[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDSsmld_0tW7PQKp63FqOw8GoyOFKlisDIindGIuCI7A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":33,"analysis":125,"fingerprints":172},"recent-post-photos","Recent Photos","0.0.1","saadi iqbal","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiwaas\u002F","\u003Cp>Recent Photos Plugin provides with a widget to display n numbers of recent post photos from the media library in the sidebar.\u003Cbr \u002F>\nIf you find any error, please post them to me at asad@hiwaas.com\u003C\u002Fp>\n","Recent Photos Plugin provides with a widget to display n numbers of recent post photos from the media library in the sidebar.",30,6489,0,"","2.9.2","2.9",[18,19,20,21,22],"hiwaas","photos","saadi","sidebar","widget","http:\u002F\u002Fwww.ProgrammersCountry.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-post-photos.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":18,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":11,"trust_score":31,"computed_at":32},1,94,"2026-04-05T14:58:54.452Z",[34,56,78,92,109],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":14,"tags":49,"homepage":52,"download_link":53,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":55},"meks-simple-flickr-widget","Meks Simple Flickr Widget","1.3","Meks","https:\u002F\u002Fprofiles.wordpress.org\u002Fmekshq\u002F","\u003Cp>Quickly display your Flickr photos inside WordPress widget. No authorization required (only provide your user id).\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>No authorization required (only provide your user id)\u003C\u002Fli>\n\u003Cli>Support both user Flickr users and Flickr groups \u003C\u002Fli>\n\u003Cli>Change thumbnail size\u003C\u002Fli>\n\u003Cli>Caching system integrated for better performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simple Flickr Widget plugin is created by \u003Ca href=\"https:\u002F\u002Fmekshq.com\" rel=\"nofollow ugc\">Meks\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Live example?\u003C\u002Fh3>\n\u003Cp>You can see Simple Flickr Widget live example on our \u003Ca href=\"https:\u002F\u002Fmekshq.com\u002Fdemo\u002Fvoice\" rel=\"nofollow ugc\">Voice theme demo website\u003C\u002Fa>\u003C\u002Fp>\n","Quickly display your Flickr photos inside WordPress widget.",20000,405991,86,3,"2024-07-29T12:33:00.000Z","6.6.5","3.0",[50,19,51,21,22],"flickr","photostream","https:\u002F\u002Fmekshq.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeks-simple-flickr-widget.zip",92,"2026-03-15T15:16:48.613Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":14,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":67,"unpatched_count":67,"last_vuln_date":77,"fetched_at":55},"snapwidget-wp-instagram-widget","SnapWidget Social Photo Feed Widget","1.1.0","snapwidget","https:\u002F\u002Fprofiles.wordpress.org\u002Fsnapwidget\u002F","\u003Cp>SnapWidget Social Photo Feed Widget is an easy way to embed your Instagram photos and videos on your website or blog to display your photos. The widget offers the same functionality and customization available for widgets embedded from \u003Ca href=\"https:\u002F\u002Fsnapwidget.com\" title=\"Instagram widget\" rel=\"nofollow ugc\">SnapWidget\u003C\u002Fa>. Supports the Instagram Basic Display and Graph API’s.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple and easy to use\u003C\u002Fli>\n\u003Cli>Multiple layout options (Grid, Board, Scrolling, Slideshow and Map)\u003C\u002Fli>\n\u003Cli>Secure, supports HTTPS websites\u003C\u002Fli>\n\u003Cli>Refreshes with new photos every 15 minutes (5 minutes for Pro widgets)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hashtag Widgets\u003C\u002Fli>\n\u003Cli>Widget Analytics\u003C\u002Fli>\n\u003Cli>Shoppable features\u003C\u002Fli>\n\u003Cli>Add your own custom CSS\u003C\u002Fli>\n\u003Cli>Display photos in a lightbox\u003C\u002Fli>\n\u003Cli>Previous \u002F Next buttons to display older content\u003C\u002Fli>\n\u003Cli>Creating widgets for other users\u003C\u002Fli>\n\u003C\u002Ful>\n","SnapWidget Social Photo Feed Widget is an easy way to embed your Instagram photos and videos on your website or blog to display your photos.",600,15422,60,2,"2021-02-25T15:41:00.000Z","5.6.17","4.4",[72,19,21,22,73],"instagram","widgets","https:\u002F\u002Fsnapwidget.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnapwidget-wp-instagram-widget.1.2.0.zip",42,"2025-09-22 00:00:00",{"slug":79,"name":5,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":66,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":87,"homepage":89,"download_link":90,"security_score":91,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":55},"recent-photos","0.0.2","Hemant Nandrajog (instruite)","https:\u002F\u002Fprofiles.wordpress.org\u002Finstruite\u002F","\u003Cp>Recent Photos Plugin provides with a widget to display n numbers of recent photos from the media library in the sidebar.\u003Cbr \u002F>\nThe display can be customized through custom css or integrated in main style sheet file.\u003Cbr \u002F>\nAlso provides an option to use Thickbox (along with the patch code necessary for running thickbox)\u003C\u002Fp>\n\u003Cp>Demosites:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fplayground.instruite.com\u002F\" title=\"Operation with Default wp theme\" rel=\"nofollow ugc\">Operation with default theme\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.instruite.com\u002F\" title=\"Example of how widget can be customized\" rel=\"nofollow ugc\">Customized Version\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Author info:\u003C\u002Fp>\n\u003Cp>Follow me on \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Finstruite\u002F\" title=\"Follow instruite on twitter\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> or become my Friend on \u003Ca href=\"http:\u002F\u002Fwww.facebook.com\u002Finstruite\u002F\" title=\"Instruite's Facebook page\" rel=\"nofollow ugc\">facebook\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Configuration Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Title: Title for the widget will be displayed as per your theme\u003C\u002Fli>\n\u003Cli>Number of the photos: Number of photos that will be displayed in the sidebar\u003C\u002Fli>\n\u003Cli>Randomize: Check to display photos in random order\u003C\u002Fli>\n\u003Cli>Browse Photo Link: Full link to your photos\u002Fgallery page\u003Cbr \u002F>\n      Leave blank if you don’t want to show the link.\u003C\u002Fli>\n\u003Cli>Use Thickbox: Enables\u002FDisables the use of thickbox for this widget \u003C\u002Fli>\n\u003Cli>WordPress Path: Applicable only if Thickbox is enabled\u003Cbr \u002F>\n    This option is necessary to provide the patch for thickbox to correctly display thickbox related images\u003Cbr \u002F>\n    (loadinganimation and close). If your wordpress installation is in a subdirectory provide the path for the same\u003Cbr \u002F>\n    followed by a forward slash\u003Cbr \u002F>\n    Eg. wordpress\u002F\u003Cbr \u002F>\n        When the WP installation is in ‘wordpress’ subdirectory\u003C\u002Fli>\n\u003Cli>Use Custom CSS: Enable\u002FDisables the use of Custom CSS\u003C\u002Fli>\n\u003Cli>Custom CSS: For styling this plugin requires following CSS ids and classes to be defined\u003Cbr \u002F>\n            #recent_photos_envelope{margin:0 0 30px 0;}\u003Cbr \u002F>\n            .recent_photo_image a {float:left;display:inline;margin:0 16px 15px 0;border:1px dashed #888;padding:5px}\u003Cbr \u002F>\n            .recent_photo_image a:hover {border:1px dashed #000}\u003Cbr \u002F>\n          The above css code is default css provided with the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Recent Photos Plugin provides with a widget to display n numbers of recent photos from the media library in the sidebar.",10155,"2010-03-29T14:11:00.000Z",[19,21,88,22],"thickbox","http:\u002F\u002Fwww.instruite.com\u002Fblog\u002F2010\u002F02\u002F28\u002Frecent-photos-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-photos.0.0.2.zip",85,{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":25,"num_ratings":30,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":14,"tags":105,"homepage":107,"download_link":108,"security_score":91,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":55},"flickr-me","Flickr Me","1.0.6","Erik Ford","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearepixel8\u002F","\u003Cp>With Flickr Me, you can add Flickr feeds, from an individual account or group, to your widget ready areas. Once installed and activated the widget is an easy to manage, out of box solution for displaying a Flickr gallery of images. Each photo, in the feed, will link to its Flickr permalink and you can optionally set to display the title when stacking images.\u003C\u002Fp>\n","Add Flickr feeds to your widget ready areas.",40,6088,"2016-05-02T15:14:00.000Z","4.5.33","3.1",[50,106,19,21,22],"images","http:\u002F\u002Fheavyheavy.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflickr-me.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":100,"downloaded":117,"rating":25,"num_ratings":30,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":14,"tags":121,"homepage":123,"download_link":124,"security_score":91,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":55},"javascript-flickr-badge","Javascript Flickr Badge","2.3","erikrasmussen","https:\u002F\u002Fprofiles.wordpress.org\u002Ferikrasmussen\u002F","\u003Cp>Javascript Flickr Badge uses pure javascript to place a Flickr badge in your widget-enabled sidebar to display recent photos. Photos\u003Cbr \u002F>\nmay be filtered by tag if so desired. All communication with Flickr is client-side, so no extra load is placed on your server at all.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fblog.jyst.us\u002Fjavascript-flickr-badge?utm_source=Wordpress&utm_medium=Wordpress%2BPlugin%2BDirectory&utm_campaign=Javascript%2BFlickr%2BBadge\" rel=\"nofollow ugc\">Plugin Page\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=AyRj7U-dExI\" rel=\"nofollow ugc\">Demo Video\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable thumbnail size, number of rows, and number of columns to fit perfectly into any sidebar.\u003C\u002Fli>\n\u003Cli>Works for your personal photo stream, group pools, or your friends photostreams.\u003C\u002Fli>\n\u003Cli>Filtering by tag (user feed only).\u003C\u002Fli>\n\u003Cli>Lightweight javascript. No heavy libraries required!\u003C\u002Fli>\n\u003Cli>Works on mobile browsers\u003C\u002Fli>\n\u003Cli>All the work happens client-side. No server load.\u003C\u002Fli>\n\u003Cli>Animations, using CSS3: Vertical Scroll, Shuffle, Zoom (like Flickr’s Flash Badge), 3D Horizontal Flip, 3D Vertical Flip\u003C\u002Fli>\n\u003Cli>Localized to Spanish.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays photos from Flickr, with optional tag filtering, with pure client-side javascript. Several eye-catching effects available.",10128,"2013-05-27T09:37:00.000Z","3.5.2","2.0.2",[50,122,19,21,22],"media","http:\u002F\u002Fblog.jyst.us\u002Fjavascript-flickr-badge?utm_source=Wordpress&utm_medium=Plugin%2BAdmin&utm_campaign=Javascript%2BFlickr%2BBadge","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjavascript-flickr-badge.2.3.zip",{"attackSurface":126,"codeSignals":132,"taintFlows":160,"riskAssessment":161,"analyzedAt":171},{"hooks":127,"ajaxHandlers":128,"restRoutes":129,"shortcodes":130,"cronEvents":131,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":133,"sqlUsage":134,"outputEscaping":136,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":159},[],{"prepared":30,"raw":13,"locations":135},[],{"escaped":13,"rawEcho":137,"locations":138},12,[139,143,144,146,147,149,150,151,152,153,155,157],{"file":140,"line":141,"context":142},"recent-post-photos.php",41,"raw output",{"file":140,"line":76,"context":142},{"file":140,"line":145,"context":142},88,{"file":140,"line":145,"context":142},{"file":140,"line":148,"context":142},89,{"file":140,"line":148,"context":142},{"file":140,"line":148,"context":142},{"file":140,"line":54,"context":142},{"file":140,"line":54,"context":142},{"file":140,"line":154,"context":142},93,{"file":140,"line":156,"context":142},103,{"file":140,"line":158,"context":142},116,[],[],{"summary":162,"deductions":163},"The \"recent-post-photos\" plugin version 0.0.1 presents a concerning security posture despite a seemingly clean vulnerability history and a lack of identified critical static analysis findings. While the absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the direct attack surface, the plugin exhibits a critical weakness in output escaping, with 0% of its 12 outputs being properly escaped. This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the context of a user's browser.\n\nThe plugin's static analysis reveals no dangerous functions, SQL injection risks (all queries use prepared statements), file operations, external HTTP requests, or taint analysis findings. Furthermore, there are no recorded CVEs, suggesting a lack of known vulnerabilities. However, the complete absence of nonce checks and capability checks on all identified entry points (though there are none directly listed as exposed) suggests a lack of fundamental security practices that could become relevant if new entry points are introduced in future updates. The current version's limited functionality, as indicated by the zero attack surface, might be masking potential issues that could arise with expanded features. Therefore, while no immediate critical threats are evident, the poor output escaping is a significant concern that requires immediate attention.",[164,167,169],{"reason":165,"points":166},"0% of outputs properly escaped",8,{"reason":168,"points":67},"No capability checks on entry points",{"reason":170,"points":67},"No nonce checks on entry points","2026-03-16T22:22:02.140Z",{"wat":173,"direct":178},{"assetPaths":174,"generatorPatterns":175,"scriptPaths":176,"versionParams":177},[],[],[],[],{"cssClasses":179,"htmlComments":180,"htmlAttributes":181,"restEndpoints":185,"jsGlobals":186,"shortcodeOutput":187},[],[],[182,183,184],"id=\"rw_widget_title\"","id=\"rw_number\"","id=\"update_rp_widget\"",[],[],[188,189,190,191,192],"\u003Ca  href=\"","Permanent Link to ","\u003Cimg src=\"","\u003Cstrong>","...\u003C\u002Fstrong>\u003C\u002Fa>"]