[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3-TtDUYQMP436qE5AL0A5MGfOyN8Af3tX3MbOpX7Q-A":3,"$faNodVyi2Kw0Vu62CLEKrLQbCnDcG3VGbYwGGNR-5kz8":291,"$fU6ZWScnleyYPhw6w_ioI7BJ0p2dTKylGWZYuY9iSfGI":295},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":130,"fingerprints":266},"query-editor","Query Editor","0.3.1","Robert O'Rourke","https:\u002F\u002Fprofiles.wordpress.org\u002Fsanchothefat\u002F","\u003Cp>Adds a simple set of options to modify the default query. Be careful, this affects all list type\u003Cbr \u002F>\npages on the site and not just the home page.\u003C\u002Fp>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Customise the post types used\u003C\u002Fli>\n\u003Cli>Exclude terms from any taxonomy\u003C\u002Fli>\n\u003Cli>Change the ordering\u003C\u002Fli>\n\u003Cli>Set an offset to skip posts\u003C\u002Fli>\n\u003Cli>Turn paging off\u003C\u002Fli>\n\u003Cli>Use a simple meta query\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Any problems, bugs or feature requests will be answered the quickest on twitter \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsanchothefat\" rel=\"nofollow ugc\">@sanchothefat\u003C\u002Fa>.\u003C\u002Fp>\n","Adds a simple set of options to modify the default query by changing what post types are used, the ordering and more.",10,2263,0,"2012-03-12T12:10:00.000Z","3.3.2","3.3","",[19,20,21,22,23],"custom-post-types","editor","loop","posts","query","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-editor.0.3.1.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sanchothefat",5,740,30,84,"2026-05-19T19:28:24.814Z",[38,59,76,96,114],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":13,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"cherry-pick-for-query-loop","Cherry Pick for Query Loop","1.0.1","Tatsuya Saito","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaito3110\u002F","\u003Cp>Cherry Pick for Query Loop extends the core Query Loop block with a post picking feature. Select specific posts and display them in any order you choose.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Pick specific posts to display in Query Loop block\u003C\u002Fli>\n\u003Cli>Search and select posts by title\u003C\u002Fli>\n\u003Cli>Display posts in your selected order\u003C\u002Fli>\n\u003Cli>Respects Query Loop filters (parent, category, keyword, etc.)\u003C\u002Fli>\n\u003Cli>Works with any post type\u003C\u002Fli>\n\u003Cli>Fully compatible with block themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Add a Query Loop block to your page\u003C\u002Fli>\n\u003Cli>In the block settings sidebar, find the “Pick Posts” panel\u003C\u002Fli>\n\u003Cli>Search and select posts from the dropdown\u003C\u002Fli>\n\u003Cli>Posts will be displayed in the order you selected\u003C\u002Fli>\n\u003Cli>To return to default behavior, simply remove all selected posts\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Note: When posts are selected, sorting and sticky post settings are ignored.\u003C\u002Fp>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>Source code and build tools are available at:\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fsitutty\u002Fcherry-pick-for-query-loop\u003C\u002Fp>\n","Pick specific posts for Query Loop block and display them in your preferred order.",166,"2026-01-28T13:15:00.000Z","6.9.4","6.4","7.4",[52,53,54,22,55],"block-editor","cherry-pick","gutenberg","query-loop","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcherry-pick-for-query-loop\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcherry-pick-for-query-loop.1.0.1.zip",100,{"slug":60,"name":61,"version":41,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":13,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":17,"download_link":75,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"master-query-loop","Master Query Loop","dat09.vuquoc","https:\u002F\u002Fprofiles.wordpress.org\u002Fdatvimaru50\u002F","\u003Cp>Master Query Loop is a plugin that helps you to add advanced features to the WordPress core query loop block:\u003Cbr \u002F>\n* Search and select specific posts you want to display\u003Cbr \u002F>\n* Display most viewed posts in a specific range of date\u003Cbr \u002F>\n* Turn on\u002Foff counting post view\u003C\u002Fp>\n","The plugin helps you to add advanced features to the WordPress core query loop block: get specific posts, popular posts and more!",763,"2023-06-12T10:40:00.000Z","6.2.9","5.9","7.0",[72,52,73,55,74],"block","popular-posts","specific-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmaster-query-loop.1.0.1.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":58,"num_ratings":86,"last_updated":87,"tested_up_to":48,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":93,"download_link":94,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":95},"query-loop-load-more","Query Loop Load More","1.0.18","Automattic Special Projects","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpspecialprojects\u002F","\u003Cp>This WordPress plugin adds a load more option to the Query Loop Pagination block in Gutenberg, allowing users to load more posts without refreshing the page. It replaces the traditional \u003Ccode>Previous\u003C\u002Fcode> \u003Ccode>Next\u003C\u002Fcode> and numbered pagination, with a customizable, \u003Ccode>Load More\u003C\u002Fcode> button.\u003C\u002Fp>\n\u003Ch3>Instructions\u003C\u002Fh3>\n\u003Cp>To use this plugin, you must first add the Query Loop block into your post content, then add the Pagination block inside the Query Loop. When working with the Pagination block, you will see new options to enable load more on the block.\u003Cbr \u002F>\nThe load more option allows you to set a loading text parameter and also the button text. The load more button works with the alignment options and arrow options of the pagination block.\u003Cbr \u002F>\nHere is how to enable the load more option:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add the Query Loop block to your post content.\u003C\u002Fli>\n\u003Cli>Inside the Query Loop block, add the Pagination block.\u003C\u002Fli>\n\u003Cli>In the Pagination block settings, enable the “Load More” option.\u003C\u002Fli>\n\u003Cli>Set the loading text parameter and the button text.\u003C\u002Fli>\n\u003Cli>Customize the alignment and arrow options if desired.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>That’s it! Your visitors can now load more posts by clicking the load more button without refreshing the page.\u003C\u002Fp>\n\u003Ch3>Customization Options\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Alignment\u003C\u002Fstrong>: Use standard block editor settings to set the alignment of the load more button\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button\u003C\u002Fstrong>: Choose the button option for users to click to load more posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Button Text\u003C\u002Fstrong>: Customize the load more button text\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Loading Text\u003C\u002Fstrong>: Customize the text for the post loading state\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Infinite Scroll\u003C\u002Fstrong>: Choose this option to allow new posts to load automatically when users reach the bottom of the feed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Color\u003C\u002Fstrong>: Customize the color of the load more button and the loading state icon when using the infinite scroll option\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Update URL\u003C\u002Fstrong>: Choose this option to update the browser’s URL when loading more posts\u003C\u002Fli>\n\u003C\u002Ful>\n","This WordPress plugin adds a load more option to the Query Loop Pagination block in Gutenberg, allowing users to load more posts without refreshing th &hellip;",500,5828,2,"2026-01-28T17:46:00.000Z","6.2","8.0",[52,91,54,92,55],"full-site-editing","load-more","https:\u002F\u002Fgithub.com\u002Fa8cteam51\u002Fquery-loop-load-more","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-loop-load-more.1.0.18.zip","2026-04-16T10:56:18.058Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":111,"download_link":112,"security_score":113,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"inject-query-posts","Inject Query Posts","3.0.5","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>This plugin provides a function for use by developers who have their own code for fetching posts according to a given criteria and now want to make use of loop-aware template tags to display those posts.\u003C\u002Fp>\n\u003Cp>WordPress’s template tags are intended to be used within ‘the loop’. The loop is managed by a WP_Query object which sets up various global variables and its own object variables for use by the various template tags. The primary purpose of a WP_Query object is to actually query the database for the posts that match the currently specified criteria. However, if you don’t need to query for posts since you already have them by some other means, you can still take advantage of the template tags by injecting those posts into the WP_Query via this plugin.\u003C\u002Fp>\n\u003Cp>Depending on the template tags you are looking to use, or the logic you are hoping to employ within a loop, you may need to manually configure some of the query object’s variables.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php \u002F\u002F Say we're in the sidebar\n\n\u002F\u002F We've gotten some post objects on our own.\n$posts = c2c_get_random_posts( 5, '' );\n\n\u002F\u002F Inject the posts\nc2c_inject_query_posts( $posts );\n\n\u002F\u002F Now let's display them via template tags:\nif ( have_posts() ) :\n    while ( have_posts() ) : the_post(); ?>\n\n        \u003Cli>\u003Ca href=\"\u003C?php the_permalink() ?>\" rel=\"bookmark\" title=\"Permanent Link to \u003C?php the_title_attribute(); ?>\">\u003C?php the_title(); ?>\u003C\u002Fa>\u003C\u002Fli>\n\n    \u003C?php endwhile;?>\n\u003C?php endif; ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Finject-query-posts\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Finject-query-posts\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Finject-query-posts\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>Developer documentation can be found in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Finject-query-posts\u002Fblob\u002Fmaster\u002FDEVELOPER-DOCS.md\" rel=\"nofollow ugc\">DEVELOPER-DOCS.md\u003C\u002Fa>. That documentation covers the template tag and hooks provided by the plugin.\u003C\u002Fp>\n\u003Cp>As an overview, this is the template tag provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>c2c_inject_query_posts()\u003C\u002Fcode> : Template tag to inject an array of posts into a query object as if that query object had obtained those posts via a query.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These are the hooks provided by the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>inject_query_posts_preserve_query_obj\u003C\u002Fcode> : Overrides the value of the \u003Ccode>$preserve_query_obj\u003C\u002Fcode> argument passed to the function. This is not typical usage for most users.\u003C\u002Fli>\n\u003Cli>\u003Ccode>c2c_inject_query_posts\u003C\u002Fcode> : Allows use of an alternative approach to safely invoke \u003Ccode>c2c_inject_query_posts()\u003C\u002Fcode> in such a way that if the plugin were deactivated or deleted, then your calls to the function won’t cause errors in your site.\u003C\u002Fli>\n\u003C\u002Ful>\n","Facilitates injecting an array of posts into a WP query object as if queried. Particularly useful to allow use of standard template tags.",5827,"2025-04-23T06:37:00.000Z","6.8.5","3.6",[21,22,23,109,110],"template-tags","wp_query","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Finject-query-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finject-query-posts.3.0.5.zip",92,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":13,"downloaded":122,"rating":13,"num_ratings":13,"last_updated":123,"tested_up_to":48,"requires_at_least":124,"requires_php":50,"tags":125,"homepage":128,"download_link":129,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":95},"random-posts-for-query-loop-block","Random Posts for Query Loop Block","1.0.5","Abhay Rautela","https:\u002F\u002Fprofiles.wordpress.org\u002Fctrs\u002F","\u003Cp>The Query Loop block in WordPress does not include a “Random” ordering option in the sidebar UI.\u003Cbr \u002F>\nHowever, WordPress core \u003Cem>does\u003C\u002Fem> support \u003Ccode>orderby = rand\u003C\u002Fcode> in \u003Ccode>WP_Query\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>The problem:\u003Cbr \u002F>\nUsing \u003Ccode>\"orderBy\": \"rand\"\u003C\u002Fcode> inside a Query Loop block can cause the \u003Cstrong>Site Editor preview to fail\u003C\u002Fstrong>, because \u003Ccode>rand\u003C\u002Fcode> is not included in the REST API schema for posts.\u003C\u002Fp>\n\u003Cp>This plugin fixes that by extending the REST API orderby enum so the editor recognizes \u003Ccode>\"rand\"\u003C\u002Fcode> as valid.\u003C\u002Fp>\n\u003Ch3>✔ What this plugin does\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds \u003Ccode>\"rand\"\u003C\u002Fcode> to the REST API \u003Ccode>orderby\u003C\u002Fcode> enum for posts and pages.  \u003C\u002Fli>\n\u003Cli>Allows the Query Loop block to use \u003Ccode>\"orderBy\": \"rand\"\u003C\u002Fcode> safely.  \u003C\u002Fli>\n\u003Cli>Prevents JSON errors and broken previews in the Site Editor.  \u003C\u002Fli>\n\u003Cli>Makes “random post” layouts work reliably both in the editor and frontend.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚠ What this plugin does \u003Cem>not\u003C\u002Fem> do\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>It does \u003Cstrong>not\u003C\u002Fstrong> add a “Random” option to the Query Loop UI dropdown.\u003Cbr \u002F>\n(That UI is defined in Gutenberg’s JavaScript.)\u003C\u002Fli>\n\u003Cli>You must still set \u003Ccode>\"orderBy\": \"rand\"\u003C\u002Fcode> manually using the Code Editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Example use case\u003C\u002Fh3>\n\u003Cp>Want your homepage, blog, quotes site, testimonials, or featured-section to show\u003Cbr \u002F>\n\u003Cstrong>a different post every time the page loads?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Install this plugin \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> open the template \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> switch to Code Editor \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> set \u003Ccode>\"orderBy\": \"rand\"\u003C\u002Fcode>.\u003C\u002Fp>\n","Adds \"rand\" to the REST API orderby options so the Query Loop block can use random post order safely without breaking the Site Editor preview.",168,"2026-01-07T20:22:00.000Z","6.0",[52,54,126,55,127],"orderby","random","https:\u002F\u002Fconetrees.com\u002Fproducts\u002Fwordpress-plugins\u002Frandom-posts-query-loop\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-posts-for-query-loop-block.1.0.5.zip",{"attackSurface":131,"codeSignals":152,"taintFlows":179,"riskAssessment":256,"analyzedAt":265},{"hooks":132,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":13,"unprotectedCount":13},[133,139,144],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_init","query_editor_init","query-editor.php",12,{"type":140,"name":141,"callback":142,"priority":11,"file":137,"line":143},"filter","posts_clauses","query_editor_orderby_taxonomy",186,{"type":134,"name":145,"callback":146,"file":137,"line":147},"pre_get_posts","exclude_taxonomies_filter",214,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":177,"bundledLibraries":178},[],{"prepared":13,"raw":13,"locations":155},[],{"escaped":157,"rawEcho":11,"locations":158},8,[159,162,164,165,167,169,171,173,174,175],{"file":137,"line":160,"context":161},58,"raw output",{"file":137,"line":163,"context":161},59,{"file":137,"line":163,"context":161},{"file":137,"line":166,"context":161},60,{"file":137,"line":168,"context":161},68,{"file":137,"line":170,"context":161},74,{"file":137,"line":172,"context":161},75,{"file":137,"line":172,"context":161},{"file":137,"line":172,"context":161},{"file":137,"line":176,"context":161},76,1,[],[180,233],{"entryPoint":181,"graph":182,"unsanitizedCount":13,"severity":232},"save_query_editor (query-editor.php:144)",{"nodes":183,"edges":224},[184,189,194,198,200,204,206,210,212,216,218,222],{"id":185,"type":186,"label":187,"file":137,"line":188},"n0","source","$_POST['qe_exclude_terms']",154,{"id":190,"type":191,"label":192,"file":137,"line":188,"wp_function":193},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":195,"type":186,"label":196,"file":137,"line":197},"n2","$_POST['qe_order']",158,{"id":199,"type":191,"label":192,"file":137,"line":197,"wp_function":193},"n3",{"id":201,"type":186,"label":202,"file":137,"line":203},"n4","$_POST['qe_orderby_tax_order']",164,{"id":205,"type":191,"label":192,"file":137,"line":203,"wp_function":193},"n5",{"id":207,"type":186,"label":208,"file":137,"line":209},"n6","$_POST['qe_offset']",171,{"id":211,"type":191,"label":192,"file":137,"line":209,"wp_function":193},"n7",{"id":213,"type":186,"label":214,"file":137,"line":215},"n8","$_POST['qe_meta_key']",179,{"id":217,"type":191,"label":192,"file":137,"line":215,"wp_function":193},"n9",{"id":219,"type":186,"label":220,"file":137,"line":221},"n10","$_POST['qe_meta_value']",182,{"id":223,"type":191,"label":192,"file":137,"line":221,"wp_function":193},"n11",[225,227,228,229,230,231],{"from":185,"to":190,"sanitized":226},true,{"from":195,"to":199,"sanitized":226},{"from":201,"to":205,"sanitized":226},{"from":207,"to":211,"sanitized":226},{"from":213,"to":217,"sanitized":226},{"from":219,"to":223,"sanitized":226},"low",{"entryPoint":234,"graph":235,"unsanitizedCount":13,"severity":232},"\u003Cquery-editor> (query-editor.php:0)",{"nodes":236,"edges":249},[237,238,239,240,241,242,243,244,245,246,247,248],{"id":185,"type":186,"label":187,"file":137,"line":188},{"id":190,"type":191,"label":192,"file":137,"line":188,"wp_function":193},{"id":195,"type":186,"label":196,"file":137,"line":197},{"id":199,"type":191,"label":192,"file":137,"line":197,"wp_function":193},{"id":201,"type":186,"label":202,"file":137,"line":203},{"id":205,"type":191,"label":192,"file":137,"line":203,"wp_function":193},{"id":207,"type":186,"label":208,"file":137,"line":209},{"id":211,"type":191,"label":192,"file":137,"line":209,"wp_function":193},{"id":213,"type":186,"label":214,"file":137,"line":215},{"id":217,"type":191,"label":192,"file":137,"line":215,"wp_function":193},{"id":219,"type":186,"label":220,"file":137,"line":221},{"id":223,"type":191,"label":192,"file":137,"line":221,"wp_function":193},[250,251,252,253,254,255],{"from":185,"to":190,"sanitized":226},{"from":195,"to":199,"sanitized":226},{"from":201,"to":205,"sanitized":226},{"from":207,"to":211,"sanitized":226},{"from":213,"to":217,"sanitized":226},{"from":219,"to":223,"sanitized":226},{"summary":257,"deductions":258},"The \"query-editor\" v0.3.1 plugin exhibits a strong security posture based on the provided static analysis.  The complete absence of direct attack surface points like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength, as it limits the potential for unauthorized access or malicious input. Furthermore, the fact that all identified SQL queries utilize prepared statements is excellent practice, mitigating SQL injection risks. The plugin also demonstrates a commitment to security by including capability checks, although it lacks nonce checks for any potential entry points, which is a concern if any are inadvertently introduced. The low percentage of properly escaped output (44%) is a notable weakness, as it indicates a risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis showing no unsanitized paths and the clean vulnerability history, with no known CVEs, further contribute to a generally positive security assessment, but the unescaped output remains a key area of concern.\n\nWhile the plugin has no known vulnerabilities and a minimal attack surface, the 44% rate of proper output escaping suggests a significant potential for XSS vulnerabilities. This means that data displayed to users might not be properly sanitized, allowing for the injection of malicious scripts. The lack of nonce checks, while not directly exploitable given the absence of AJAX or similar entry points, represents a missed opportunity for robust security if any such features were to be added in the future. The vulnerability history is clean, which is a positive sign, but it's important to remember that absence of evidence is not evidence of absence. The core strength lies in the minimal attack surface and secure SQL practices, but the output escaping issue requires attention to achieve a truly secure state.",[259,262],{"reason":260,"points":261},"Low percentage of properly escaped output",6,{"reason":263,"points":264},"Missing nonce checks",4,"2026-03-17T00:54:26.995Z",{"wat":267,"direct":272},{"assetPaths":268,"generatorPatterns":269,"scriptPaths":270,"versionParams":271},[],[],[],[],{"cssClasses":273,"htmlComments":275,"htmlAttributes":276,"restEndpoints":288,"jsGlobals":289,"shortcodeOutput":290},[274],"custom-orderby",[],[277,278,279,280,281,282,283,284,285,286,287],"name=\"qe_post_types[]\"","name=\"qe_exclude_terms[","name=\"qe_order\"","name=\"qe_orderby\"","name=\"qe_orderby_tax\"","name=\"qe_orderby_tax_order\"","name=\"qe_offset\"","name=\"qe_meta_key\"","name=\"qe_meta_value\"","id=\"custom-orderby\"","value=\"1\"",[],[],[],{"error":226,"url":292,"statusCode":293,"statusMessage":294,"message":294},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fquery-editor\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":264,"versions":296},[297,303,310,317],{"version":6,"download_url":24,"svn_tag_url":298,"released_at":26,"has_diff":299,"diff_files_changed":300,"diff_lines":26,"trac_diff_url":301,"vulnerabilities":302,"is_current":226},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fquery-editor\u002Ftags\u002F0.3.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fquery-editor%2Ftags%2F0.3&new_path=%2Fquery-editor%2Ftags%2F0.3.1",[],{"version":304,"download_url":305,"svn_tag_url":306,"released_at":26,"has_diff":299,"diff_files_changed":307,"diff_lines":26,"trac_diff_url":308,"vulnerabilities":309,"is_current":299},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-editor.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fquery-editor\u002Ftags\u002F0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fquery-editor%2Ftags%2F0.2&new_path=%2Fquery-editor%2Ftags%2F0.3",[],{"version":311,"download_url":312,"svn_tag_url":313,"released_at":26,"has_diff":299,"diff_files_changed":314,"diff_lines":26,"trac_diff_url":315,"vulnerabilities":316,"is_current":299},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-editor.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fquery-editor\u002Ftags\u002F0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fquery-editor%2Ftags%2F0.1&new_path=%2Fquery-editor%2Ftags%2F0.2",[],{"version":318,"download_url":319,"svn_tag_url":320,"released_at":26,"has_diff":299,"diff_files_changed":321,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":322,"is_current":299},"0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-editor.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fquery-editor\u002Ftags\u002F0.1\u002F",[],[]]