[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKM5axhJ73H70ahcsNOP8VMrslI0WpHTxfkQwF6bxIUs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":84,"fingerprints":177},"pro-categories-widget","Pro Categories Widget","1.3","Shambhu Patnaik","https:\u002F\u002Fprofiles.wordpress.org\u002Fshambhu-patnaik\u002F","\u003Cp>Pro Categories Widget plugin.You have choice to specific categories exclude.\u003C\u002Fp>\n\u003Ch4>Features :\u003C\u002Fh4>\n\u003Col>\n\u003Cli>You have choice to specific categories exclude.\u003C\u002Fli>\n\u003Cli>Show post count like WordPress category widget.\u003C\u002Fli>\n\u003Cli>Exclude multiple categories (comma separated).\u003C\u002Fli>\n\u003Cli>Show all categories.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>More detail : http:\u002F\u002Fsocialcms.wordpress.com\u002F\u003C\u002Fp>\n","Pro Categories Widget plugin.You have choice to specific categories exclude.",900,22864,96,11,"2019-03-26T04:17:00.000Z","5.1.22","2.9","",[20,21,22,4],"advanced-categories-widget","exclude-categories","exclude-categories-widget","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpro-categories-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpro-categories-widget.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"shambhu-patnaik",7,2540,82,30,81,"2026-04-04T09:07:53.469Z",[39,64],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":26,"last_vuln_date":63,"fetched_at":28},"ultimate-category-excluder","Ultimate Category Excluder","1.7","Marios Alexandrou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarios-alexandrou\u002F","\u003Cp>Ultimate Category Excluder, abbreviated as UCE, is a WordPress plugin that allows you to quickly and easily exclude categories from your front page, archives, feeds, and searches. Just select which categories you want to be excluded, and UCE does all the work for you!\u003C\u002Fp>\n","Ultimate Category Excluder allows you to quickly and easily exclude categories from your front page, archives, feeds, and search results.",50000,549023,84,77,"2025-12-29T14:20:00.000Z","6.9.4","5.0",[21,55,56,57,58],"exclude-category","hidden-category","hide-categories","hide-category","http:\u002F\u002Finfolific.com\u002Ftechnology\u002Fsoftware-worth-using\u002Fultimate-category-excluder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-category-excluder.zip",99,1,"2020-01-08 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":32,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":18,"tags":78,"homepage":82,"download_link":83,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wonderplugin-exclude-category","Exclude Category from Blog","1.2","WonderPlugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fwonderplugin\u002F","\u003Cp>\u003Cstrong>Exclude Categories from Blog\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Exclude Category from Blog is a WordPress plugin to exclude categories from WordPress blog page, home page and search result.\u003C\u002Fp>\n\u003Cp>When you setup a WordPress blog, by default, WordPress will display posts from all categories on your home page or blog page. In some cases, you may want to exclude some posts from displaying on the blog, for example, password protected posts or posts that are not part of your normal blog content. You can assign these posts to a category, then use Exclude Category from Blog to stop them from displaying on the blog.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exclude categories from WordPress blog page or home page\u003C\u002Fli>\n\u003Cli>Exclude categories from search result\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How to Use\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>After the plugin is installed and activated, in WordPress backend, goto left menu Settings -> Exclude Categories, configure the categories to be excluded\u003C\u002Fli>\n\u003C\u002Ful>\n","Exclude categories from WordPress blog page, home page and search",1000,11204,80,"2023-12-05T23:38:00.000Z","6.4.8","3.6",[21,55,79,80,81],"exclude-category-from-blog","exclude-category-from-home","exclude-category-from-search","https:\u002F\u002Fwww.wonderplugin.com\u002Fwordpress-exclude-category-from-blog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwonderplugin-exclude-category.zip",{"attackSurface":85,"codeSignals":97,"taintFlows":161,"riskAssessment":162,"analyzedAt":176},{"hooks":86,"ajaxHandlers":93,"restRoutes":94,"shortcodes":95,"cronEvents":96,"entryPointCount":26,"unprotectedCount":26},[87],{"type":88,"name":89,"callback":90,"file":91,"line":92},"action","widgets_init","anonymous","pro-categories-widget.php",118,[],[],[],[],{"dangerousFunctions":98,"sqlUsage":102,"outputEscaping":104,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":160},[99],{"fn":100,"file":91,"line":92,"context":101},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget( \"Pro_Categories_Widget\" );' ) );",{"prepared":26,"raw":26,"locations":103},[],{"escaped":105,"rawEcho":106,"locations":107},2,33,[108,111,112,114,115,117,119,120,122,123,124,126,127,129,131,133,134,135,137,139,140,141,142,143,145,147,148,150,152,153,155,157,158],{"file":91,"line":109,"context":110},28,"raw output",{"file":91,"line":35,"context":110},{"file":91,"line":113,"context":110},41,{"file":91,"line":113,"context":110},{"file":91,"line":116,"context":110},42,{"file":91,"line":118,"context":110},43,{"file":91,"line":118,"context":110},{"file":91,"line":121,"context":110},44,{"file":91,"line":121,"context":110},{"file":91,"line":121,"context":110},{"file":91,"line":125,"context":110},47,{"file":91,"line":125,"context":110},{"file":91,"line":128,"context":110},66,{"file":91,"line":130,"context":110},91,{"file":91,"line":132,"context":110},92,{"file":91,"line":132,"context":110},{"file":91,"line":132,"context":110},{"file":91,"line":136,"context":110},94,{"file":91,"line":138,"context":110},95,{"file":91,"line":138,"context":110},{"file":91,"line":138,"context":110},{"file":91,"line":61,"context":110},{"file":91,"line":61,"context":110},{"file":91,"line":144,"context":110},100,{"file":91,"line":146,"context":110},102,{"file":91,"line":146,"context":110},{"file":91,"line":149,"context":110},103,{"file":91,"line":151,"context":110},105,{"file":91,"line":151,"context":110},{"file":91,"line":154,"context":110},106,{"file":91,"line":156,"context":110},108,{"file":91,"line":156,"context":110},{"file":91,"line":159,"context":110},109,[],[],{"summary":163,"deductions":164},"The \"pro-categories-widget\" v1.3 plugin exhibits a mixed security posture. While it has a negligible attack surface and no recorded vulnerabilities (CVEs), the static analysis reveals several concerning code signals. The presence of the deprecated and inherently insecure `create_function` function is a significant red flag, as it can be exploited to execute arbitrary PHP code if user input is not meticulously sanitized before being passed to it. Furthermore, the extremely low percentage of properly escaped output (6%) suggests a high probability of cross-site scripting (XSS) vulnerabilities, where attackers could inject malicious scripts into the website through the widget's output.\n\nDespite the absence of known vulnerabilities and a clean taint analysis, the internal code quality raises concerns. The lack of nonce checks and capability checks on potential entry points (even though none were identified in this analysis, it's a general good practice to implement them) further weakens its security. The plugin's strengths lie in its limited attack surface and complete reliance on prepared statements for any potential SQL operations. However, the identified code signals, particularly the use of `create_function` and poor output escaping, present a tangible risk that could be exploited in the absence of strong input sanitization, leading to code execution or XSS vulnerabilities.",[165,168,171,174],{"reason":166,"points":167},"Use of dangerous function: create_function",15,{"reason":169,"points":170},"Low percentage of properly escaped output",8,{"reason":172,"points":173},"Missing nonce checks",5,{"reason":175,"points":173},"Missing capability checks","2026-03-16T19:15:57.909Z",{"wat":178,"direct":183},{"assetPaths":179,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[],[],[],[],{"cssClasses":184,"htmlComments":186,"htmlAttributes":187,"restEndpoints":190,"jsGlobals":191,"shortcodeOutput":194},[185],"widget_categories",[],[188,189],"id=\"cat_\u003C?php echo $this->number;?>\"","onchange=\"onCatChange_\u003C?php echo $this->number;?>()\"",[],[192,193],"dropdown_\u003C?php echo $this->number;?>","onCatChange_\u003C?php echo $this->number;?>",[]]