[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fguVE98kvbGtM-FYrYPCPIDfAsriB5qm1CkCeJsfTsVI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":129,"fingerprints":223},"post-listing","Post Listing","1.0","farvehandleren","https:\u002F\u002Fprofiles.wordpress.org\u002Ffarvehandleren\u002F","\u003Cp>Display list and grid of posts.\u003C\u002Fp>\n","Display list and grid of posts.",10,1486,0,"2016-10-03T15:58:00.000Z","4.4.34","4.0","",[19,4,20,21,22],"category","posts","tag","type","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-listing.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},11,240,30,84,"2026-04-04T06:04:52.804Z",[35,57,77,93,110],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"archive-title","Archive Title","1.0.2","WebMan Design | Oliver Juhas","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmandesign\u002F","\u003Cp>This plugin provides options to tweak an archive page title, such as removing annoying archive label (see FAQ). You can remove the label for any archive page completely, or just hide it accessibly.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Modifying category, tag, author, custom post type and custom taxonomy archive title (no need to modify the date archive title)\u003C\u002Fli>\n\u003Cli>Removing archive page title label completely\u003C\u002Fli>\n\u003Cli>Hiding archive page title label accessibly (using a CSS class of \u003Ccode>screen-reader-text\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Resources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Farchive-title\u002F\" rel=\"ugc\">Have a question?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmandesign\u002F#content-themes\" rel=\"nofollow ugc\">Grab a free theme\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.webmandesign.eu\u002F\" rel=\"nofollow ugc\">WebMan Design website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides options to control an archive page title.",1000,19244,100,5,"2025-12-13T09:32:00.000Z","6.9.4","6.0","7.0",[19,52,53,21,54],"label","post-type","taxonomy","https:\u002F\u002Fwww.webmandesign.eu\u002Fportfolio\u002Farchive-title-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farchive-title.1.0.2.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":43,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":17,"tags":71,"homepage":75,"download_link":76,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"custom-recent-posts-widget","Custom Recent Posts Widget","2.1.1","Prasanna SP","https:\u002F\u002Fprofiles.wordpress.org\u002Fprasannasp\u002F","\u003Cp>This plugin creates a new widget which lets you show a list of recent posts based on categories or tags. This is a must have plugin if you want to exclude some categories in recent posts widget or if you want to show recent posts based on tags. By default the wordpress recent posts widget shows a posts from all category. But this plugin gives you more power to customize your recent posts widget. You can also display post date in the widget.\u003C\u002Fp>\n\u003Cp>See the live action of this plugin on \u003Ca href=\"http:\u002F\u002Fdemo.prasannasp.net\u002Fcustom-recent-posts-widget\u002F\" rel=\"nofollow ugc\">demo site\u003C\u002Fa> or on Kennneth John Odle’s \u003Ca href=\"http:\u002F\u002Fblog.kjodle.net\u002F\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Have any questions or suggestions? Create a thread in the \u003Ca href=\"http:\u002F\u002Fforum.prasannasp.net\u002Fforum\u002Fplugin-support\u002Fcustom-recent-posts-widget\u002F\" rel=\"nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.prasannasp.net\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa> for more \u003Cstrong>WordPress Plugins\u003C\u002Fstrong> from the developer.\u003C\u002Fp>\n\u003Cp>A special thanks to \u003Ca href=\"http:\u002F\u002Fblog.kjodle.net\u002F\" rel=\"nofollow ugc\">Ken\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.joshlobe.com\" rel=\"nofollow ugc\">Josh\u003C\u002Fa> for testing the code.\u003C\u002Fp>\n","A widget to show recent posts list based on categories or tags",51454,98,9,"2017-11-28T18:35:00.000Z","3.5.2","3.1",[72,19,73,21,74],"categories","recent-posts","tags","http:\u002F\u002Fwww.prasannasp.net\u002Fcustom-recent-posts-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-recent-posts-widget.2.1.1.zip",{"slug":78,"name":79,"version":70,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":45,"downloaded":84,"rating":45,"num_ratings":85,"last_updated":86,"tested_up_to":69,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":91,"download_link":92,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"count-posts-in-a-category","Count Posts in a Category, Tag, or Custom Taxonomy","Luke Mlsna","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitacre\u002F","\u003Cp>This plugin allows you to dynamically return the number of posts in a particular category, tag, or custom taxonomy. Inserting \u003Ccode>[cat_count value=\"category-slug\"]\u003C\u002Fcode> in a post or page, or \u003Ccode>\u003C?php do_shortcode('cat_count slug=\"category-slug\" '); ?>\u003C\u002Fcode> anywhere in WordPress’ code will return the number of posts in that particular category.\u003C\u002Fp>\n\u003Cp>Useful for creating dynamic table of contents pages, keeping track of post stats, general bragging, or any place where keeping a running tally might be desirable.\u003C\u002Fp>\n\u003Ch3>Readme Generator\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin’s readme.txt file was generated by the \u003Ca href=\"http:\u002F\u002Fshinraholdings.com\u002Fproject\u002Freadme-gen\" rel=\"nofollow ugc\">bitacre Readme Generator\u003C\u002Fa> for WordPress Plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fshinraholdings.com\u002Fplugins\u002Fcount-posts-in-a-category\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"mailto:plugins@shinraholdings.com\" rel=\"nofollow ugc\">plugins@shinraholdings.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fshinraholdings.com\u002Fdonate\" rel=\"nofollow ugc\">Donations\u003C\u002Fa> are graciously accepted to support the continued development and maintenance of this and other plugins. We currently accept Paypal and kind words.\u003C\u002Fp>\n","Adds a custom shortcode that returns the number of posts in a category, tag, or custom taxonomy. Accepts a slug (default), ID, or name as input and wo …",9182,2,"2013-01-01T08:45:00.000Z","2.8",[19,89,20,21,90],"count","template","http:\u002F\u002Fshinraholdings.com\u002Fplugins\u002Fcount-posts-in-a-category","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcount-posts-in-a-category.3.1.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":45,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":17,"tags":105,"homepage":108,"download_link":109,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"posts-by-category","Posts by Category","1.0.0","Shellbot","https:\u002F\u002Fprofiles.wordpress.org\u002Fshellbot\u002F","\u003Cp>Posts by Category lets you display a list of posts pulled from a particular category or tag, and optionally\u003Cbr \u002F>\ngroup them by year, month or first letter of the post title.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set a title to be displayed above list of posts\u003C\u002Fli>\n\u003Cli>Shortcode allows post list to be inserted anywhere\u003C\u002Fli>\n\u003Cli>Limit how many posts should be displayed\u003C\u002Fli>\n\u003Cli>Group posts by year, month or first letter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To display the list of posts, add the following shortcode to your post or page.\u003C\u002Fp>\n\u003Cp>Default settings:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[sb_category_posts]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Custom settings:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[sb_category_posts show=\"10\" cat=\"3\" group_by=\"year\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For full list of parameters see \u003Ca href=\"http:\u002F\u002Fcodebyshellbot.com\u002Fwordpress-plugins\u002Fposts-by-category\u002F\" title=\"Posts by Category\" rel=\"nofollow ugc\">the plugin release page\u003C\u002Fa>\u003C\u002Fp>\n","Display a list of posts from a specific category or tag.",4026,"2018-06-07T13:07:00.000Z","4.9.29","2.9",[19,106,20,107,21],"list","shortcode","http:\u002F\u002Fcodebyshellbot.com\u002Fwordpress-plugins\u002Fposts-by-category\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-by-category.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":127,"download_link":128,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-popular-posts-tool","WP-Popular Posts Tool","3.0","teo7","https:\u002F\u002Fprofiles.wordpress.org\u002Fteo7\u002F","\u003Cp>Enables you to automatically display most commented posts, either by category or tag. Optional: You can choose manually the category or tag you want to display its most commented posts. It has several configuration options, and can list your comments with color bars. It has a widget to add it easily to your sidebar. See this plugin in action in http:\u002F\u002Fmovilarena.com\u003C\u002Fp>\n","Enables you to automatically display most commented posts, either by category or tag. Optional: You can choose manually the category or tag you want t …",90,35916,"2011-11-19T22:33:00.000Z","3.2.1","2.3",[72,124,125,126,74],"popular-posts","popular-posts-by-category","popular-posts-by-tag","http:\u002F\u002Fteofiloisrael.com\u002Fplugin-popular-posts-tool\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-popular-posts-tool.3.0.zip",{"attackSurface":130,"codeSignals":151,"taintFlows":194,"riskAssessment":213,"analyzedAt":222},{"hooks":131,"ajaxHandlers":142,"restRoutes":143,"shortcodes":144,"cronEvents":149,"entryPointCount":150,"unprotectedCount":13},[132,138],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_menu","post_listing_admin_menu","ri_post.php",16,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_enqueue_scripts","post_listing_admin_css",34,[],[],[145],{"tag":146,"callback":147,"file":136,"line":148},"postList","post_listing_ri_list_posts",41,[],1,{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":155,"fileOperations":13,"externalRequests":13,"nonceChecks":150,"capabilityChecks":13,"bundledLibraries":193},[],{"prepared":13,"raw":13,"locations":154},[],{"escaped":11,"rawEcho":156,"locations":157},19,[158,161,162,164,165,167,169,171,173,175,177,179,181,182,184,185,187,189,191],{"file":159,"line":11,"context":160},"post-listing-admin.php","raw output",{"file":159,"line":137,"context":160},{"file":159,"line":163,"context":160},25,{"file":159,"line":141,"context":160},{"file":159,"line":166,"context":160},42,{"file":159,"line":168,"context":160},50,{"file":159,"line":170,"context":160},65,{"file":159,"line":172,"context":160},103,{"file":159,"line":174,"context":160},113,{"file":159,"line":176,"context":160},128,{"file":136,"line":178,"context":160},62,{"file":136,"line":180,"context":160},87,{"file":136,"line":180,"context":160},{"file":136,"line":183,"context":160},99,{"file":136,"line":183,"context":160},{"file":136,"line":186,"context":160},129,{"file":136,"line":188,"context":160},131,{"file":136,"line":190,"context":160},135,{"file":136,"line":192,"context":160},209,[],[195],{"entryPoint":196,"graph":197,"unsanitizedCount":13,"severity":212},"\u003Cpost-listing-admin> (post-listing-admin.php:0)",{"nodes":198,"edges":209},[199,204],{"id":200,"type":201,"label":202,"file":159,"line":203},"n0","source","$_POST",92,{"id":205,"type":206,"label":207,"file":159,"line":172,"wp_function":208},"n1","sink","echo() [XSS]","echo",[210],{"from":200,"to":205,"sanitized":211},true,"low",{"summary":214,"deductions":215},"The 'post-listing' v1.0 plugin exhibits a generally good security posture based on the provided static analysis. It demonstrates adherence to several best practices, including the absence of dangerous functions, complete reliance on prepared statements for SQL queries, and a single detected nonce check. The lack of file operations and external HTTP requests also reduces potential attack vectors. The vulnerability history is clean, with no recorded CVEs, indicating a potentially stable and well-maintained codebase.\n\nHowever, there are notable areas of concern. The most significant is the low percentage (34%) of properly escaped outputs, with 29 total outputs analyzed. This suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as unsanitized output can be exploited by attackers to inject malicious scripts into web pages. Furthermore, the absence of capability checks on any entry points, combined with the limited attack surface, means that while there are few entry points, any that are present could potentially be accessed by unauthenticated users if not properly handled within their context. The single shortcode, while seemingly benign, could be an entry point if its output is not adequately sanitized.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL queries and dangerous functions, the significant unescaped output poses a considerable XSS risk. The lack of capability checks on entry points is another weakness that warrants attention. The absence of past vulnerabilities is positive but does not guarantee future security, especially given the identified output escaping issues.",[216,219],{"reason":217,"points":218},"Low percentage of properly escaped output",15,{"reason":220,"points":221},"No capability checks on entry points",8,"2026-03-17T01:20:02.660Z",{"wat":224,"direct":235},{"assetPaths":225,"generatorPatterns":229,"scriptPaths":230,"versionParams":231},[226,227,228],"\u002Fwp-content\u002Fplugins\u002Fpost-listing\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fpost-listing\u002Fcss\u002Ft1.css","\u002Fwp-content\u002Fplugins\u002Fpost-listing\u002Fcss\u002Ft2.css",[],[],[232,233,234],"post-listing\u002Fcss\u002Fadmin.css?ver=","post-listing\u002Fcss\u002Ft1.css?ver=","post-listing\u002Fcss\u002Ft2.css?ver=",{"cssClasses":236,"htmlComments":250,"htmlAttributes":253,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":258},[237,238,239,240,241,242,243,244,245,246,247,248,249],"postsri","ripl_template1","ripl_template2","riexcerpt","main-content","rirelposts","relpost","rinner","nopad","col-xs-4","col-xs-8","caption","ridwn",[251,252],"Template 1","Template 2",[254,255],"id=\"ripl_template1\"","id=\"ripl_template2\"",[],[],[259,260,261,262],"\u003Cul class=\"postsri\" id=\"ripl_template1\">","\u003Cul class=\"postsri\" id=\"ripl_template2\">","\u003Cdiv class=\"main-content rirelposts\">","\u003Cul class=\"postsri relpost\">"]