[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fu_m7nlqwqExUhlnK15va0AEXL-0DIoa5oq8bEh8cseU":3,"$fFGXf9IrQ2cxrKLX3AWEVnuCxlvth-FIV_wCqi5GwKHQ":402,"$f6vfSgJQWfEkbOGS7l7p49Tc4LP1OZKMxhmLK8of0mZo":407},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":50,"crawl_stats":38,"alternatives":58,"analysis":162,"fingerprints":379},"recent-posts-from-each-category","Recent Posts From Each Category","1.4","Mindstien Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Fmindstien\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fmindstien.com\u002Fpro-plugins\u002Frecent-posts-from-each-category-pro.php\" rel=\"nofollow ugc\">Click here to get Pro Version.\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>1.3 Updates: Admin interface added\u003C\u002Fp>\n\u003Cp>Automatically display recent posts from all\u002Fselected categories in box layout on homepage. You can fully configure the layout using shortcode generator.\u003C\u002Fp>\n\u003Cp>Now Use built int shortcode generator to configure all options.\u003C\u002Fp>\n\u003Cp>Just put shortcode on any wordpress page\u002Fpost to display the recent posts from each category. To display it on homepage, you have to configure wordpress homepage as static page and then use the shortcode in content of the static page.\u003C\u002Fp>\n\u003Cp>Hire plugin author for your \u003Ca href=\"http:\u002F\u002Fwww.freelancer.com\u002Fu\u002Fmindstiente.html\" rel=\"nofollow ugc\">WordPress Development\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Visit official website for this plugin at \u003Ca href=\"http:\u002F\u002Fwww.mindstien.com\" rel=\"nofollow ugc\">Mindstien Technologies\u003C\u002Fa>.\u003C\u002Fp>\n","Display Recent Posts From Each\u002FSelected Category. Category Box View Plugin.",50,10345,74,3,"2014-09-13T11:28:00.000Z","4.0.38","3.0","",[20,21,22,23,24],"category","category-posts","homepage","recent-posts","shortcode-posts","http:\u002F\u002Fwww.mindstien.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-from-each-category.1.4.zip",63,1,"2025-12-31 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-49354","recent-posts-from-each-category-cross-site-request-forgery","Recent Posts From Each Category \u003C= 1.4 - Cross-Site Request Forgery","The Recent Posts From Each Category plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2026-01-05 18:17:53",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe1d0af55-eee4-4283-8216-0474c65deac7?source=api-prod",[],false,0,{"slug":51,"display_name":7,"profile_url":8,"plugin_count":52,"total_installs":53,"avg_security_score":54,"avg_patch_time_days":55,"trust_score":56,"computed_at":57},"mindstien",8,440,82,30,81,"2026-05-19T16:02:43.480Z",[59,79,102,122,142],{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":49,"downloaded":67,"rating":49,"num_ratings":49,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"aj-category-posts","AJ Category Posts","1.1.2","Md Jahid Shah","https:\u002F\u002Fprofiles.wordpress.org\u002Fjahidshah\u002F","\u003Cp>\u003Cstrong>AJ Category Posts\u003C\u002Fstrong> allows you to display your posts in a structured, category-wise format using flexible shortcodes. Create custom blocks with specific categories, control how many posts to show, and how many per row. This plugin is lightweight, Elementor-compatible, and optimized for performance.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create unlimited category-based post showcases  \u003C\u002Fli>\n\u003Cli>Display posts by category in a grid or block layout  \u003C\u002Fli>\n\u003Cli>Assign specific categories to each block via shortcode  \u003C\u002Fli>\n\u003Cli>Each block has a unique shortcode (e.g., \u003Ccode>[ajcapos id=\"123\"]\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>Fully responsive and mobile-friendly  \u003C\u002Fli>\n\u003Cli>Shortcode and widget support  \u003C\u002Fli>\n\u003Cli>Elementor compatible  \u003C\u002Fli>\n\u003Cli>Lightweight and fast  \u003C\u002Fli>\n\u003Cli>Unlimited color customization  \u003C\u002Fli>\n\u003Cli>Easy setup and customization from the dashboard\u003C\u002Fli>\n\u003Cli>Multiple shortcodes to display a single latest post, multiple latest posts, and most viewed posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcodes Overview\u003C\u002Fh3>\n\u003Cp>AJ Category Posts provides multiple shortcodes to display posts dynamically on your site. They can be used individually or together for a complete post showcase.\u003C\u002Fp>\n\u003Ch3>Latest Post\u003C\u002Fh3>\n\u003Cp>Displays the latest post with a featured image overlay including category, title, author, and date.\u003Cbr \u002F>\nUse this shortcode: \u003Ccode>[latest_post_overlay]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Multiple Latest Posts\u003C\u002Fh3>\n\u003Cp>Displays multiple posts in a grid layout. You can specify the number of posts with the \u003Ccode>posts\u003C\u002Fcode> attribute. A “See More” button can redirect to a custom URL set from the dashboard.\u003Cbr \u002F>\nUse this shortcode: \u003Ccode>[latest_posts_grid posts=\"4\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>Most Read Posts\u003C\u002Fh3>\n\u003Cp>Displays the most read posts based on view count. You can control the number of posts displayed using the \u003Ccode>posts\u003C\u002Fcode> attribute.\u003Cbr \u002F>\nUse this shortcode: \u003Ccode>[most_read_posts posts=\"3\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>These shortcodes allow you to create dynamic post sections anywhere on your site—pages, posts, or widgets. Each shortcode supports category selection, post count, and styling via CSS.### Customization Options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change block background color  \u003C\u002Fli>\n\u003Cli>Change text background color  \u003C\u002Fli>\n\u003Cli>Customize text color and typography  \u003C\u002Fli>\n\u003Cli>Customize hover effects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support & Contact\u003C\u002Fh3>\n\u003Cp>Need help or want to report an issue?\u003Cbr \u002F>\nFor any issues, please open a support ticket in the WordPress plugin repository or visit our \u003Ca href=\"https:\u002F\u002Fwww.jahidshah.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">support page\u003C\u002Fa>.\u003C\u002Fp>\n","A simple & powerful plugin to display WordPress posts by category using customizable shortcodes. Ideal for bloggers, news websites & content creators.",465,"2026-03-24T03:31:00.000Z","6.9.4","5.2","7.2",[21,73,74,24,75],"display-posts","post-listing","wordpress-category-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Faj-category-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faj-category-posts.1.1.2.zip",100,{"slug":21,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":69,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":49,"last_vuln_date":101,"fetched_at":30},"Category Posts Widget","4.9.22","ZephyrWest","https:\u002F\u002Fprofiles.wordpress.org\u002Fzephyrwest\u002F","\u003Cp>Category Posts Widget is a light widget designed to do one thing and do it well: display the most recent posts from a certain category.\u003C\u002Fp>\n\u003Ch4>Term and Category based Posts Widget\u003C\u002Fh4>\n\u003Cp>A premium version of that free widget available at \u003Ca href=\"https:\u002F\u002Ftiptoppress.com\u002F\" rel=\"nofollow ugc\">tiptoppress.com\u003C\u002Fa> created for big WordPress sites.\u003C\u002Fp>\n\u003Ch4>Premium features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Auto-sizing Grid layout\u003C\u002Fli>\n\u003Cli>Custom field support in the Template\u003C\u002Fli>\n\u003Cli>Shortcode support in the Template\u003C\u002Fli>\n\u003Cli>Image-Slider (or News-Ticker)\u003C\u002Fli>\n\u003Cli>Asymmetrical list layouts\u003C\u002Fli>\n\u003Cli>Full background images\u003C\u002Fli>\n\u003Cli>Masonry responsive grid layout\u003C\u002Fli>\n\u003Cli>More complex filter (ANY, NOT, AND, …)\u003C\u002Fli>\n\u003Cli>Custom Post Types, Events, Products support\u003C\u002Fli>\n\u003Cli>All free features\u003C\u002Fli>\n\u003Cli>E-Mail support\u003C\u002Fli>\n\u003Cli>More examples on the \u003Ca href=\"https:\u002F\u002Fdemo.tiptoppress.com\u002F\" rel=\"nofollow ugc\">demo pages\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftiptoppress.com\u002Ftemplate-arrange-post-details\u002F\" rel=\"nofollow ugc\">Template\u003C\u002Fa> to arrange the post details.\u003C\u002Fli>\n\u003Cli>The Template text can be a post details placeholder, plain text, HTML or a font-icons.\u003C\u002Fli>\n\u003Cli>Font-icon support.\u003C\u002Fli>\n\u003Cli>‘Load more’ button \u002F Ajax API\u003C\u002Fli>\n\u003Cli>Item Title heading level buttons\u003C\u002Fli>\n\u003Cli>Excerpt length and item title in lines (line-clamp)\u003C\u002Fli>\n\u003Cli>Shortcode (Easily change all Shortcode options in the customizer).\u003C\u002Fli>\n\u003Cli>Date range filter\u003C\u002Fli>\n\u003Cli>New date format: Time since plublished\u003C\u002Fli>\n\u003Cli>Filter by post status: Published, scheduled, private.\u003C\u002Fli>\n\u003Cli>Multiple shortcodes at the same site or post.\u003C\u002Fli>\n\u003Cli>Add option for post offset (use two or more widgets after another).\u003C\u002Fli>\n\u003Cli>Admin UI: Buttons in the editor toolbar to insert shortcode.\u003C\u002Fli>\n\u003Cli>Option to touch device friendly “everything is a link”.\u003C\u002Fli>\n\u003Cli>For editing shortcode adds a Customizer link to the admin-bar (“With one click to the Customizer”).\u003C\u002Fli>\n\u003Cli>Set thumbnail width & height \u002F image crop with CSS (object-fit).\u003C\u002Fli>\n\u003Cli>Fluid images (max-width in %).\u003C\u002Fli>\n\u003Cli>One thumb dimension can be left empty.\u003C\u002Fli>\n\u003Cli>Option to set mouse hover effects for post thumbnail.\u003C\u002Fli>\n\u003Cli>Set a default thumbnail.\u003C\u002Fli>\n\u003Cli>Hide widget text or text, if there is no post.\u003C\u002Fli>\n\u003Cli>Option to hide posts which have no thumbnail.\u003C\u002Fli>\n\u003Cli>Option exclude current post.\u003C\u002Fli>\n\u003Cli>Option show post author, comment’s count, post date.\u003C\u002Fli>\n\u003Cli>Admin UI: Set \u002F find thumbnail size buttons: +, ¼, ½, 2x, -, ratio and Media sizes\u003C\u002Fli>\n\u003Cli>Admin UI: Buttons to easy add post details placeholder.\u003C\u002Fli>\n\u003Cli>Multi sites support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full \u003Ca href=\"https:\u002F\u002Ftiptoppress.com\u002Fcategory-posts-widget\u002Fdocumentation-4-9\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Shortcode: Use [catposts] in the content and \u003Ca href=\"https:\u002F\u002Ftiptoppress.com\u002Fuse-shortcode-to-add-category-posts-widget-to-the-content\u002F\" rel=\"nofollow ugc\">edit in the customizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Formatting date and time: See \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFormatting_Date_and_Time\" rel=\"nofollow ugc\">Formatting Date and Time\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>While using this plugin if you find any bug or any conflict, please submit an issue at\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDanielFloeter\u002Fcategory-posts-widget\" rel=\"nofollow ugc\">Github\u003C\u002Fa> (If possible with a pull request).\u003C\u002Fp>\n","Adds a widget that shows the most recent posts from a single category.",40000,1790514,90,79,"2026-02-07T16:33:00.000Z","2.8","5.3",[94,95,20,96,23],"block","categories","posts","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcategory-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-posts.4.9.22.zip",99,2,"2025-04-03 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":69,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":120,"download_link":121,"security_score":78,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"latest-posts","Latest Posts","1.4.5","ShapedPlugin LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fshapedplugin\u002F","\u003Cp>Latest Posts is a very powerful widget plugin for WordPress which displays your most recent or latest posts, category based with thumbnails, date. This is perfect for simple blogs & online magazines. Widgets come with highly-customizable control panels. Easy to use and support multi-widget even in the same sidebar.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>100% Responsive & Mobile Ready\u003C\u002Fli>\n\u003Cli>Super Easy Installation\u003C\u002Fli>\n\u003Cli>Minimalist & Lightweight\u003C\u002Fli>\n\u003Cli>Easily Customizable\u003C\u002Fli>\n\u003Cli>All Major Browsers Supported\u003C\u002Fli>\n\u003Cli>Coded with Pure HTML & CSS\u003C\u002Fli>\n\u003C\u002Ful>\n","Latest posts widget to display recent posts from category.",5000,87654,92,7,"2026-04-02T14:06:00.000Z","4.0",[21,117,103,118,119],"latest-category-posts","post-thumbnails","posts-widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flatest-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flatest-posts.1.4.5.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":18,"tags":137,"homepage":18,"download_link":140,"security_score":141,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"recent-posts-by-category-widget","Recent Posts by Category Widget","1.3","Ross Cornell","https:\u002F\u002Fprofiles.wordpress.org\u002Frossc\u002F","\u003Cp>This plugin adds a simple widget that allows you to display a number of recent blog posts from a specific category. You have the options to choose a title, category, number of posts and whether or not to show the post date. The posts will be ordered by date just like the default Recent Posts widget included with WordPress.\u003C\u002Fp>\n","Just like the default Recent Posts widget except you can choose a category to pull posts from.",4000,33439,94,12,"2017-11-28T16:45:00.000Z","4.2.39","3.0.1",[95,20,23,138,139],"sidebar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-by-category-widget.zip",85,{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":155,"requires_at_least":156,"requires_php":18,"tags":157,"homepage":160,"download_link":161,"security_score":141,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"custom-recent-posts-widget","Custom Recent Posts Widget","2.1.1","Prasanna SP","https:\u002F\u002Fprofiles.wordpress.org\u002Fprasannasp\u002F","\u003Cp>This plugin creates a new widget which lets you show a list of recent posts based on categories or tags. This is a must have plugin if you want to exclude some categories in recent posts widget or if you want to show recent posts based on tags. By default the wordpress recent posts widget shows a posts from all category. But this plugin gives you more power to customize your recent posts widget. You can also display post date in the widget.\u003C\u002Fp>\n\u003Cp>See the live action of this plugin on \u003Ca href=\"http:\u002F\u002Fdemo.prasannasp.net\u002Fcustom-recent-posts-widget\u002F\" rel=\"nofollow ugc\">demo site\u003C\u002Fa> or on Kennneth John Odle’s \u003Ca href=\"http:\u002F\u002Fblog.kjodle.net\u002F\" rel=\"nofollow ugc\">blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Have any questions or suggestions? Create a thread in the \u003Ca href=\"http:\u002F\u002Fforum.prasannasp.net\u002Fforum\u002Fplugin-support\u002Fcustom-recent-posts-widget\u002F\" rel=\"nofollow ugc\">support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.prasannasp.net\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">this page\u003C\u002Fa> for more \u003Cstrong>WordPress Plugins\u003C\u002Fstrong> from the developer.\u003C\u002Fp>\n\u003Cp>A special thanks to \u003Ca href=\"http:\u002F\u002Fblog.kjodle.net\u002F\" rel=\"nofollow ugc\">Ken\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.joshlobe.com\" rel=\"nofollow ugc\">Josh\u003C\u002Fa> for testing the code.\u003C\u002Fp>\n","A widget to show recent posts list based on categories or tags",1000,51556,98,9,"2017-11-28T18:35:00.000Z","3.5.2","3.1",[95,20,23,158,159],"tag","tags","http:\u002F\u002Fwww.prasannasp.net\u002Fcustom-recent-posts-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-recent-posts-widget.2.1.1.zip",{"attackSurface":163,"codeSignals":210,"taintFlows":364,"riskAssessment":365,"analyzedAt":378},{"hooks":164,"ajaxHandlers":198,"restRoutes":203,"shortcodes":204,"cronEvents":209,"entryPointCount":100,"unprotectedCount":28},[165,170,173,177,180,186,190,194],{"type":166,"name":167,"callback":168,"file":169,"line":152},"action","init","enqueue_assets","classes\u002Fsunrise.class.php",{"type":166,"name":171,"callback":172,"file":169,"line":78},"admin_init","default_settings",{"type":166,"name":174,"callback":175,"file":169,"line":176},"admin_menu","manage_options",102,{"type":166,"name":174,"callback":178,"file":169,"line":179},"settings_page",285,{"type":181,"name":182,"callback":183,"file":184,"line":185},"filter","the_content","rpfec_auto_insert","inc\u002Fcore.php",242,{"type":166,"name":187,"callback":188,"file":184,"line":189},"wp_head","rpfec_insert_style",414,{"type":166,"name":191,"callback":192,"file":184,"line":193},"wp_footer","rpfec_insert_footer",415,{"type":166,"name":195,"callback":196,"file":184,"line":197},"wp_enqueue_scripts","rpfec_mindstien_load_scripts",502,[199],{"action":200,"nopriv":48,"callback":201,"hasNonce":48,"hasCapCheck":48,"file":184,"line":202},"instant_support","rpfec_instant_support_callback",506,[],[205],{"tag":206,"callback":207,"file":184,"line":208},"mycatlist","rpfec_catlist",17,[],{"dangerousFunctions":211,"sqlUsage":212,"outputEscaping":214,"fileOperations":49,"externalRequests":49,"nonceChecks":49,"capabilityChecks":49,"bundledLibraries":363},[],{"prepared":100,"raw":49,"locations":213},[],{"escaped":28,"rawEcho":215,"locations":216},113,[217,220,222,224,226,228,229,230,231,232,233,234,236,239,241,242,243,244,245,246,247,249,250,251,253,254,255,256,257,258,259,261,262,263,264,265,266,267,269,270,271,273,274,276,277,279,281,283,285,286,288,289,290,291,292,293,294,296,297,298,299,300,301,302,303,305,307,308,309,310,311,312,313,314,315,316,319,321,322,323,324,325,326,327,328,329,331,332,333,335,337,338,339,340,341,342,343,345,346,347,348,349,350,351,353,354,356,357,358,359,360,361,362],{"file":169,"line":218,"context":219},343,"raw output",{"file":184,"line":221,"context":219},422,{"file":184,"line":223,"context":219},430,{"file":184,"line":225,"context":219},442,{"file":227,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fcheckbox-group.php",{"file":227,"line":153,"context":219},{"file":227,"line":153,"context":219},{"file":227,"line":153,"context":219},{"file":227,"line":153,"context":219},{"file":227,"line":153,"context":219},{"file":227,"line":153,"context":219},{"file":227,"line":235,"context":219},13,{"file":237,"line":238,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fcheckbox.php",5,{"file":237,"line":240,"context":219},6,{"file":237,"line":240,"context":219},{"file":237,"line":52,"context":219},{"file":237,"line":52,"context":219},{"file":237,"line":52,"context":219},{"file":237,"line":52,"context":219},{"file":237,"line":153,"context":219},{"file":248,"line":238,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fclosetab.php",{"file":248,"line":240,"context":219},{"file":248,"line":113,"context":219},{"file":252,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fcode.php",{"file":252,"line":14,"context":219},{"file":252,"line":14,"context":219},{"file":252,"line":238,"context":219},{"file":252,"line":238,"context":219},{"file":252,"line":238,"context":219},{"file":252,"line":240,"context":219},{"file":260,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fcolor.php",{"file":260,"line":14,"context":219},{"file":260,"line":14,"context":219},{"file":260,"line":240,"context":219},{"file":260,"line":240,"context":219},{"file":260,"line":240,"context":219},{"file":260,"line":153,"context":219},{"file":268,"line":28,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fhidden.php",{"file":268,"line":28,"context":219},{"file":268,"line":28,"context":219},{"file":272,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fhtml.php",{"file":272,"line":14,"context":219},{"file":275,"line":238,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fnotifications.php",{"file":275,"line":133,"context":219},{"file":275,"line":278,"context":219},20,{"file":275,"line":280,"context":219},28,{"file":275,"line":282,"context":219},36,{"file":284,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fnumber.php",{"file":284,"line":100,"context":219},{"file":284,"line":287,"context":219},4,{"file":284,"line":287,"context":219},{"file":284,"line":287,"context":219},{"file":284,"line":287,"context":219},{"file":284,"line":287,"context":219},{"file":284,"line":287,"context":219},{"file":284,"line":238,"context":219},{"file":295,"line":238,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fradio.php",{"file":295,"line":238,"context":219},{"file":295,"line":240,"context":219},{"file":295,"line":240,"context":219},{"file":295,"line":235,"context":219},{"file":295,"line":235,"context":219},{"file":295,"line":235,"context":219},{"file":295,"line":235,"context":219},{"file":295,"line":304,"context":219},18,{"file":306,"line":238,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fselect.php",{"file":306,"line":238,"context":219},{"file":306,"line":240,"context":219},{"file":306,"line":240,"context":219},{"file":306,"line":52,"context":219},{"file":306,"line":52,"context":219},{"file":306,"line":235,"context":219},{"file":306,"line":235,"context":219},{"file":306,"line":235,"context":219},{"file":306,"line":304,"context":219},{"file":317,"line":318,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fsettings.php",19,{"file":320,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fsize.php",{"file":320,"line":100,"context":219},{"file":320,"line":287,"context":219},{"file":320,"line":287,"context":219},{"file":320,"line":287,"context":219},{"file":320,"line":287,"context":219},{"file":320,"line":287,"context":219},{"file":320,"line":238,"context":219},{"file":320,"line":238,"context":219},{"file":320,"line":330,"context":219},10,{"file":320,"line":330,"context":219},{"file":320,"line":330,"context":219},{"file":320,"line":334,"context":219},15,{"file":336,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Ftext.php",{"file":336,"line":14,"context":219},{"file":336,"line":14,"context":219},{"file":336,"line":238,"context":219},{"file":336,"line":238,"context":219},{"file":336,"line":238,"context":219},{"file":336,"line":240,"context":219},{"file":344,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Ftextarea.php",{"file":344,"line":14,"context":219},{"file":344,"line":14,"context":219},{"file":344,"line":238,"context":219},{"file":344,"line":238,"context":219},{"file":344,"line":238,"context":219},{"file":344,"line":240,"context":219},{"file":352,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Ftitle.php",{"file":352,"line":14,"context":219},{"file":355,"line":100,"context":219},"inc\u002Fsunrise\u002Fviews\u002Fupload.php",{"file":355,"line":14,"context":219},{"file":355,"line":14,"context":219},{"file":355,"line":240,"context":219},{"file":355,"line":240,"context":219},{"file":355,"line":240,"context":219},{"file":355,"line":113,"context":219},{"file":355,"line":153,"context":219},[],[],{"summary":366,"deductions":367},"The \"recent-posts-from-each-category\" plugin exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and has no dangerous function calls or file operations, significant concerns exist regarding its input validation and authentication mechanisms. The static analysis highlights a concerning lack of nonce checks and capability checks, particularly on its AJAX handler, which is exposed without authentication. This creates a significant attack vector.  The plugin also struggles with output escaping, with only 1% of outputs being properly handled, increasing the risk of cross-site scripting (XSS) vulnerabilities if attacker-controlled data is ever displayed.\n\nThe vulnerability history, unfortunately, points to a recurring pattern. The presence of one unpatched medium severity CVE, previously identified as Cross-Site Request Forgery (CSRF), combined with the lack of robust authentication on its AJAX endpoint, suggests that similar vulnerabilities could be exploited. The fact that a previous CSRF vulnerability exists and there are no nonce checks on the AJAX handler is a strong indicator that this plugin is susceptible to these types of attacks.  Overall, while the plugin has some solid foundations in data handling, the critical gaps in authentication and output sanitization, coupled with its vulnerability history, present a notable risk that requires immediate attention.",[368,370,372,374,376],{"reason":369,"points":330},"Unprotected AJAX handler",{"reason":371,"points":52},"100% unescaped output observed",{"reason":373,"points":334},"Unpatched medium severity CVE",{"reason":375,"points":330},"Missing nonce checks",{"reason":377,"points":238},"Missing capability checks","2026-04-16T11:09:48.685Z",{"wat":380,"direct":391},{"assetPaths":381,"generatorPatterns":385,"scriptPaths":386,"versionParams":387},[382,383,384],"\u002Fwp-content\u002Fplugins\u002Frecent-posts-from-each-category\u002Fassets\u002Fcss\u002Fsunrise.css","\u002Fwp-content\u002Fplugins\u002Frecent-posts-from-each-category\u002Fassets\u002Fjs\u002Fform.js","\u002Fwp-content\u002Fplugins\u002Frecent-posts-from-each-category\u002Fassets\u002Fjs\u002Fsunrise.js",[],[383,384],[388,389,390],"recent-posts-from-each-category\u002Fassets\u002Fcss\u002Fsunrise.css?ver=","recent-posts-from-each-category\u002Fassets\u002Fjs\u002Fform.js?ver=","recent-posts-from-each-category\u002Fassets\u002Fjs\u002Fsunrise.js?ver=",{"cssClasses":392,"htmlComments":394,"htmlAttributes":395,"restEndpoints":397,"jsGlobals":398,"shortcodeOutput":400},[393],"rpfc-widget",[],[396],"data-rpfc-widget",[],[399],"Rpfec_Sunrise_Plugin_Framework",[401],"[recent_posts_from_each_category]",{"error":403,"url":404,"statusCode":405,"statusMessage":406,"message":406},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Frecent-posts-from-each-category\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":238,"versions":408},[409,415,422,430,438],{"version":6,"download_url":26,"svn_tag_url":410,"released_at":38,"has_diff":48,"diff_files_changed":411,"diff_lines":38,"trac_diff_url":412,"vulnerabilities":413,"is_current":403},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Frecent-posts-from-each-category\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Frecent-posts-from-each-category%2Ftags%2F1.3&new_path=%2Frecent-posts-from-each-category%2Ftags%2F1.4",[414],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":125,"download_url":416,"svn_tag_url":417,"released_at":38,"has_diff":48,"diff_files_changed":418,"diff_lines":38,"trac_diff_url":419,"vulnerabilities":420,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-from-each-category.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Frecent-posts-from-each-category\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Frecent-posts-from-each-category%2Ftags%2F1.2&new_path=%2Frecent-posts-from-each-category%2Ftags%2F1.3",[421],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":423,"download_url":424,"svn_tag_url":425,"released_at":38,"has_diff":48,"diff_files_changed":426,"diff_lines":38,"trac_diff_url":427,"vulnerabilities":428,"is_current":48},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-from-each-category.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Frecent-posts-from-each-category\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Frecent-posts-from-each-category%2Ftags%2F1.1&new_path=%2Frecent-posts-from-each-category%2Ftags%2F1.2",[429],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":431,"download_url":432,"svn_tag_url":433,"released_at":38,"has_diff":48,"diff_files_changed":434,"diff_lines":38,"trac_diff_url":435,"vulnerabilities":436,"is_current":48},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-from-each-category.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Frecent-posts-from-each-category\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Frecent-posts-from-each-category%2Ftags%2F1.0&new_path=%2Frecent-posts-from-each-category%2Ftags%2F1.1",[437],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"version":439,"download_url":440,"svn_tag_url":441,"released_at":38,"has_diff":48,"diff_files_changed":442,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":443,"is_current":48},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecent-posts-from-each-category.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Frecent-posts-from-each-category\u002Ftags\u002F1.0\u002F",[],[444],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38}]