[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fE1XILOG9hrzt_x5Zc9chV24rEDCDctYL366Am14XAB0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":51,"analysis":155,"fingerprints":273},"recommend-a-friend","Recommend to a friend","2.2.2","benjaminniess","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenjaminniess\u002F","\u003Cp>Plugin that add a share to friends jQuery Lightbox to your pages or posts. Users will be able to share your content using 2 ways :\u003C\u002Fp>\n\u003Col>\n\u003Cli>Writing email addresses manually\u003C\u002Fli>\n\u003Cli>Using Facebook and Twitter sharing feature\u003C\u002Fli>\n\u003C\u002Fol>\n","Plugin that add a share to friends jQuery Lightbox to your pages or posts. Users will be able to share your content using 2 ways :",40,20577,70,6,"2018-04-09T17:12:00.000Z","4.9.29","3.1","",[20,21,22,23,24],"email","facebook","recommend","share","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecommend-a-friend.2.2.2.zip",64,1,"2013-12-24 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2013-7276","recommend-to-a-friend-cross-site-scripting","Recommend to a friend \u003C= 2.2.2 - Cross-Site Scripting","Cross-site scripting (XSS) vulnerability in inc\u002Fraf_form.php in the Recommend to a friend plugin 2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url parameter.",null,"\u003C=2.2.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb8c66ddd-8a01-40e0-8893-668551b527d1?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":48,"computed_at":50},4,1150,80,30,"2026-04-05T11:59:56.669Z",[52,78,96,112,129],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":73,"download_link":74,"security_score":75,"vuln_count":27,"unpatched_count":76,"last_vuln_date":77,"fetched_at":29},"facebook-likebox-widget-and-shortcode","Profile Box Shortcode And Widget","1.2.3","A WP Life","https:\u002F\u002Fprofiles.wordpress.org\u002Fawordpresslife\u002F","\u003Ch4>Like Box Widget & Shortcode – Social Profile\u003C\u002Fh4>\n\u003Cp>A very easy and simple Facebook like box widget & shortcode plugin for wordPress websites\u002Fblogs.\u003C\u002Fp>\n\u003Cp>You can promote any page with like box. It is also responsive so you can use it on any page and post.\u003C\u002Fp>\n\u003Cp>You can attract visitor to your page with like box and divert your site traffic to your page.\u003C\u002Fp>\n\u003Cp>To activate like box widget on your website. Go to widgets area in admin dashboard, find the “Like box Widget” named widget and activate in any widget of theme.\u003C\u002Fp>\n\u003Cp>For pages and groups you can choose the user roles whose posts will be shared- page owner\u002F group admin, group member\u002Fpage fans or both. Hashtags and mentions included in posts will be preserved. The page plugin comes with a number of great features and functionality to allow you create anything from free simple feeds to custom feeds, including group events, like box, feed gallery and more to increase engagement of your fans.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Major features in Like Box plugin include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Like box Widget\u003C\u002Fli>\n\u003Cli>Like box Shortcode\u003C\u002Fli>\n\u003Cli>Custom Application ID\u003C\u002Fli>\n\u003Cli>Custom Widget Title\u003C\u002Fli>\n\u003Cli>Widget Custom Width (Min Width: 180 – Max Width: 500)\u003C\u002Fli>\n\u003Cli>Widget Custom Height (Min Height: 70 )\u003C\u002Fli>\n\u003Cli>Full Width Widget\u003C\u002Fli>\n\u003Cli>Show Page Cover\u003C\u002Fli>\n\u003Cli>Show Page Header\u003C\u002Fli>\n\u003Cli>Small And Large Page Header\u003C\u002Fli>\n\u003Cli>Show Friends\u003C\u002Fli>\n\u003Cli>Show Page Post\u002FStream\u003C\u002Fli>\n\u003Cli>43 Language support for like box\u003C\u002Fli>\n\u003C\u002Ful>\n","A very easy and simple Facebook like box shortcode and widget plugin with mini profile, like Button, Share Button plugin For WordPress",2000,245036,78,8,"2025-12-03T09:03:00.000Z","6.9.4","7.0",[68,69,70,71,72],"facebook-likebox-widget","like-box","like-button","mini-profile-box","share-button","https:\u002F\u002Fawplife.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacebook-likebox-widget-and-shortcode.1.2.3.zip",100,0,"2024-02-27 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":75,"downloaded":86,"rating":48,"num_ratings":27,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":93,"download_link":94,"security_score":95,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"sharedaddy","Sharedaddy","0.2.13","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>Future upgrades to Sharedaddy plugin will only be available in \u003Ca href=\"http:\u002F\u002Fjetpack.me\u002F\" rel=\"nofollow ugc\">Jetpack\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Jetpack connects your blog to the WordPress.com cloud, \u003Ca href=\"http:\u002F\u002Fjetpack.me\u002Fsupport\u002F\" rel=\"nofollow ugc\">enabling awesome features\u003C\u002Fa>.\u003C\u002Fp>\n","Future upgrades to Sharedaddy plugin will only be available in Jetpack.",156510,"2012-07-24T13:03:00.000Z","3.1.4","3.0",[20,21,23,91,92],"sharing","twitter","http:\u002F\u002Fen.blog.wordpress.com\u002F2010\u002F08\u002F24\u002Fmore-ways-to-share\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsharedaddy.zip",85,{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":76,"num_ratings":76,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":18,"tags":109,"homepage":18,"download_link":111,"security_score":95,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"recommend-by-mail-widget","Recommend by mail widget","1.0","Jacques Malgrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fsojahu\u002F","\u003Cp>This plugin adds a simple widget that allows you to display an email form and a submit button.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You have the options to choose to recommend the site or the current page.\u003C\u002Fli>\n\u003Cli>The mail subject and content can be changed.\u003C\u002Fli>\n\u003Cli>You can limit the number of recommendation sended by user a day.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The widget is only displayed if the user is connected.\u003C\u002Fp>\n","Recommend the site or the current page to a friend by mail.",10,1182,"2017-01-11T23:35:00.000Z","4.7.32","3.0.1",[20,23,110,24],"sidebar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecommend-by-mail-widget.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":104,"downloaded":120,"rating":76,"num_ratings":76,"last_updated":121,"tested_up_to":122,"requires_at_least":89,"requires_php":18,"tags":123,"homepage":127,"download_link":128,"security_score":95,"vuln_count":76,"unpatched_count":76,"last_vuln_date":36,"fetched_at":29},"simple-social-bar","Simple Social Bar","1.0.1","telepathy","https:\u002F\u002Fprofiles.wordpress.org\u002Fdtelepathy\u002F","\u003Cp>A simple, easy to use, easy to configure social bar that will allow a user to add social share links to their WordPress website. This plugin came from the idea implemented with the popular Share Bar plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsharebar\u002F), but offers many improvements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Completely new, easier to understand code base making it easier for possible community contribution and personal customization\u003C\u002Fli>\n\u003Cli>No additional database tables, but instead utilizes a private custom post type for social link buttons\u003C\u002Fli>\n\u003Cli>Better control over where the bar appears allowing for per-post type filtering\u003C\u002Fli>\n\u003Cli>Less obtrusive implementation for better caching and minification plugin compatibility as well as control over when the plugin is loaded\u003C\u002Fli>\n\u003Cli>Simpler administrative interface with drag and drop ordering capabilities\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Works in IE7+, Firefox 2+, Chrome 2+, Safari 3+ and Opera 9+; vertical following does not work in IE6. Utilizes jQuery for JavaScript processing, although it is setup to work properly with other libraries, your experience may vary. Requires PHP 5.2+.\u003C\u002Fp>\n\u003Cp>This plugin is free to use and is not actively supported by the author, but will be monitored for serious bugs that may need correcting.\u003C\u002Fp>\n","A simple, easy to use, easy to configure social share bar that follows you down the page for sharing your posts.",14743,"2011-08-01T19:11:00.000Z","3.2.1",[124,21,125,110,126],"dtelepathy","sharebar","social-widget","http:\u002F\u002Fwww.dtelepathy.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-social-bar.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":66,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":150,"download_link":151,"security_score":152,"vuln_count":153,"unpatched_count":76,"last_vuln_date":154,"fetched_at":29},"social-icons-widget-by-wpzoom","Social Icons Widget & Block – Social Media Icons & Share Buttons","4.5.9","WPZOOM","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpzoom\u002F","\u003Ch4>Social Media Icons & Share Buttons for WordPress\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The best social icons plugin for WordPress.\u003C\u002Fstrong> Add beautiful social media icons and share buttons anywhere on your site. 400+ icons, Gutenberg block, widget, Elementor support – all in one plugin.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fsocial-icons-widget-by-wpzoom\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002Fsocial-icons\u002F\" rel=\"nofollow ugc\">Social Icons Block Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002Fsocial-icons\u002F2016\u002F04\u002F21\u002Fsharing-buttons\u002F\" rel=\"nofollow ugc\">Sharing Buttons Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Social Icons & Sharing Buttons\u003C\u002Fstrong> helps you to add social media icons and sharing buttons to your website. The plugin includes several icon sets, which gives you the possibility to use the widget for more than just linking to your social media profiles. You can use generic icons to add links to anything you want, and enable sharing buttons to let visitors share your content across social networks.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>With the help of WPZOOM’s excellent Social Icons Widget plugin, you can link to all your social network profiles and add sharing buttons in no time, letting your visitors easily get in touch with you on all social media channels and share your content.\u003Cbr \u002F>\n  ⭐️⭐️⭐️⭐️⭐️\u003Cbr \u002F>\n  WPKlik\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>What’s new in 4.5.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW: Social Sharing Buttons Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NEW: Add Social Sharing Buttons in posts and pages\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s new in 4.4.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW: Add SVG Icons in the Social Icons Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s new in 4.0.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW: Gutenberg Block\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>New icon styles in the new Social Icons Block\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Where I can view a Demo?\u003C\u002Fh4>\n\u003Cp>You can view the plugin live in all our themes at \u003Ca href=\"https:\u002F\u002Fwww.wpzoom.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">WPZOOM\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>View Demo & Examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002F?theme=foodica\" rel=\"nofollow ugc\">Foodica Theme\u003C\u002Fa> – header bar and sidebar\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdemo.wpzoom.com\u002Finspiro\" rel=\"nofollow ugc\">Inspiro Theme\u003C\u002Fa> – sidebar panel and footer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Social Icons Block:\u003C\u002Fstrong>\u003Cbr \u002F>\n* SVG Icons Support – Upload custom SVG icons\u003Cbr \u002F>\n* 400+ Custom Icons from 5 Icon Sets\u003Cbr \u002F>\n* Gutenberg Block with Live Preview\u003Cbr \u002F>\n* Drag & Drop Icons with Sortable Arrows\u003Cbr \u002F>\n* Color Picker for Each Icon\u003Cbr \u002F>\n* Search by Keywords\u003Cbr \u002F>\n* Adjust Icon Size & Padding\u003Cbr \u002F>\n* Multiple Styles: Icon Shape and Icon with Background\u003Cbr \u002F>\n* 3 Background Styles: Rounded Corners, Round, Square\u003Cbr \u002F>\n* Icon Sets + Shortcodes\u003Cbr \u002F>\n* Elementor Widget Integration\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Social Sharing Buttons Block:\u003C\u002Fstrong>\u003Cbr \u002F>\n* 12+ Sharing Platforms: Facebook, X, Threads, LinkedIn, Pinterest, Reddit, Telegram, WhatsApp, Bluesky, Email, Copy Link, and Print\u003Cbr \u002F>\n* Multiple Button Styles: Circle, Square, Rounded, Outlined, Minimal, One-tone\u003Cbr \u002F>\n* Customizable Colors, Sizes, Padding & Margins\u003Cbr \u002F>\n* Show\u002FHide Labels\u003Cbr \u002F>\n* Print Button to Trigger Browser Print Dialog\u003Cbr \u002F>\n* Copy Link Button with Visual Feedback\u003Cbr \u002F>\n* X\u002FTwitter Username Integration (via parameter)\u003C\u002Fp>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cp>Upgrade to \u003Ca href=\"https:\u002F\u002Fwww.wpzoom.com\u002Fplugins\u002Fsocial-share\u002F\" rel=\"nofollow ugc\">Social Icons Widget PRO\u003C\u002Fa> to unlock powerful features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Floating Buttons\u003C\u002Fstrong> – Display social sharing icons as a fixed floating bar on the side of your website (NEW!)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share Analytics Dashboard\u003C\u002Fstrong> – Track how visitors share your content with detailed analytics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Like Button\u003C\u002Fstrong> – Add a like button to let visitors engage with your posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI Share Buttons\u003C\u002Fstrong> – Share to ChatGPT, Claude, and Perplexity AI platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Share Counts\u003C\u002Fstrong> – Display total and individual share counts on buttons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>External Share Counts\u003C\u002Fstrong> – Fetch real share counts from Facebook, Pinterest via SharedCount API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom SVG Icon Uploads\u003C\u002Fstrong> – Upload your own custom SVG icons\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Nav Menu Integration\u003C\u002Fstrong> – Add social icons directly to WordPress navigation menus\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard Widget\u003C\u002Fstrong> – Quick stats overview right on your WordPress dashboard\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong> – Get help faster with priority email support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpzoom.com\u002Fplugins\u002Fsocial-share\u002F\" rel=\"nofollow ugc\">Learn more about PRO \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>General Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* 100+ Sites\u002FSocial Networks Supported\u003Cbr \u002F>\n* FontAwesome Integration\u003Cbr \u002F>\n* Academicons Integration: 38 Academia Icons for Academics\u003Cbr \u002F>\n* Supports Email Addresses (mailto:email@example.com)\u003Cbr \u002F>\n* Supports Telephone Numbers (tel:12345)\u003Cbr \u002F>\n* Supports Viber (viber:\u002F\u002Fadd?number=123456)\u003Cbr \u002F>\n* Supports WhatsApp (https:\u002F\u002Fapi.whatsapp.com\u002Fsend?phone=15551234567)\u003C\u002Fp>\n\u003Ch4>Icons\u003C\u002Fh4>\n\u003Cp>Twitter, X, Facebook, Instagram, Pinterest, Snapchat, Threads, Yelp, LinkedIn, Bloglovin’, Lookbook, Feedly, Periscope, SoundCloud, Spotify, Last.fm, YouTube, Vimeo, Flickr, 500px, Tumblr, Blogger, Reddit, Dribbble, Envato, Behance, DeviantArt, GitHub, RSS, Disqus, Stackoverflow, Komoot, Tiktok, Mailchimp, Podcasts, Telegram, TripAdvisor, AirBnb, Baidu, ebay, Medium, Periscope, Snapchat, Bandcamp, Eyem, Viber, Quora, Etsy, Meetup, Linode, IMDB, Overwatch, Strava, Tidal, Deezer, Unsplash, Codered, Udemy, CrunchBase, Angie’s List, App Store, Nextdoor, WhatsApp, ResearchGate, Slack, Songkick, ReverbNation, Bluesky\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Some Social Icons are provided by the Socicon icon font.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fjpswalsh.github.io\u002Facademicons\u002F\" rel=\"nofollow ugc\">Academicons\u003C\u002Fa> are provided by James Walsh.\u003C\u002Fp>\n\u003Ch4>GDPR COMPLIANCE\u003C\u002Fh4>\n\u003Cp>Social Icons & Sharing Buttons does not collect any information from your visitors, therefore it’s \u003Cstrong>100% GDPR compliant\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>Looking to contribute code to this plugin? Go ahead and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwpzoom\u002Fsocial-icons-widget\u002F\" rel=\"nofollow ugc\">fork the repository over at GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.",100000,3727901,98,143,"2026-03-12T19:31:00.000Z","6.5","7.4",[145,146,147,148,149],"share-buttons","social-icons","social-media-icons","social-media-widget","social-sharing","https:\u002F\u002Fwww.wpzoom.com\u002Fplugins\u002Fsocial-share\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsocial-icons-widget-by-wpzoom.4.5.9.zip",96,3,"2026-03-12 20:38:20",{"attackSurface":156,"codeSignals":197,"taintFlows":259,"riskAssessment":260,"analyzedAt":272},{"hooks":157,"ajaxHandlers":190,"restRoutes":191,"shortcodes":192,"cronEvents":196,"entryPointCount":27,"unprotectedCount":76},[158,164,168,172,176,180,185],{"type":159,"name":160,"callback":161,"file":162,"line":163},"action","admin_menu","raf_plugin_menu","inc\\class-admin.php",11,{"type":159,"name":165,"callback":166,"file":162,"line":167},"admin_init","init_scripts_and_styles",12,{"type":159,"name":169,"callback":170,"file":171,"line":104},"init","init_styles_scripts","inc\\class-client.php",{"type":173,"name":174,"callback":175,"file":171,"line":163},"filter","the_content","auto_add_button",{"type":159,"name":177,"callback":178,"file":171,"line":179},"template_redirect","load_popin",13,{"type":159,"name":181,"callback":182,"file":183,"line":184},"widgets_init","anonymous","inc\\class-raf-widget.php",63,{"type":159,"name":186,"callback":187,"file":188,"line":189},"plugins_loaded","raf_init","recommend-to-a-friend.php",60,[],[],[193],{"tag":194,"callback":195,"file":171,"line":167},"raf_link","shortcode_recommend_a_friend_link",[],{"dangerousFunctions":198,"sqlUsage":202,"outputEscaping":204,"fileOperations":76,"externalRequests":76,"nonceChecks":27,"capabilityChecks":76,"bundledLibraries":258},[199],{"fn":200,"file":183,"line":184,"context":201},"create_function","add_action( 'widgets_init', create_function( '', 'return register_widget( \"RAF_Widget\");' ) );",{"prepared":76,"raw":76,"locations":203},[],{"escaped":205,"rawEcho":49,"locations":206},17,[207,210,212,214,216,217,218,219,220,222,223,225,226,228,229,232,234,236,238,239,241,243,245,247,249,252,253,255,256,257],{"file":162,"line":208,"context":209},50,"raw output",{"file":183,"line":211,"context":209},22,{"file":183,"line":213,"context":209},31,{"file":215,"line":27,"context":209},"views\\admin\\widget-form.tpl.php",{"file":215,"line":153,"context":209},{"file":215,"line":153,"context":209},{"file":215,"line":153,"context":209},{"file":215,"line":63,"context":209},{"file":215,"line":221,"context":209},9,{"file":215,"line":104,"context":209},{"file":215,"line":224,"context":209},14,{"file":215,"line":224,"context":209},{"file":215,"line":227,"context":209},18,{"file":215,"line":227,"context":209},{"file":230,"line":231,"context":209},"views\\raf-form.tpl.php",19,{"file":230,"line":233,"context":209},24,{"file":230,"line":235,"context":209},25,{"file":230,"line":237,"context":209},28,{"file":230,"line":213,"context":209},{"file":230,"line":240,"context":209},34,{"file":230,"line":242,"context":209},37,{"file":230,"line":244,"context":209},56,{"file":230,"line":246,"context":209},105,{"file":230,"line":248,"context":209},108,{"file":250,"line":251,"context":209},"views\\raf-link.tpl.php",2,{"file":250,"line":153,"context":209},{"file":254,"line":153,"context":209},"views\\widget.tpl.php",{"file":254,"line":221,"context":209},{"file":254,"line":224,"context":209},{"file":254,"line":231,"context":209},[],[],{"summary":261,"deductions":262},"The \"recommend-a-friend\" plugin version 2.2.2 exhibits a mixed security posture. While it demonstrates good practices such as 100% SQL query sanitization using prepared statements and a single nonce check, significant concerns arise from other areas.  The presence of the dangerous `create_function` function is a notable red flag, as it can be exploited for remote code execution if improperly handled. Furthermore, a substantial portion (64%) of output escaping is not properly implemented, posing a risk of Cross-Site Scripting (XSS) vulnerabilities, which is consistent with its vulnerability history.  The plugin's attack surface is small with only one entry point (a shortcode), and this entry point appears to be unprotected from an authorization perspective, though the static analysis doesn't reveal direct issues in this specific version's code beyond the `create_function` usage. The vulnerability history highlights a past medium-severity XSS vulnerability from 2013, and the fact that it remains unpatched for that specific CVE is a critical concern.",[263,266,268,270],{"reason":264,"points":265},"Unpatched CVE (medium severity)",15,{"reason":267,"points":14},"High percentage of unescaped output",{"reason":269,"points":63},"Dangerous function used (create_function)",{"reason":271,"points":46},"Shortcode entry point without capability check","2026-03-16T22:09:21.304Z",{"wat":274,"direct":289},{"assetPaths":275,"generatorPatterns":282,"scriptPaths":283,"versionParams":284},[276,277,278,279,280,281],"\u002Fwp-content\u002Fplugins\u002Frecommend-a-friend\u002Fcss\u002Fraf-admin-styles.css","\u002Fwp-content\u002Fplugins\u002Frecommend-a-friend\u002Fjs\u002Fraf_admin.js","\u002Fwp-content\u002Fplugins\u002Frecommend-a-friend\u002Fjs\u002Ffancybox\u002Fjquery.fancybox-1.3.4.pack.js","\u002Fwp-content\u002Fplugins\u002Frecommend-a-friend\u002Fjs\u002Ffancybox\u002Fjquery.fancybox-1.3.4.css","\u002Fwp-content\u002Fplugins\u002Frecommend-a-friend\u002Fcss\u002Fraf-styles.css","\u002Fwp-content\u002Fplugins\u002Frecommend-a-friend\u002Fjs\u002Fraf_script.js",[],[277,278,281],[285,286,287,288],"recommend-a-friend\u002Fjs\u002Ffancybox\u002Fjquery.fancybox-1.3.4.pack.js?ver=1.3","recommend-a-friend\u002Fjs\u002Fraf_script.js?ver=1.0","recommend-a-friend\u002Fjs\u002Ffancybox\u002Fjquery.fancybox-1.3.4.css?ver=1.3.4","recommend-a-friend\u002Fcss\u002Fraf-styles.css?ver=1.0",{"cssClasses":290,"htmlComments":291,"htmlAttributes":292,"restEndpoints":293,"jsGlobals":294,"shortcodeOutput":296},[],[],[],[],[295],"RAF_URL",[]]