[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fasCyh5yRQ9YCnyujz8vKrx2AnWBPBXG7VUh3Cm67c1s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":138,"fingerprints":200},"recommend-by-mail-widget","Recommend by mail widget","1.0","Jacques Malgrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fsojahu\u002F","\u003Cp>This plugin adds a simple widget that allows you to display an email form and a submit button.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You have the options to choose to recommend the site or the current page.\u003C\u002Fli>\n\u003Cli>The mail subject and content can be changed.\u003C\u002Fli>\n\u003Cli>You can limit the number of recommendation sended by user a day.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The widget is only displayed if the user is connected.\u003C\u002Fp>\n","Recommend the site or the current page to a friend by mail.",10,1182,0,"2017-01-11T23:35:00.000Z","4.7.32","3.0.1","",[19,20,21,22],"email","share","sidebar","widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecommend-by-mail-widget.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sojahu",4,530,86,777,69,"2026-04-05T11:59:42.474Z",[37,59,81,92,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":57,"download_link":58,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"flare","Flare","1.2.7","telepathy","https:\u002F\u002Fprofiles.wordpress.org\u002Fdtelepathy\u002F","\u003Cp>The Flare plugin isn’t in active development because we’ve created a hosted app version of Flare that works with virtually any website or CMS, including WordPress.\u003C\u002Fp>\n\u003Cp>Flare Lite is here, and it’s awesome – go \u003Ca href=\"http:\u002F\u002Fapp.filament.io\u002Fusers\u002Fregister\" rel=\"nofollow ugc\">sign up for a free Filament account\u003C\u002Fa> to use it.\u003C\u002Fp>\n\u003Cp>For more info on the differences, check out \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-few-of-the-common-questions-about-the-plugin\" rel=\"ugc\">this Forum post\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>&nbsp;\u003C\u002Fh4>\n\u003Ch4>About the Flare WordPress Plugin\u003C\u002Fh4>\n\u003Cp>Up your website’s social score with a little social Flare! Easily configure and share your blog posts across some of the most popular networks.\u003C\u002Fp>\n\u003Cp>Flare allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a Follow Me widget – place widgets on your site with links to your social networks to get more followers.\u003C\u002Fli>\n\u003Cli>Configure multiple share icons for some of the most popular sharing services like Twitter, Facebook, Stumble Upon, Reddit, Google+ and Pinterest! More coming soon!\u003C\u002Fli>\n\u003Cli>Easily order your icons, customize their icons’ appearance\u003C\u002Fli>\n\u003Cli>Control which post types your Flare appears on\u003C\u002Fli>\n\u003Cli>Display your Flare at the top, bottom, left or right sides of your post content\u003C\u002Fli>\n\u003Cli>Flare displayed on the left and right of your post follow your visitors down the page as they scroll and conveniently hide when not needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Flare buttons work in IE7+ as well as current versions of Firefox, Chrome, Safari and Opera; vertical following does not work in IE6. Admin interface requires a modern browser (e.g. anything not IE 6-8 :). Utilizes jQuery for JavaScript processing, although it is setup to work properly with other libraries, your experience may vary. Requires PHP 5.2+.\u003C\u002Fp>\n\u003Cp>This plugin is free to use and is not actively supported by the author, but will be monitored for serious bugs that may need correcting.\u003C\u002Fp>\n","Flare is a simple yet eye-catching social sharing bar that gets you followed and lets your content get shared via posts, pages, and media types.",700,189644,62,46,"2017-11-28T15:19:00.000Z","3.7.41","3.0",[53,54,55,21,56],"dtelepathy","dtlabs","sharebar","social-widget","http:\u002F\u002Fwww.dtelepathy.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflare.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":17,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":79,"last_vuln_date":80,"fetched_at":26},"recommend-a-friend","Recommend to a friend","2.2.2","benjaminniess","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenjaminniess\u002F","\u003Cp>Plugin that add a share to friends jQuery Lightbox to your pages or posts. Users will be able to share your content using 2 ways :\u003C\u002Fp>\n\u003Col>\n\u003Cli>Writing email addresses manually\u003C\u002Fli>\n\u003Cli>Using Facebook and Twitter sharing feature\u003C\u002Fli>\n\u003C\u002Fol>\n","Plugin that add a share to friends jQuery Lightbox to your pages or posts. Users will be able to share your content using 2 ways :",40,20577,70,6,"2018-04-09T17:12:00.000Z","4.9.29","3.1",[19,75,76,20,22],"facebook","recommend","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frecommend-a-friend.2.2.2.zip",64,1,"2013-12-24 00:00:00",{"slug":82,"name":83,"version":84,"author":41,"author_profile":42,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":51,"requires_php":17,"tags":90,"homepage":57,"download_link":91,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"simple-social-bar","Simple Social Bar","1.0.1","\u003Cp>A simple, easy to use, easy to configure social bar that will allow a user to add social share links to their WordPress website. This plugin came from the idea implemented with the popular Share Bar plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsharebar\u002F), but offers many improvements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Completely new, easier to understand code base making it easier for possible community contribution and personal customization\u003C\u002Fli>\n\u003Cli>No additional database tables, but instead utilizes a private custom post type for social link buttons\u003C\u002Fli>\n\u003Cli>Better control over where the bar appears allowing for per-post type filtering\u003C\u002Fli>\n\u003Cli>Less obtrusive implementation for better caching and minification plugin compatibility as well as control over when the plugin is loaded\u003C\u002Fli>\n\u003Cli>Simpler administrative interface with drag and drop ordering capabilities\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Works in IE7+, Firefox 2+, Chrome 2+, Safari 3+ and Opera 9+; vertical following does not work in IE6. Utilizes jQuery for JavaScript processing, although it is setup to work properly with other libraries, your experience may vary. Requires PHP 5.2+.\u003C\u002Fp>\n\u003Cp>This plugin is free to use and is not actively supported by the author, but will be monitored for serious bugs that may need correcting.\u003C\u002Fp>\n","A simple, easy to use, easy to configure social share bar that follows you down the page for sharing your posts.",14743,"2011-08-01T19:11:00.000Z","3.2.1",[53,75,55,21,56],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-social-bar.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":112,"download_link":113,"security_score":114,"vuln_count":115,"unpatched_count":13,"last_vuln_date":116,"fetched_at":26},"custom-sidebars","Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager","3.38","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Cstrong>Manage and replace sidebars and other classic widget areas on your site with Custom Sidebars, a flexible widget area manager.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Make custom sidebar configurations and be able to choose what classic widgets display on each page or post of your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Need to make a \u003Cstrong>widget sticky\u003C\u002Fstrong> or fixed? Try our free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsticky-menu-or-anything-on-scroll\u002F\" rel=\"ugc\">WP Sticky Anything\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Custom Sidebars works ONLY with the classic widgets screen that was used in WordPress before version 5.8. If you want to use it with version 5.8 (and above) you have to install the official \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-widgets\u002F\" rel=\"ugc\">Classic Widgets\u003C\u002Fa> plugin, or enable the classic widgets interface yourself. Once the classic widgets screen is activated the plugin will work the same as before.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Having problems setting up SSL or generating an SSL certificate? Install the free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-force-ssl\u002F\" rel=\"ugc\">WP Force SSL\u003C\u002Fa> plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Display Different Sidebars on Pages and Posts\u003C\u002Fh4>\n\u003Cp>Custom Sidebars allows you to dynamically display custom widget configurations on any page, post, category, post type, or archive page.\u003C\u002Fp>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Custom Sidebars will go on my “essential plugins” list from now on. I am pleased by how easy it was to figure out and by how many options are available in the free version.” – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonkeyhateclean\" rel=\"nofollow ugc\">monkeyhateclean\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“This plugin does exactly what it says. It’s light, integrates well into WordPress and gives you tons of possibilities.” – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fdarknova11\" rel=\"nofollow ugc\">DarkNova\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Every part of Custom Sidebars integrates seamlessly with the Widgets menu for simplicity and control. No confusing settings pages or added menu items, just simple core integration.\u003C\u002Fp>\n\u003Ch4>A Simple Flexible Sidebar Manager\u003C\u002Fh4>\n\u003Cp>** Custom Sidebars Includes: **\u003Cbr \u002F>\n* Unlimited custom widget configurations\u003Cbr \u002F>\n* Set custom widgets for individual posts and pages, categories, post types, and archives\u003Cbr \u002F>\n* Seamless integration with the WordPress Widgets menu\u003Cbr \u002F>\n* Works with well-coded themes and doesn’t slow down your site\u003Cbr \u002F>\n* Set individual widget visibility – for guests, by user role, by post type, for special pages or categories\u003Cbr \u002F>\n* Author specific sidebars – display a custom sidebar for each of your authors\u003Cbr \u002F>\n* Clone and sync widget settings – quickly edit complex configurations\u003Cbr \u002F>\n* Import and export custom sidebars – backup and share sidebars\u003C\u002Fp>\n\u003Cp>Install Custom Sidebars and see for yourself why it’s the most popular widget extension plugin available for WordPress with over 200,000 active installs.\u003C\u002Fp>\n\u003Ch3>Contact and Credits\u003C\u002Fh3>\n\u003Cp>Original development completed by \u003Ca href=\"http:\u002F\u002Fmarquex.es\u002F\" rel=\"nofollow ugc\">Javier Marquez\u003C\u002Fa>.\u003C\u002Fp>\n","Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!",100000,5193767,94,1028,"2025-12-03T19:20:00.000Z","6.9.4","4.6","5.6",[109,110,111,21,22],"classic-widgets","custom-sidebar","dynamic-widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-sidebars\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-sidebars.3.38.zip",98,3,"2017-10-04 00:00:00",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":100,"downloaded":125,"rating":114,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":17,"tags":130,"homepage":134,"download_link":135,"security_score":136,"vuln_count":79,"unpatched_count":13,"last_vuln_date":137,"fetched_at":26},"image-widget","Image Widget","4.4.11","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Cp>Image Widget is a simple plugin that uses the native WordPress media manager to add image widgets to your site.\u003C\u002Fp>\n\u003Ch4>Image Widget Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Handles image resizing and alignment\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Add title and description\u003C\u002Fli>\n\u003Cli>Versatile – all fields are optional\u003C\u002Fli>\n\u003Cli>Upload, link to external image, or select an image from your media collection\u003C\u002Fli>\n\u003Cli>Customize the look & feel with filter hooks or theme overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quality You Can Trust\u003C\u002Fh4>\n\u003Cp>Image Widget is developed and maintained by \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F1aor\" rel=\"nofollow ugc\">The Events Calendar\u003C\u002Fa>, the same folks behind \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F19me\" rel=\"nofollow ugc\">The Events Calendar, Event Tickets, and a full suite of premium plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported by our team and contributions from community members. If you see a question in the forum you can help with or have a great idea and want to code it up or submit a patch, that would be awesome! Not only will we shower you with praise and thanks, it’s also a good way to get to know us and lead into options for paid work if you freelance.\u003C\u002Fp>\n\u003Ch4>Pull Requests & Translations\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthe-events-calendar\u002Fimage-widget\" rel=\"nofollow ugc\">Check us out on GitHub\u003C\u002Fa> to pull request changes.\u003C\u002Fp>\n\u003Cp>Translations can be submitted \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fimage-widget\" rel=\"nofollow ugc\">here on WordPress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The Image Widget comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “image-widget” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>New in 3.2: You may now also use the “sp_template_image-widget_widget.php” filter to override the default template behavior for .php template files. Eg: if you wanted widget.php to reside in a folder called my-custom-templates\u002F and wanted it to be called my-custom-name.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('sp_template_image-widget_widget.php', 'my_template_filter');\nfunction my_template_filter($template) {\n    return get_template_directory() . '\u002Fmy-custom-templates\u002Fmy-custom-name.php';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>There are a number of filters in the code that will allow you to override data as you see fit. The best way to learn what filters are available is always by simply searching the code for ‘apply_filters’. But all the same, here are a few of the more essential filters:\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_title\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This is actually a pretty typical filter in widgets and is applied to the widget title.\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_text\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Another very typical widget filter that is applied to the description body text. This filter also takes 2 additional arguments for $args and $instance so that you can learn more about the specific widget instance in the process of filtering the content.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attachment_id\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the attachment id of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_url\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url of the image displayed in the widget.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nTHIS IS DEPRECATED AND WILL EVENTUALLY BE DELETED\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_width\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display width of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_height\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display height of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxwidth\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-width style of the image. Hint: override this to use this in responsive designs 🙂\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to ‘100%’).\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxheight\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-height style of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to null)\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_size\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the selected image ‘size’ corresponding to WordPress registered sizes.\u003Cbr \u002F>\nIf this is set to ‘tribe_image_widget_custom’ then the width and height are used instead.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_align\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display alignment of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_alt\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the alt text of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url that the image links to.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link_target\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the link target of the image link.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of image attributes used in the image output. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_link_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of attributes used in the image link. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Ch4>Have You Supported the Image Widget?\u003C\u002Fh4>\n\u003Cp>If so, then THANK YOU! Also, feel free to add this line to your wp-config.php file to prevent the image widget from displaying a message after upgrades.\u003C\u002Fp>\n\u003Cp>define( ‘I_HAVE_SUPPORTED_THE_IMAGE_WIDGET’, true );\u003C\u002Fp>\n\u003Cp>For more info on the philosophy here, check out our \u003Ca href=\"http:\u002F\u002Ftri.be\u002Fdefine-i-have-donated-true\u002F\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>\u003C\u002Fp>\n","A simple image widget that uses the native WordPress media manager to add image widgets to your site.",4620377,287,"2024-11-20T20:44:00.000Z","6.7.5","3.5",[131,132,133,21,22],"ad","banner","image","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget.4.4.11.zip",91,"2024-11-22 00:00:00",{"attackSurface":139,"codeSignals":151,"taintFlows":187,"riskAssessment":188,"analyzedAt":199},{"hooks":140,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":13,"unprotectedCount":13},[141],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","widgets_init","recommend_by_mail_widget_init","recommend-by-mail-widget.php",14,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":157,"outputEscaping":159,"fileOperations":13,"externalRequests":13,"nonceChecks":79,"capabilityChecks":13,"bundledLibraries":186},[153],{"fn":154,"file":145,"line":155,"context":156},"unserialize",124,"if($meta_rbm) $max = unserialize($meta_rbm);",{"prepared":13,"raw":13,"locations":158},[],{"escaped":11,"rawEcho":160,"locations":161},12,[162,165,167,169,171,173,175,176,178,180,182,184],{"file":145,"line":163,"context":164},45,"raw output",{"file":145,"line":166,"context":164},49,{"file":145,"line":168,"context":164},56,{"file":145,"line":170,"context":164},60,{"file":145,"line":172,"context":164},67,{"file":145,"line":174,"context":164},72,{"file":145,"line":102,"context":164},{"file":145,"line":177,"context":164},96,{"file":145,"line":179,"context":164},107,{"file":145,"line":181,"context":164},108,{"file":145,"line":183,"context":164},109,{"file":145,"line":185,"context":164},111,[],[],{"summary":189,"deductions":190},"The \"recommend-by-mail-widget\" v1.0 plugin presents a mixed security posture. On the positive side, it has a very small attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are excellent security practices. The presence of a nonce check is also a positive indicator.\n\nHowever, the static analysis reveals a significant concern with the use of the \"unserialize\" function. This function is inherently dangerous if used with untrusted input, as it can lead to arbitrary object injection and code execution vulnerabilities. The fact that there are no capability checks on any entry points, combined with the presence of unserialize, raises a red flag. While the taint analysis did not reveal any immediate issues, this could be due to limited analysis scope or the specific nature of the data flow. The plugin also has a clean vulnerability history, with no recorded CVEs, suggesting that the existing code, despite its potential risks, has not yet been exploited in the wild or identified as vulnerable.\n\nIn conclusion, while the plugin has a minimal attack surface and good practices in areas like SQL handling, the use of \"unserialize\" without evident capability checks on entry points represents a notable security risk. The lack of vulnerability history is reassuring but does not negate the inherent danger of unserializing untrusted data. Further investigation into how user-supplied data reaches the unserialize function would be prudent.",[191,194,197],{"reason":192,"points":193},"Use of unserialize without capability checks",18,{"reason":195,"points":196},"Improper output escaping (55% unescaped)",5,{"reason":198,"points":11},"Lack of capability checks on entry points","2026-03-17T00:13:21.234Z",{"wat":201,"direct":206},{"assetPaths":202,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[],[],[],[],{"cssClasses":207,"htmlComments":209,"htmlAttributes":210,"restEndpoints":224,"jsGlobals":225,"shortcodeOutput":227},[208],"recommend_by_mail_widget",[],[211,212,213,214,215,216,217,218,219,220,221,222,223],"id=\"rbm_title\"","name=\"rbm_title\"","id=\"rbm_url\"","name=\"rbm_url\"","id=\"rbm_subject\"","name=\"rbm_subject\"","id=\"rbm_content\"","name=\"rbm_content\"","id=\"rbm_limit\"","name=\"rbm_limit\"","name=\"rbm-email\"","name=\"recommend-by-mail\"","id=\"rbm-warning\"",[],[226],"var recommend_by_mail_widget",[]]