[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTUveSsCIS7MsTNDlF4xGZ3z5XJoDZRAnGBiW4C-yqEg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":131,"fingerprints":486},"posts-to-events","Posts To Events","1.56","xdark","https:\u002F\u002Fprofiles.wordpress.org\u002Fxdarkeu\u002F","\u003Cp>This simple and elegant plugin adds callendar functionality to posts. As soon as you install and activate you can find a “Event Date Select” box in post add\u002Fedit section. Choose a date for your event and it will be displayed wherever you place pugins widget. When an event is over it won’t apear anymore.\u003C\u002Fp>\n\u003Cp>Works great with custom themes or other calendar plugins.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress built in javascript date picker\u003C\u002Fli>\n\u003Cli>Change thumbnail size\u003C\u002Fli>\n\u003Cli>Change color, size, type of the text to displayed on the fly through the widget options\u003C\u002Fli>\n\u003Cli>Layout fully customizable through a provided css stylesheet (although id’s and classes are provided, you’ll need some css skills here)\u003C\u002Fli>\n\u003C\u002Ful>\n","This is a simple plugin for adding callendar functionality to posts.",10,2284,40,1,"2013-05-19T12:19:00.000Z","3.5.2","3.0.1","",[20,21,22,23],"calendar","events","post","posts","http:\u002F\u002Fshowcase.xdark.eu\u002Fpoststoevents\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-to-events.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"xdarkeu",30,84,"2026-04-04T13:43:47.571Z",[37,52,76,95,112],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":27,"num_ratings":27,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":18,"tags":49,"homepage":50,"download_link":51,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"calendar-posts","Calendar Posts","0.7.1","swedish boy","https:\u002F\u002Fprofiles.wordpress.org\u002Fswedish-boy\u002F","\u003Cp>Adds a ‘calendar-box’ to the edit post mode. Here you set up to 10 different dates for your post to be associated with. Through a sidebar widget you control how to display posts that have upcoming dates set to them. This plugin should work fine with other post plugins and the posts you add “calendar-post-dates” will still be displayed in your normal blog post flow.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds Date Picker (jQuery) box to ‘edit post mode’.\u003C\u002Fli>\n\u003Cli>Up to 10 different dates can be set for one post.\u003C\u002Fli>\n\u003Cli>Configurable widget to choose how your sidebar calendar will look.\u003C\u002Fli>\n\u003Cli>CSS customizable through your themes stylesheet. Developers can style the output as they like. (Non developers can pick some css-code in the FAQ’s)\u003C\u002Fli>\n\u003C\u002Ful>\n","A powerful yet simple plugin for adding calendar functionality to posts. Great for using posts as events and calendar inputs.",8474,"2011-05-18T01:09:00.000Z","3.1.4","2.8",[20,38,21,22,23],"http:\u002F\u002Fwww.swedishboy.dk\u002Fproducts\u002Fcalendar-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalendar-posts.0.7.1.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":72,"download_link":73,"security_score":74,"vuln_count":14,"unpatched_count":27,"last_vuln_date":75,"fetched_at":29},"same-category-posts","Same Category Posts","1.1.20","Daniel Floeter","https:\u002F\u002Fprofiles.wordpress.org\u002Fkometschuh\u002F","\u003Cp>Same Category Posts shows a list of related posts with a same Post Type to the current post. The widget is only shown on single post pages. Forked from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-widget\" rel=\"ugc\">Related Posts Widget\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Tip Top Press\u003C\u002Fh4>\n\u003Cp>We’re \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002F\" rel=\"nofollow ugc\">Tip Top Press\u003C\u002Fa> and create widgets for WordPress. If you want to know about what we’re working on and you are interested in backgrounds then you can read all newes storys on our \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002Fblog\u002F?utm_source=wp.org&utm_medium=readme.txt&utm_campaign=same+category+posts\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Shows a list of related posts.\u003C\u002Fli>\n\u003Cli>Option which Post Type should be related to the current post.\u003C\u002Fli>\n\u003Cli>Custom Post Types support.\u003C\u002Fli>\n\u003Cli>Child category and terms support.\u003C\u002Fli>\n\u003Cli>Archive page support.\u003C\u002Fli>\n\u003Cli>Option exclude one or multi categories or terms.\u003C\u002Fli>\n\u003Cli>Option to filter by popular posts (by comment count).\u003C\u002Fli>\n\u003Cli>Option \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002Fnew-dynamic-layout-feature-separate-categories\u002F\" rel=\"nofollow ugc\">separate categories\u003C\u002Fa> if more than one is assigned.\u003C\u002Fli>\n\u003Cli>Set how many posts to show (overall and by category).\u003C\u002Fli>\n\u003Cli>Option exclude current post, sticky posts or children.\u003C\u002Fli>\n\u003Cli>Option exclude categories and terms without exclude their children.\u003C\u002Fli>\n\u003Cli>Placeholders in title string (e.g. “There are a lot of %cat%-News.” -> “There are a lot of Tech-News.”).\u003C\u002Fli>\n\u003Cli>Filter hook for the post titles ‘widget_title’.\u003C\u002Fli>\n\u003Cli>Option to show post thumbnail and set width & height.\u003C\u002Fli>\n\u003Cli>Option to \u003Ca href=\"http:\u002F\u002Ftiptoppress.com\u002Fcss-image-crop\u002F\" rel=\"nofollow ugc\">crop thumbnails dimensions with CSS\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Option to put thumbnail on top.\u003C\u002Fli>\n\u003Cli>Option to make the widget title link to the category page.\u003C\u002Fli>\n\u003Cli>Option to show\u002Fhide the title.\u003C\u002Fli>\n\u003Cli>Option to show the post excerpt and how long (in words).\u003C\u002Fli>\n\u003Cli>Option change excerpt ‘more’ text.\u003C\u002Fli>\n\u003Cli>Option to show the post date, author and comment count.\u003C\u002Fli>\n\u003Cli>Multiple widgets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Placeholder\u003C\u002Fh4>\n\u003Cp>In text boxes \u003Cstrong>%cat%\u003C\u002Fstrong> will replaced with the (first assigned) category name, e.g. “There are a lot of %cat%-News.” -> “There are a lot of Tech-News.”\u003C\u002Fp>\n\u003Cp>And \u003Cstrong>%cat-all%\u003C\u002Fstrong> will replaced with all assigned category name, e.g. “Special offers for %cat-all%!” -> “Special offers for houses, flats, apartments.”\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>While using this plugin if you find any bug or any conflict, please submit an issue at\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielFloeter\u002Fsame-category-posts\" rel=\"nofollow ugc\">Github\u003C\u002Fa> (If possible with a pull request).\u003C\u002Fp>\n","Show posts related to the current category or other custom post types.",3000,71571,94,13,"2026-01-21T22:07:00.000Z","6.9.4","3.0",[68,21,69,70,71],"custom-post-type","products","related","related-posts","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsame-category-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsame-category-posts.1.1.20.zip",99,"2026-01-23 19:17:25",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":62,"num_ratings":11,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":91,"download_link":92,"security_score":34,"vuln_count":93,"unpatched_count":27,"last_vuln_date":94,"fetched_at":29},"schedule-posts-calendar","Schedule Posts Calendar","5.3","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>Adds a JavaScript calendar to the scheduled publish widget to allow you to select a date and time graphically instead of via the text entry boxes.\u003C\u002Fp>\n\u003Cp>This plugin uses the gpl’d dhtmlxcalendar (http:\u002F\u002Fdhtmlx.com\u002Fdocs\u002Fproducts\u002FdhtmlxCalendar\u002Findex.shtml) for the calendar control.\u003C\u002Fp>\n\u003Cp>This code is released under the GPL v2, see license.txt for details.\u003C\u002Fp>\n\u003Ch3>Roadmap\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>None at this time.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a JavaScript calendar to the scheduled publish widget to allow you to select a date and time graphically instead of via the text entry boxes.",1000,35574,"2023-12-03T02:54:00.000Z","6.4.8","3.0.0",[90,20,23],"admin","http:\u002F\u002Ftoolstack.com\u002FSchedulePostsCalendar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fschedule-posts-calendar.5.3.zip",2,"2023-08-16 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":84,"downloaded":103,"rating":62,"num_ratings":63,"last_updated":104,"tested_up_to":65,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":109,"download_link":110,"security_score":111,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"the-future-is-now","The Future Is Now","3.3.8","xjlin0","https:\u002F\u002Fprofiles.wordpress.org\u002Fxjlin0\u002F","\u003Cp>A WordPress plugin aimed primarily at events sites, where you want to be able to timestamp posts in the future but have them appear immediately (by default, WordPress will not display a future timestamped post until its go-live date rolls around). Without changing database, this plugin sets the post_status field to “publish” rather than “future” when publishing a post, even if its timestamp is in the future.\u003C\u002Fp>\n\u003Cp>Note: This 2.0 version requires WordPress 3.5 or higher. If you need this to work with versions lower than 3.5, grab the 1.0 version from svn: https:\u002F\u002Fplugins.svn.wordpress.org\u002Fthe-future-is-now\u002Ftags\u002F1.0\u002F\u003C\u002Fp>\n\u003Ch3>Note\u003C\u002Fh3>\n\u003Cp>This seemingly simple plugin was graciously written by the magical Ryan Boren when I was facing a deadline. He doesn’t have time to maintain\u002Fhost it, so I agreed to. Andrew Nacin tweaked it to work with WP 3.5, when the APIs changed a bit. Jack updated the plugin for WordPress 6.8.\u003C\u002Fp>\n","Allow future-time-stamped posts to appear live on your site immediately.",36817,"2026-02-08T03:35:00.000Z","5.6",[21,107,23,108],"future","time","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fthe-future-is-now\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthe-future-is-now.3.3.8.zip",100,{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":111,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":16,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":129,"download_link":130,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"blog-post-calendar-widget","Blog Post Calendar Widget","1.1","Ron Zvagelsky","https:\u002F\u002Fprofiles.wordpress.org\u002Frzvagelsky\u002F","\u003Cp>Monthly grid view calendar widget highlighting archived and\u002For future posts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Popup details for each date with posts\u003C\u002Fli>\n\u003Cli>Optional details include post author and comment count.\u003C\u002Fli>\n\u003Cli>Ability to show posts by post type, category, specific taxonomy and\u002For term\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fpresshive.com\u002Fplugins\u002Fwordpress-blog-post-calendar-plugin\" rel=\"nofollow ugc\">\u003Cstrong>For more information or to request additional features, please visit the plugin page\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n","The Blog Posts Calendar Widget allows you to display your archived or future posts in a calendar as a sidebar widget.",14402,96,8,"2013-05-24T19:47:00.000Z","3.2",[20,126,127,23,128],"future-posts","post-types","widget","http:\u002F\u002Fpresshive.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-post-calendar-widget.zip",{"attackSurface":132,"codeSignals":174,"taintFlows":393,"riskAssessment":472,"analyzedAt":485},{"hooks":133,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":27,"unprotectedCount":27},[134,140,145,149,153,156,161,163,165,166,167,168],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","wp_enqueue_scripts","pte_stylesheet_loader","1.56\\posts_to_events.php",12,{"type":135,"name":141,"callback":142,"file":143,"line":144},"admin_enqueue_scripts","pte_jq_scripts","1.56\\pte_admin.php",24,{"type":135,"name":146,"callback":147,"file":143,"line":148},"add_meta_boxes","pte_register_metabox",87,{"type":135,"name":150,"callback":151,"file":143,"line":152},"save_post","pte_date_save_data",105,{"type":135,"name":150,"callback":154,"priority":11,"file":143,"line":155},"pte_date_del_data",123,{"type":135,"name":157,"callback":158,"file":159,"line":160},"widgets_init","anonymous","1.56\\widget.php",287,{"type":135,"name":136,"callback":137,"file":162,"line":139},"posts_to_events.php",{"type":135,"name":141,"callback":142,"file":164,"line":144},"pte_admin.php",{"type":135,"name":146,"callback":147,"file":164,"line":148},{"type":135,"name":150,"callback":151,"file":164,"line":152},{"type":135,"name":150,"callback":154,"priority":11,"file":164,"line":155},{"type":135,"name":157,"callback":158,"file":169,"line":160},"widget.php",[],[],[],[],{"dangerousFunctions":175,"sqlUsage":180,"outputEscaping":188,"fileOperations":390,"externalRequests":93,"nonceChecks":391,"capabilityChecks":93,"bundledLibraries":392},[176,179],{"fn":177,"file":159,"line":160,"context":178},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget( \"Post_Events_widget\" );' ) );",{"fn":177,"file":169,"line":160,"context":178},{"prepared":181,"raw":93,"locations":182},4,[183,186],{"file":184,"line":63,"context":185},"1.56\\uninstall.php","$wpdb->get_col() with variable interpolation",{"file":187,"line":63,"context":185},"uninstall.php",{"escaped":189,"rawEcho":190,"locations":191},36,144,[192,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,225,227,229,230,232,234,235,236,238,240,241,243,245,246,247,249,251,252,253,255,257,258,260,262,263,265,267,268,270,272,274,276,278,280,282,283,285,286,288,290,291,293,295,296,297,299,301,302,304,306,307,309,311,312,313,315,317,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389],{"file":193,"line":194,"context":195},"1.56\\inc\\tim\\timthumb.php",218,"raw output",{"file":193,"line":197,"context":195},415,{"file":193,"line":199,"context":195},416,{"file":193,"line":201,"context":195},1030,{"file":193,"line":203,"context":195},1230,{"file":143,"line":205,"context":195},43,{"file":159,"line":207,"context":195},71,{"file":159,"line":209,"context":195},73,{"file":159,"line":211,"context":195},107,{"file":159,"line":213,"context":195},108,{"file":159,"line":215,"context":195},109,{"file":159,"line":217,"context":195},120,{"file":159,"line":219,"context":195},165,{"file":159,"line":221,"context":195},167,{"file":159,"line":223,"context":195},168,{"file":159,"line":223,"context":195},{"file":159,"line":226,"context":195},171,{"file":159,"line":228,"context":195},172,{"file":159,"line":228,"context":195},{"file":159,"line":231,"context":195},174,{"file":159,"line":233,"context":195},175,{"file":159,"line":233,"context":195},{"file":159,"line":233,"context":195},{"file":159,"line":237,"context":195},177,{"file":159,"line":239,"context":195},178,{"file":159,"line":239,"context":195},{"file":159,"line":242,"context":195},184,{"file":159,"line":244,"context":195},185,{"file":159,"line":244,"context":195},{"file":159,"line":244,"context":195},{"file":159,"line":248,"context":195},188,{"file":159,"line":250,"context":195},189,{"file":159,"line":250,"context":195},{"file":159,"line":250,"context":195},{"file":159,"line":254,"context":195},190,{"file":159,"line":256,"context":195},191,{"file":159,"line":256,"context":195},{"file":159,"line":259,"context":195},195,{"file":159,"line":261,"context":195},196,{"file":159,"line":261,"context":195},{"file":159,"line":264,"context":195},201,{"file":159,"line":266,"context":195},202,{"file":159,"line":266,"context":195},{"file":159,"line":269,"context":195},203,{"file":159,"line":271,"context":195},204,{"file":159,"line":273,"context":195},205,{"file":159,"line":275,"context":195},206,{"file":159,"line":277,"context":195},207,{"file":159,"line":279,"context":195},208,{"file":159,"line":281,"context":195},209,{"file":159,"line":194,"context":195},{"file":159,"line":284,"context":195},219,{"file":159,"line":284,"context":195},{"file":159,"line":287,"context":195},223,{"file":159,"line":289,"context":195},224,{"file":159,"line":289,"context":195},{"file":159,"line":292,"context":195},225,{"file":159,"line":294,"context":195},226,{"file":159,"line":294,"context":195},{"file":159,"line":294,"context":195},{"file":159,"line":298,"context":195},230,{"file":159,"line":300,"context":195},231,{"file":159,"line":300,"context":195},{"file":159,"line":303,"context":195},235,{"file":159,"line":305,"context":195},236,{"file":159,"line":305,"context":195},{"file":159,"line":308,"context":195},237,{"file":159,"line":310,"context":195},238,{"file":159,"line":310,"context":195},{"file":159,"line":310,"context":195},{"file":159,"line":314,"context":195},242,{"file":159,"line":316,"context":195},243,{"file":318,"line":194,"context":195},"inc\\tim\\timthumb.php",{"file":318,"line":197,"context":195},{"file":318,"line":199,"context":195},{"file":318,"line":201,"context":195},{"file":318,"line":203,"context":195},{"file":164,"line":205,"context":195},{"file":169,"line":207,"context":195},{"file":169,"line":209,"context":195},{"file":169,"line":211,"context":195},{"file":169,"line":213,"context":195},{"file":169,"line":215,"context":195},{"file":169,"line":217,"context":195},{"file":169,"line":219,"context":195},{"file":169,"line":221,"context":195},{"file":169,"line":223,"context":195},{"file":169,"line":223,"context":195},{"file":169,"line":226,"context":195},{"file":169,"line":228,"context":195},{"file":169,"line":228,"context":195},{"file":169,"line":231,"context":195},{"file":169,"line":233,"context":195},{"file":169,"line":233,"context":195},{"file":169,"line":233,"context":195},{"file":169,"line":237,"context":195},{"file":169,"line":239,"context":195},{"file":169,"line":239,"context":195},{"file":169,"line":242,"context":195},{"file":169,"line":244,"context":195},{"file":169,"line":244,"context":195},{"file":169,"line":244,"context":195},{"file":169,"line":248,"context":195},{"file":169,"line":250,"context":195},{"file":169,"line":250,"context":195},{"file":169,"line":250,"context":195},{"file":169,"line":254,"context":195},{"file":169,"line":256,"context":195},{"file":169,"line":256,"context":195},{"file":169,"line":259,"context":195},{"file":169,"line":261,"context":195},{"file":169,"line":261,"context":195},{"file":169,"line":264,"context":195},{"file":169,"line":266,"context":195},{"file":169,"line":266,"context":195},{"file":169,"line":269,"context":195},{"file":169,"line":271,"context":195},{"file":169,"line":273,"context":195},{"file":169,"line":275,"context":195},{"file":169,"line":277,"context":195},{"file":169,"line":279,"context":195},{"file":169,"line":281,"context":195},{"file":169,"line":194,"context":195},{"file":169,"line":284,"context":195},{"file":169,"line":284,"context":195},{"file":169,"line":287,"context":195},{"file":169,"line":289,"context":195},{"file":169,"line":289,"context":195},{"file":169,"line":292,"context":195},{"file":169,"line":294,"context":195},{"file":169,"line":294,"context":195},{"file":169,"line":294,"context":195},{"file":169,"line":298,"context":195},{"file":169,"line":300,"context":195},{"file":169,"line":300,"context":195},{"file":169,"line":303,"context":195},{"file":169,"line":305,"context":195},{"file":169,"line":305,"context":195},{"file":169,"line":308,"context":195},{"file":169,"line":310,"context":195},{"file":169,"line":310,"context":195},{"file":169,"line":310,"context":195},{"file":169,"line":314,"context":195},{"file":169,"line":316,"context":195},56,6,[],[394,412,429,442,450,461],{"entryPoint":395,"graph":396,"unsanitizedCount":14,"severity":411},"tryBrowserCache (1.56\\inc\\tim\\timthumb.php:325)",{"nodes":397,"edges":408},[398,403],{"id":399,"type":400,"label":401,"file":193,"line":402},"n0","source","$_SERVER['SERVER_PROTOCOL']",355,{"id":404,"type":405,"label":406,"file":193,"line":402,"wp_function":407},"n1","sink","header() [Header Injection]","header",[409],{"from":399,"to":404,"sanitized":410},false,"medium",{"entryPoint":413,"graph":414,"unsanitizedCount":93,"severity":411},"serveErrors (1.56\\inc\\tim\\timthumb.php:408)",{"nodes":415,"edges":426},[416,418,419,422],{"id":399,"type":400,"label":401,"file":193,"line":417},409,{"id":404,"type":405,"label":406,"file":193,"line":417,"wp_function":407},{"id":420,"type":400,"label":421,"file":193,"line":199},"n2","$_SERVER['QUERY_STRING']",{"id":423,"type":405,"label":424,"file":193,"line":199,"wp_function":425},"n3","echo() [XSS]","echo",[427,428],{"from":399,"to":404,"sanitized":410},{"from":420,"to":423,"sanitized":410},{"entryPoint":430,"graph":431,"unsanitizedCount":441,"severity":411},"\u003Ctimthumb> (1.56\\inc\\tim\\timthumb.php:0)",{"nodes":432,"edges":438},[433,435,436,437],{"id":399,"type":400,"label":434,"file":193,"line":402},"$_SERVER['SERVER_PROTOCOL'] (x2)",{"id":404,"type":405,"label":406,"file":193,"line":402,"wp_function":407},{"id":420,"type":400,"label":421,"file":193,"line":199},{"id":423,"type":405,"label":424,"file":193,"line":199,"wp_function":425},[439,440],{"from":399,"to":404,"sanitized":410},{"from":420,"to":423,"sanitized":410},3,{"entryPoint":443,"graph":444,"unsanitizedCount":14,"severity":411},"tryBrowserCache (inc\\tim\\timthumb.php:325)",{"nodes":445,"edges":448},[446,447],{"id":399,"type":400,"label":401,"file":318,"line":402},{"id":404,"type":405,"label":406,"file":318,"line":402,"wp_function":407},[449],{"from":399,"to":404,"sanitized":410},{"entryPoint":451,"graph":452,"unsanitizedCount":93,"severity":411},"serveErrors (inc\\tim\\timthumb.php:408)",{"nodes":453,"edges":458},[454,455,456,457],{"id":399,"type":400,"label":401,"file":318,"line":417},{"id":404,"type":405,"label":406,"file":318,"line":417,"wp_function":407},{"id":420,"type":400,"label":421,"file":318,"line":199},{"id":423,"type":405,"label":424,"file":318,"line":199,"wp_function":425},[459,460],{"from":399,"to":404,"sanitized":410},{"from":420,"to":423,"sanitized":410},{"entryPoint":462,"graph":463,"unsanitizedCount":441,"severity":411},"\u003Ctimthumb> (inc\\tim\\timthumb.php:0)",{"nodes":464,"edges":469},[465,466,467,468],{"id":399,"type":400,"label":434,"file":318,"line":402},{"id":404,"type":405,"label":406,"file":318,"line":402,"wp_function":407},{"id":420,"type":400,"label":421,"file":318,"line":199},{"id":423,"type":405,"label":424,"file":318,"line":199,"wp_function":425},[470,471],{"from":399,"to":404,"sanitized":410},{"from":420,"to":423,"sanitized":410},{"summary":473,"deductions":474},"The \"posts-to-events\" plugin v1.56 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events directly exposed without authentication. This suggests a deliberate effort to limit potential entry points. The presence of nonce and capability checks, although limited in number, is a good practice.  However, the code analysis highlights significant concerns regarding the use of dangerous functions like `create_function`, which is known to be a source of vulnerabilities if not handled with extreme care. Furthermore, a low rate of proper output escaping (20%) presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities, as data displayed to users may not be sufficiently sanitized. The taint analysis, while showing no critical or high severity flows, did reveal that all analyzed flows involved unsanitized paths, which, when combined with the poor output escaping, increases the risk.  The complete lack of recorded vulnerabilities in its history is a positive indicator, suggesting the plugin has been relatively stable or well-maintained in the past. However, this historical data should not overshadow the identified code-level risks. In conclusion, while the plugin has a small attack surface, the identified use of dangerous functions and a high percentage of improperly escaped output are substantial weaknesses that require attention and mitigation. The absence of historical CVEs is a strength, but the current code analysis points to potential future vulnerabilities.",[475,478,480,482],{"reason":476,"points":477},"Use of dangerous function `create_function`",15,{"reason":479,"points":139},"Low output escaping rate (20%)",{"reason":481,"points":122},"All taint flows have unsanitized paths",{"reason":483,"points":484},"SQL queries (33%) without prepared statements",5,"2026-03-17T01:42:04.574Z",{"wat":487,"direct":496},{"assetPaths":488,"generatorPatterns":490,"scriptPaths":491,"versionParams":493},[489],"\u002Fwp-content\u002Fplugins\u002Fposts-to-events\u002Fpte_style.css",[],[492],"\u002Fwp-content\u002Fplugins\u002Fposts-to-events\u002Fscript.js",[494,495],"posts-to-events\u002Fpte_style.css?ver=","posts-to-events\u002Finc\u002Fjquery-ui-1.10.2\u002Fcss\u002Fexcite-bike\u002Fjquery-ui-1.10.2.custom.css?ver=",{"cssClasses":497,"htmlComments":500,"htmlAttributes":507,"restEndpoints":511,"jsGlobals":512,"shortcodeOutput":514},[498,499],"Delete","Submit",[501,502,503,504,505,506],"\u003C!-- #? This file contains the admin panel options -->","\u003C!-- #? Load widget file -->","\u003C!-- #? Register the date metabox for all post types-->","\u003C!-- #? Store date data in post meta table -->","\u003C!-- #? Delete date data in post meta table -->","\u003C!--button id=\"pte_date_but\" class=\"button Submit\" type=\"submit\" title=\"text\" value=\"\" name=\"pte_date_delete\">Add\u003C\u002Fbutton -->",[508,509,510],"pte_date","pte_date_nonce","pte_date_delete",[],[513],"jQuery",[]]