[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjVJ-BTEoZIhcoo976kLLfFGupflUQyrUaXE09qz1-RM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":143,"fingerprints":190},"plum-code-box","Plum Code Box","1.1","jtgraphic","https:\u002F\u002Fprofiles.wordpress.org\u002Fjtgraphic\u002F","\u003Cp>Do you ever have a really hard getting your code formatted correctly in a post? Or do you ever have issues preserving tabs?\u003C\u002Fp>\n\u003Cp>Plum Code Box makes it easy to insert and manage code blocks using the Chili javascript syntax highlighter. The plugin adds option boxes to post and page\u003Cbr \u002F>\neditors. There are also other \u003Ca href=\"http:\u002F\u002Fcodeplum.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> available from Code Plum.\u003C\u002Fp>\n\u003Cp>Twitter: @codeplum\u003C\u002Fp>\n\u003Cp>Website: http:\u002F\u002Fcodeplum.com\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>You may make donations at http:\u002F\u002Fwww.codeplum.com\u003C\u002Fp>\n","Plum Code Box makes it easy to insert and manage code blocks using the Chili javascript syntax highlighter.",20,4166,0,"2011-04-25T09:00:00.000Z","3.1.4","3.0","",[19,20,21,22,23],"code-block","coding","html","php","programming","http:\u002F\u002Fwww.codeplum.com\u002Fwordpress-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplum-code-box.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T14:08:55.379Z",[36,58,83,104,126],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"code-widget","Code Widget","1.0.15","Sharaz Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharaz\u002F","\u003Cp>Code Widget is simple widget allows you to insert any arbitrary Text\u002FHTML  and run  PHP Code or Short Code. This Widget parses PHP code  into simple text and much more.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003Cbr \u002F>\nThis plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsharazghouri1\" rel=\"nofollow ugc\">Sharaz Shahid\u003C\u002Fa>\u003C\u002Fp>\n","Code widget help  to  add  Short Code, PHP Code, HTML, and Simple Text in widget.",4000,60271,98,35,"2022-06-11T11:06:00.000Z","6.1.0","4.0","7.0",[53,21,22,54,55],"code","short-code","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-widget.1.0.15.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":79,"download_link":80,"security_score":81,"vuln_count":31,"unpatched_count":31,"last_vuln_date":82,"fetched_at":28},"append-extensions-on-pages","Append extensions on Pages","1.1.2","Suresh Kumar Mukhiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsureshhardiya\u002F","\u003Cp>This plugin helps to appends .html on the wordpress pages when used with permalink. If you are a developer then you can modify this plugin to use any extension you want.\u003C\u002Fp>\n\u003Cp>You can choose the extension you want to have on your pages when used with permalik. Availble choices are .jsp, .htm, .html, .asp, .ror. Every time new extension is used, please make sure to refresh permalink.\u003C\u002Fp>\n","This plugin helps to appends .html or .asp or .htm etc on the wordpress pages when used with permalink.",900,11890,100,7,"2017-09-09T10:53:00.000Z","4.8.28","3.1",[74,75,76,77,78],"html-on-permalink","add-aspx-on-pages","add-html-on-pages","add-php-on-pages","append-html-on-pages","http:\u002F\u002Fwww.skmukhiya.com.np","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappend-extensions-on-pages.zip",63,"2025-09-22 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":46,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":17,"requires_php":51,"tags":96,"homepage":102,"download_link":103,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"code-manager","Code Manager","1.0.45","Passionate Programmer Peter","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeterschulznl\u002F","\u003Cp>The Code Manager allows WordPress users to write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Code Management\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List, edit, delete, copy, import and export code\u003C\u002Fli>\n\u003Cli>Open multiple code editors simultaneously in tab mode\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable code\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable preview mode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode (FREE)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP code blocks from a shortcode\u003C\u002Fli>\n\u003Cli>JavaScript code blocks from a shortcode\u003C\u002Fli>\n\u003Cli>CSS from a shortcode\u003C\u002Fli>\n\u003Cli>HTML blocks from a shortcode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced code (PREMIUM)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP server code – no more need to edit functions.php\u003C\u002Fli>\n\u003Cli>Add CCS and JS resource files to back-end and front-end\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit the plugin website for downloadable demos and example code.\u003C\u002Fp>\n\u003Ch3>Plugin Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002F\" rel=\"nofollow ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-manager\u002F\" rel=\"ugc\">Download Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002Fblog\u002Fdocs\u002Findex\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcode-manager.com\u002Fcode\u002F\" rel=\"nofollow ugc\">Code Examples\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.",500,84963,8,"2025-12-02T11:45:00.000Z","6.9.4",[97,98,99,100,101],"code-blocks","code-snippets","css-editor","javascript-editor","php-editor","https:\u002F\u002Fcode-manager.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-manager.1.0.45.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":68,"num_ratings":114,"last_updated":115,"tested_up_to":95,"requires_at_least":116,"requires_php":17,"tags":117,"homepage":122,"download_link":123,"security_score":124,"vuln_count":31,"unpatched_count":13,"last_vuln_date":125,"fetched_at":28},"ioncube-tester-plus","ionCube Tester Plus","1.5","Robert Seyfriedsberger","https:\u002F\u002Fprofiles.wordpress.org\u002Fharmr\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.ioncube.com\" rel=\"nofollow ugc\">ionCube encoder\u003C\u002Fa> is an established industry standard solution for PHP encoding. In order to run encrypted files on your webserver, it has have ionCube encoders installed. This plugin checks if this is true and if not, you are given a guidance through the official loader wizard which determines what exactly has to be installed on your server on how this can be achieved (if you are not admin of your webserver, you are given instructions which you can easily forward to your admin).\u003C\u002Fp>\n","This plugin helps you to determine if the ionCube loaders are installed correctly on your web server. This plugin is sponsored by \"Maps Marker Pr …",300,19084,2,"2026-01-11T22:58:00.000Z","2.2",[118,119,120,22,121],"encoding","ioncube","loader","test","http:\u002F\u002Fwww.mapsmarker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fioncube-tester-plus.1.5.zip",94,"2026-03-04 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":68,"downloaded":134,"rating":13,"num_ratings":13,"last_updated":135,"tested_up_to":136,"requires_at_least":16,"requires_php":17,"tags":137,"homepage":141,"download_link":142,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"2mb-autocode","2MB Autocode","1.2.6","Michael","https:\u002F\u002Fprofiles.wordpress.org\u002Flilmike\u002F","\u003Cp>This plugin, developed by \u003Ca href=\"https:\u002F\u002F2mb.solutions\u002F\" rel=\"nofollow ugc\">2MB Solutions\u003C\u002Fa>, allows you to place predetermined text\u002Fhtml\u002Fphp at the top and\u002For bottom of each post. In addition, you can override the placing of text at the bottom and\u002For top of a specific post, override the placing of text on the homepage or on a post individually, or run arbitrary php inside a post.\u003C\u002Fp>\n\u003Cp>For more on 2MB, please visit (https:\u002F\u002F2mb.solutions\u002F).\u003C\u002Fp>\n\u003Cp>Note that all development now takes place at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F2mb-solutions\u002Fautocode\u002F\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin allows you to place predetermined text\u002Fhtml\u002Fphp at the top or bottom of posts.",39018,"2021-02-06T21:41:00.000Z","5.6.17",[138,139,140,21,22],"autocode","automatic","code-placement","https:\u002F\u002F2mb.solutions\u002Fplugins\u002Fautocode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F2mb-autocode.1.2.6.zip",{"attackSurface":144,"codeSignals":166,"taintFlows":183,"riskAssessment":184,"analyzedAt":189},{"hooks":145,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[146,152,156],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","add_meta_boxes","add_post_meta_boxes","classes\\Plum_Code_Box_Admin.php",42,{"type":147,"name":153,"callback":154,"file":150,"line":155},"save_post","save_post_meta_boxes",43,{"type":157,"name":158,"callback":159,"file":160,"line":161},"filter","the_content","insert_code","classes\\Plum_Code_Box_Front.php",48,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":31,"capabilityChecks":114,"bundledLibraries":182},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":13,"rawEcho":171,"locations":172},4,[173,176,178,180],{"file":174,"line":47,"context":175},"interfaces\\admin_post.php","raw output",{"file":174,"line":177,"context":175},44,{"file":174,"line":179,"context":175},59,{"file":174,"line":181,"context":175},62,[],[],{"summary":185,"deductions":186},"The plugin 'plum-code-box' version 1.1 exhibits a generally strong security posture based on the provided static analysis. The absence of identified dangerous functions, SQL queries without prepared statements, file operations, and external HTTP requests is a positive indicator. Furthermore, the presence of nonce and capability checks, even with a limited attack surface, suggests an awareness of basic security practices.  However, a significant concern arises from the complete lack of output escaping on all identified output points. This means that any data processed and displayed by the plugin, if it originates from an untrusted source, could potentially be vulnerable to cross-site scripting (XSS) attacks. The plugin's vulnerability history being entirely clear is a good sign, but it doesn't negate the risks identified in the static analysis. A balanced conclusion would note the lack of complex vulnerabilities and good use of core WordPress security features, but highlight the critical need to address the unescaped output to prevent potential XSS vulnerabilities.",[187],{"reason":188,"points":93},"All identified outputs are unescaped","2026-03-16T23:06:52.607Z",{"wat":191,"direct":200},{"assetPaths":192,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[193,194],"\u002Fwp-content\u002Fplugins\u002Fplum-code-box\u002Fchili\u002Fjquery.chili-2.2.js","\u002Fwp-content\u002Fplugins\u002Fplum-code-box\u002Fchili\u002Frecipes.js",[],[193,194],[198,199],"plum-code-box\u002Fchili\u002Fjquery.chili-2.2.js?ver=","plum-code-box\u002Fchili\u002Frecipes.js?ver=",{"cssClasses":201,"htmlComments":203,"htmlAttributes":204,"restEndpoints":208,"jsGlobals":209,"shortcodeOutput":211},[202],"Plum_Code_Box",[],[205,206,207],"Plum_Code_Box_nonce","Plum_Code_Box_number_of_boxes","Plum_Code_Box_code_",[],[210],"Plum_Code_Box_display_boxes",[212],"[codebox "]