313,314,315],"pinglunla_trigger_export","pinglunla_export_comments","pinglunla_trigger_import","pinglunla_import_comments",[]]