[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMEF3Ab3Tl7O7a9uLUq0WRTOBwSFgYQI6tYPjTO7ANFw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":33,"analysis":119,"fingerprints":281},"post-to-sidebar","Post To Sidebar","1.1.4","dmallon","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmallon\u002F","\u003Cp>The Post To Sidebar plugin makes it easy to display post content in the sidebar areas of your site. Once the widget is activated, a multi-select dropdown of all your published pages appears on post editing screens. Select the pages upon which you want the post to be displayed and the post will appear on those pages.\u003C\u002Fp>\n\u003Cp>There are options to hide the post title in the output and to show the content as an excerpt.\u003C\u002Fp>\n","A WordPress plugin\u002Fwidget that gives you the ability to put content (posts and custom post types) in your sidebar.",30,14027,100,1,"2011-11-02T13:08:00.000Z","3.2.1","3.0","",[20,21,22,23],"pages","posts","sidebar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-to-sidebar.1.1.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":11,"trust_score":31,"computed_at":32},84,"2026-04-04T06:49:37.074Z",[34,52,72,89,104],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":18,"short_description":40,"active_installs":41,"downloaded":42,"rating":31,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":18,"tags":47,"homepage":50,"download_link":51,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"per-page-sidebars","Per Page Sidebars","2.0.3","Brian Layman","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrianlayman\u002F","The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.",1000,67740,10,"2018-03-14T19:32:00.000Z","4.9.29","3.1",[20,21,48,49],"sidebars","widgets","http:\u002F\u002FTheCodeCave.com\u002Fplugins\u002Fper-page-sidebars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-sidebars.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":17,"requires_php":18,"tags":66,"homepage":68,"download_link":69,"security_score":70,"vuln_count":14,"unpatched_count":14,"last_vuln_date":71,"fetched_at":28},"query-posts","Query Posts","0.3.2","Justin Tadlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreenshady\u002F","\u003Cp>The \u003Cem>Query Posts\u003C\u002Fem> widget was written to allow users that don’t know their way around PHP to easily show posts in any way they’d like.  It’s like having a cool WordPress developer as a friend ready to do your bidding.  Seriously.\u003C\u002Fp>\n\u003Cp>The widget has over 40 options to choose from.  You can list posts by category, tag, custom taxonomies, author, date, time, name, or anything you can imagine.  You can choose to show the full content, excerpts, or even a simple list.  You can order the posts in all sorts of ways.  Oh, and you can even show pages.\u003C\u002Fp>\n\u003Cp>This is the widget that keeps users out of the code and gives them the ability to display items on their site how they want.\u003C\u002Fp>\n","A WordPress widget that gives you unlimited control over showing posts and pages.",900,78613,74,3,"2017-11-28T21:28:00.000Z","3.0.5",[67,20,21,22,23],"page","http:\u002F\u002Fjustintadlock.com\u002Farchives\u002F2009\u002F03\u002F15\u002Fquery-posts-widget-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-posts.0.3.2.zip",63,"2025-09-28 00:00:00",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":31,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":18,"tags":86,"homepage":87,"download_link":88,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"per-page-widgets","Per Page Widgets","0.0.7","Internet123","https:\u002F\u002Fprofiles.wordpress.org\u002Finternet123\u002F","\u003Cp>Control widget areas on a per-page \u002F per-post basis.\u003C\u002Fp>\n\u003Cp>Gives you the ability to show or hide individual widget areas on each page \u002F post as well as completely substituting the widgets shown in a specific widget area on a specific page or post.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>The plugin has not been tested below version 3.3.\u003C\u002Fp>\n","Control widget areas on a per-page \u002F per-post basis.",300,16944,5,"2012-07-02T14:07:00.000Z","3.4.2","3.3",[20,21,48,49],"http:\u002F\u002Fwww.i123.dk\u002Fwordpress-plugin-per-page-widgets","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fper-page-widgets.0.0.7.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":43,"downloaded":97,"rating":13,"num_ratings":14,"last_updated":98,"tested_up_to":99,"requires_at_least":16,"requires_php":18,"tags":100,"homepage":102,"download_link":103,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"express-posts","Express Posts","1.3.0","Grant Mangham","https:\u002F\u002Fprofiles.wordpress.org\u002Fvancoder\u002F","\u003Cp>Express posts provides a widget to display either a subset of posts, the children of a page or its siblings.\u003C\u002Fp>\n\u003Cp>The widget provides three modes.\u003C\u002Fp>\n\u003Cp>\u003Cem>Subset\u003C\u002Fem> will list a given number of posts from your selected categories. Date, date format, and excerpt are all optional.\u003C\u002Fp>\n\u003Cp>\u003Cem>Children\u003C\u002Fem> and \u003Cem>siblings\u003C\u002Fem> modes will list the immediate children or siblings of a page, respectively. You can include a placeholder in the widget title as a substitute for the parent page title. You can also choose to show or hide the widget on specific generations of pages, allowing extra flexibility on shared sidebars.\u003C\u002Fp>\n\u003Cp>In common with all of my plugins, Express Posts strives to follow best practice in WordPress coding. If you spy a bug or see room for improvement, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fexpress-posts\" rel=\"ugc\">let me know\u003C\u002Fa>.\u003C\u002Fp>\n","Express posts provides a widget to display either a subset of posts, the children of a page or its siblings.",2929,"2016-04-13T16:40:00.000Z","4.5.33",[101,20,21,22,23],"children","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexpress-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexpress-posts.1.3.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":43,"downloaded":112,"rating":26,"num_ratings":26,"last_updated":18,"tested_up_to":113,"requires_at_least":114,"requires_php":18,"tags":115,"homepage":18,"download_link":117,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":118},"galaxius-custom-sidebars","Galaxius Custom Sidebars","1.1","galaxiusmons","https:\u002F\u002Fprofiles.wordpress.org\u002Fgalaxiusmons\u002F","\u003Cp>This allows you to quickly create a unique sidebar for any post, page, category page or for all posts belonging to a category. You simply enter a name for the sidebar when you create or edit a post, page or category. Browse to Appearance -> Widgets, find your new sidebar and add some widgets to it.\u003C\u002Fp>\n","Allows quick creation of unique sidebars for posts, pages and categories.",1806,"3.6.1","3.5.1",[116,20,21,48,49],"custom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgalaxius-custom-sidebars.1.1.zip","2026-03-15T10:48:56.248Z",{"attackSurface":120,"codeSignals":165,"taintFlows":210,"riskAssessment":265,"analyzedAt":280},{"hooks":121,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":26,"unprotectedCount":26},[122,128,132,136,140,144,150,154,158],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","plugins_loaded","post_to_sidebar_setup","post_to_sidebar.php",34,{"type":123,"name":129,"callback":130,"file":126,"line":131},"widgets_init","post_to_sidebar_load_widgets",48,{"type":123,"name":133,"callback":134,"priority":14,"file":126,"line":135},"admin_init","post_to_sidebar_add_custom_box",64,{"type":123,"name":137,"callback":138,"file":126,"line":139},"admin_menu","post_to_sidebar_post_plugin_menu",68,{"type":123,"name":141,"callback":142,"file":126,"line":143},"save_post","post_to_sidebar_save_postdata",267,{"type":145,"name":146,"callback":147,"file":148,"line":149},"filter","body_class","post_to_sidebar_check","widget_post_to_sidebar.php",102,{"type":145,"name":151,"callback":152,"file":148,"line":153},"the_title","post_to_sidebar_title_check",142,{"type":145,"name":155,"callback":156,"file":148,"line":157},"the_content","post_to_sidebar_excerpt_check",160,{"type":123,"name":129,"callback":159,"file":148,"line":160},"anonymous",163,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":170,"outputEscaping":174,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":14,"bundledLibraries":209},[167],{"fn":168,"file":148,"line":160,"context":169},"create_function","add_action( 'widgets_init', create_function('', 'return register_widget(\"post_to_sidebar_widget\");')",{"prepared":26,"raw":14,"locations":171},[172],{"file":148,"line":25,"context":173},"$wpdb->get_results() with variable interpolation",{"escaped":175,"rawEcho":176,"locations":177},2,16,[178,181,183,185,187,189,191,193,195,197,199,201,203,205,207,208],{"file":126,"line":179,"context":180},111,"raw output",{"file":126,"line":182,"context":180},113,{"file":126,"line":184,"context":180},129,{"file":126,"line":186,"context":180},134,{"file":126,"line":188,"context":180},222,{"file":126,"line":190,"context":180},229,{"file":126,"line":192,"context":180},234,{"file":126,"line":194,"context":180},241,{"file":126,"line":196,"context":180},242,{"file":148,"line":198,"context":180},25,{"file":148,"line":200,"context":180},27,{"file":148,"line":202,"context":180},29,{"file":148,"line":204,"context":180},49,{"file":148,"line":206,"context":180},50,{"file":148,"line":206,"context":180},{"file":148,"line":206,"context":180},[],[211,248],{"entryPoint":212,"graph":213,"unsanitizedCount":26,"severity":247},"post_to_sidebar_plugin_options (post_to_sidebar.php:80)",{"nodes":214,"edges":241},[215,220,225,228,230,233,235,239],{"id":216,"type":217,"label":218,"file":126,"line":219},"n0","source","$_POST['p2s_use_locations']",83,{"id":221,"type":222,"label":223,"file":126,"line":219,"wp_function":224},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":226,"type":217,"label":227,"file":126,"line":31},"n2","$_POST['p2s_use_excerpt']",{"id":229,"type":222,"label":223,"file":126,"line":31,"wp_function":224},"n3",{"id":231,"type":217,"label":232,"file":126,"line":25},"n4","$_POST['p2s_use_title']",{"id":234,"type":222,"label":223,"file":126,"line":25,"wp_function":224},"n5",{"id":236,"type":217,"label":237,"file":126,"line":238},"n6","$_POST['p2s_post_types']",86,{"id":240,"type":222,"label":223,"file":126,"line":238,"wp_function":224},"n7",[242,244,245,246],{"from":216,"to":221,"sanitized":243},true,{"from":226,"to":229,"sanitized":243},{"from":231,"to":234,"sanitized":243},{"from":236,"to":240,"sanitized":243},"low",{"entryPoint":249,"graph":250,"unsanitizedCount":26,"severity":247},"\u003Cpost_to_sidebar> (post_to_sidebar.php:0)",{"nodes":251,"edges":260},[252,253,254,255,256,257,258,259],{"id":216,"type":217,"label":218,"file":126,"line":219},{"id":221,"type":222,"label":223,"file":126,"line":219,"wp_function":224},{"id":226,"type":217,"label":227,"file":126,"line":31},{"id":229,"type":222,"label":223,"file":126,"line":31,"wp_function":224},{"id":231,"type":217,"label":232,"file":126,"line":25},{"id":234,"type":222,"label":223,"file":126,"line":25,"wp_function":224},{"id":236,"type":217,"label":237,"file":126,"line":238},{"id":240,"type":222,"label":223,"file":126,"line":238,"wp_function":224},[261,262,263,264],{"from":216,"to":221,"sanitized":243},{"from":226,"to":229,"sanitized":243},{"from":231,"to":234,"sanitized":243},{"from":236,"to":240,"sanitized":243},{"summary":266,"deductions":267},"The \"post-to-sidebar\" plugin v1.1.4 demonstrates a generally good security posture with no known historical vulnerabilities and a zero attack surface from common entry points like AJAX, REST API, shortcodes, and cron events. The taint analysis also reveals no critical or high-severity unsanitized flows, which is a positive sign. However, the static code analysis highlights a significant concern: the presence of the `create_function` in the codebase. This function is deprecated and can lead to severe security issues, including arbitrary code execution, if not handled with extreme care and proper sanitization, which is not indicated here.\n\nFurthermore, the plugin's handling of SQL queries is concerning, with 100% of its single SQL query not using prepared statements. This makes it vulnerable to SQL injection attacks, especially if any user-supplied data is incorporated into the query. The low percentage of properly escaped outputs (11%) also indicates a high risk of cross-site scripting (XSS) vulnerabilities, as user-controlled data displayed on the frontend might not be properly neutralized.\n\nWhile the absence of historical CVEs and a lack of obvious vulnerabilities in taint analysis are strengths, the identified code signals point to critical areas of weakness. The reliance on `create_function` and the lack of prepared statements for SQL, coupled with poor output escaping, create significant potential security risks that outweigh the plugin's seemingly small attack surface and clean vulnerability history.",[268,271,273,276,278],{"reason":269,"points":270},"Use of dangerous function: create_function",15,{"reason":272,"points":43},"SQL queries without prepared statements",{"reason":274,"points":275},"Low percentage of properly escaped output",8,{"reason":277,"points":82},"No nonce checks",{"reason":279,"points":82},"Weak capability check usage","2026-03-16T22:26:38.997Z",{"wat":282,"direct":288},{"assetPaths":283,"generatorPatterns":285,"scriptPaths":286,"versionParams":287},[284],"\u002Fwp-content\u002Fplugins\u002Fpost-to-sidebar\u002Fwidget_post_to_sidebar.php",[],[],[],{"cssClasses":289,"htmlComments":290,"htmlAttributes":300,"restEndpoints":311,"jsGlobals":312,"shortcodeOutput":314},[],[291,292,293,294,295,296,297,298,299,298],"\u003C!--\n\n\t\tThis program is free software; you can redistribute it and\u002For modify\n\t\tit under the terms of the GNU General Public License, version 2, as \n\t\tpublished by the Free Software Foundation.\n\n\t\tThis program is distributed in the hope that it will be useful,\n\t\tbut WITHOUT ANY WARRANTY; without even the implied warranty of\n\t\tMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\tSee the\n\t\tGNU General Public License for more details.\n\n\t\tYou should have received a copy of the GNU General Public License\n\t\talong with this program; if not, write to the Free Software\n\t\tFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA\t02110-1301\tUSA\n\n-->","\u003C!--\n\n\u002F\u002F End of admin section\n\n-->","\u003C!--\n\n\t\tPrints the box content\n\n-->","\u003C!--\n\n\t\tChecks to see if an option is already selected in options table\n\n-->","\u003C!--\n\n\t\tChecks to see if an option is already selected in postsmeta\n\n-->","\u003C!--\n\n\t\tAdds a box to the main column on the edit screens\n\n-->","\u003C!--\n\n\tPrint the plugin admin screen\n\n-->","\u003C!--\n\n\t\tInitialize the plugin.  This function loads the required files needed for the plugin\n\t\tto run in the proper order.\n\n\t\t@since 1.0\n\t-->","\u003C!--\n\n\tLoads all the widget files at appropriate time. Calls the register function for each widget\n\n\t@since 1.0\n\t-->",[301,302,303,304,305,306,307,308,309,310,306,307],"name=\"p2s_use_title\"","name=\"p2s_use_excerpt\"","name=\"p2s_post_types[]\"","name=\"post-excerpt\"","name=\"post-title\"","value=\"yes\"","value=\"no\"","id=\"post_to_sidebar_title\"","id=\"post_to_sidebar_excerpt\"","id=\"post_to_sidebar_sectionid\"",[],[313],"post_to_sidebar_widget",[]]