[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwDGIXgtfXXDtFlFs8JcomQcJLlp2V1LEz_y4HKHG7a8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":136,"fingerprints":236},"reve-dynamic-widget","Reve Dynamic Widget","1.7.0","Fernando García","https:\u002F\u002Fprofiles.wordpress.org\u002Fpromostudio\u002F","\u003Cp>Reve Dynamic Widget is a extended WordPress text widget that evaluates any content type (text, HTML, Javascript, PHP or shortcodes) and shows it in the posts and pages you want.\u003C\u002Fp>\n\u003Cp>It is totally free, very light-weight, fast, easy to use and versatile.\u003C\u002Fp>\n\u003Cp>This plugin is translation ready (pot file included) and translated to spanish. Translations to other languages are welcome.\u003C\u002Fp>\n\u003Ch3>Editor features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The “Show title” option allows you to show or hide the widget title in the frontend.\u003C\u002Fli>\n\u003Cli>As the core text widget, you can format the content with the “Add paragraphs automatically” option.\u003C\u002Fli>\n\u003Cli>You can enter only text as content, or any HTML, CSS, Javascript and\u002For PHP code.\u003C\u002Fli>\n\u003Cli>Also you can enter any shortcode that you normally use in your posts or pages.\u003C\u002Fli>\n\u003Cli>Activate the “Evaluate content with PHP” option to enable the PHP interpreter.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Filter options\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Show or hide the widget by template options: show in front page, blog page, posts, pages, archive, search and error pages.\u003C\u002Fli>\n\u003Cli>Use the “Exclude posts or pages” option to hide the widget in certain posts or pages, when show in post and\u002For in pages are activated.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>To insert PHP code\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>PHP code must be correct and used within the open and close PHP tags: \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Note that any PHP code is executed in the scope of a PHP function, but you can do almost everything that you can do with PHP. So only administrators with PHP knowledges must use this feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin uses the native PHP \u003Ccode>eval()\u003C\u002Fcode> function with the error control operator \u003Ccode>@\u003C\u002Fcode>, to prevent error messages and broken pages. So if you don’t see your PHP output it is probably because your code have mistakes.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>And don’t forget to activate the “Evaluate with PHP” option, that is disabled by default.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Need help?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>For help use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Freve-dynamic-widget\u002F\" rel=\"ugc\">WordPress Support\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Also you can \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Freve-dynamic-widget\u002Freviews\u002F#new-post\" rel=\"ugc\">write a review\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Freve-dynamic-widget\u002Freviews\u002F\" rel=\"ugc\">If you like this plugin, give us a five stars rating clicking here.\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.promostudio.es\u002Fsupport-revedw\" rel=\"nofollow ugc\">If you make this plugin profitable, give us any Paypal donation clicking here.\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Add any text, HTML, CSS, Javascript and\u002For PHP code, and show it in the pages you want.",10,1812,100,3,"2021-02-01T23:38:00.000Z","5.6.0","4.0","5.6",[20,21,22,23],"html-widget","php-widget","text-widget","widget","https:\u002F\u002Fpromostudio.es","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freve-dynamic-widget.1.7.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"promostudio",1,30,84,"2026-04-04T15:58:09.674Z",[38,57,75,97,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":27,"num_ratings":27,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":55,"download_link":56,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"class-widget-ats-text","widget text class ats","8.8.5","mishaATs","https:\u002F\u002Fprofiles.wordpress.org\u002Faleksats\u002F","\u003Cp>Простой текстовый виджет позволит вам запускать PHP и шорткод (shortcode) сразу после активации плагина widget text class ats (WordPress виджет по умолчанию этого не позволяет!)- widget text class ats совместим с новыми виджетами! Удобный вариант классического текстового виджета (без редакторов) после обновления WordPress 4.8.\u003Cbr \u002F>\nA simple text widget will allow you to run PHP and short code (shortcode), immediately after activation of the plugin widget text class ats (in WordPress 4.8 editors added!) – Compatibility with new widgets!\u003Cbr \u002F>\nA convenient way to install classic text widget (without editors after updating WordPress with 4.8)\u003C\u002Fp>\n\u003Ch3>Tags\u003C\u002Fh3>\n\u003Cp>is PHP in widgets, text php editor, text php widget, simple php text widget, widget text class ats\u003C\u002Fp>\n\u003Ch3>8.8.5\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>8.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>8.0\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.9\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.8\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.9.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.7\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.5\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.8.4\u003C\u002Fh3>\n\u003Cp>prevention, fixed minor bugs\u003C\u002Fp>\n\u003Ch3>7.7.7\u003C\u002Fh3>\n\u003Cp>prevention\u003C\u002Fp>\n\u003Ch3>7.7.5\u003C\u002Fh3>\n\u003Cp>prevention\u003C\u002Fp>\n\u003Ch3>7.7.3\u003C\u002Fh3>\n\u003Cp>prevention and tested with WordPress version 4.9\u003C\u002Fp>\n\u003Ch3>7.4.8\u003C\u002Fh3>\n\u003Cp>Added folder for extensions mih-alica and files\u003C\u002Fp>\n\u003Ch3>7.4.7\u003C\u002Fh3>\n\u003Cp>Now (2) the plugin knows himself to work out the php code in the widget and work with shortcode!!\u003Cbr \u002F>\nadded file 2 and folder mih-alica\u003C\u002Fp>\n\u003Ch4>0.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ADD: Russian localization\u003C\u002Fli>\n\u003C\u002Ful>\n","Простой текстовый виджет позволит вам запускать PHP и шорткод (shortcode) сразу после активации плагина widget text class ats (WordPress виджет по умо …",80,4354,"2025-12-13T05:09:00.000Z","6.9.4","3.0",[52,53,54,22],"is-php-in-widgets","text-php-editor","text-php-widget","https:\u002F\u002Fmihalica.ru\u002Fproduct\u002Fplagin-mats-widget-privyichnyiy-tekstovyiy-vidzhet-bez-redaktora\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclass-widget-ats-text.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":71,"download_link":74,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"classic-text-widget","Classic Text Widget","1.0.1","Victor Font","https:\u002F\u002Fprofiles.wordpress.org\u002Fvfontj\u002F","\u003Cp>Brings back the classic WordPress text widget without TinyMCE. This is based on the code from WordPress Ver. 4.7.5\u003C\u002Fp>\n\u003Cp>Functionality is exactly the same as the pre-version 4.8 text widget. Additional default functionality includes shortcode execution and custom class filter.\u003C\u002Fp>\n\u003Cp>Note: This widget uses PHP namespaces to prevent conflicts with other widgets of a similar nature. PHP namespaces are only supported in PHP Version 5.3.0 and higher. If your site uses a PHP version earlier than 5.3.0, do not install this widget unless your PHP version is upgraded first.\u003C\u002Fp>\n","The classic pre-WordPress version 4.8 text widget",2000,20397,15,"2019-04-29T17:05:00.000Z","5.2.24","4.8","",[58,73,22],"text","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassic-text-widget.1.0.2.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":71,"tags":90,"homepage":95,"download_link":96,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gabfire-widget-pack","Gabfire Widget Pack","1.4.14","Gabfire","https:\u002F\u002Fprofiles.wordpress.org\u002Fgabfire\u002F","\u003Cp>The Gabfire Widget Pack is a feature-packed plugin that adds the most commonly used widgets to your site. Rather than having to download several plugins by various authors, this plugin bundles together the most popular widgets.\u003C\u002Fp>\n\u003Cp>It is maintained by the folks over at http:\u002F\u002Fwww.gabfirethemes.com\u003C\u002Fp>\n\u003Cp>Below are the steps required to install, activate, and configure the Gabfire Widget Pack.\u003C\u002Fp>\n\u003Ch4>Widget: Video Slider\u003C\u002Fh4>\n\u003Cp>Get most recent videos addedto your site and display it in a widget zone with a nicely formed slider\u003C\u002Fp>\n\u003Ch4>Widget: Simple Banner\u003C\u002Fh4>\n\u003Cp>A very easy way to add banners into widget zones.\u003C\u002Fp>\n\u003Ch4>Widget: Archive Search\u003C\u002Fh4>\n\u003Cp>Give your users the option to search to their heart’s content. This powerful widget provides 3 methods to search:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>By Archive Month\u003C\u002Fli>\n\u003Cli>By Category\u003C\u002Fli>\n\u003Cli>By Keyword using Google Search\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This is great widget for content-heavy sites.\u003C\u002Fp>\n\u003Ch4>Widget: Search\u003C\u002Fh4>\n\u003Cp>Your visitors need a search function to explore your site. Luckily, this widget gives you two functional styles to choose from that can be placed into any widget zone.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set your label\u003C\u002Fli>\n\u003Cli>Set your style and background\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Search is not dead!\u003C\u002Fp>\n\u003Ch4>Widget: Post Tabs\u003C\u002Fh4>\n\u003Cp>A sleek Ajax tabs widget that offers a convenient way to showcase your content. You can choose from 3 types of tabs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recent Posts\u003C\u002Fli>\n\u003Cli>Recent Comments\u003C\u002Fli>\n\u003Cli>Popular Posts (based on tags)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, the Post Tabs widget offers a light and dark color scheme, ability to show post meta details and avatars, and choose the number of posts to display.\u003C\u002Fp>\n\u003Ch4>Widget: Author Badge\u003C\u002Fh4>\n\u003Cp>Give credit where it’s due with this unique Author Badge that showcases the following details neatly: author’s bio, a link to their posts, as well as their social media pages.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Author’s Bio\u003C\u002Fli>\n\u003Cli>Author’s Gravatar (if any)\u003C\u002Fli>\n\u003Cli>Author’s social media links\u003C\u002Fli>\n\u003Cli>Link to Author’s Posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Author badge shows at single post and author pages only. This badge will not shown if Author bio is left empty. Go to User profile page to enter Facebook, Twitter, Google+, and Author website URL details.\u003C\u002Fp>\n\u003Ch4>Widget: Related Posts\u003C\u002Fh4>\n\u003Cp>Enhance your site’s page views by adding related posts to your articles. This widget uses tags to identify related posts and provides you the option to display them with thumbnails, or as a list.\u003C\u002Fp>\n\u003Ch4>Widget: Text+ Widget\u003C\u002Fh4>\n\u003Cp>A slight twist on the original. This text widget gives you the ability to have an icon and button that links to any post or page of your choice.\u003C\u002Fp>\n\u003Cp>For more details, visit \u003Ca href=\"http:\u002F\u002Fwww.gabfirethemes.com\" title=\"Best WordPress Themes\" rel=\"nofollow ugc\">Gabfire Themes\u003C\u002Fa>.\u003C\u002Fp>\n","The Gabfire Widget Pack contains over a dozen useful widgets to extend your WordPress site. It is a free plugin that will work with ANY theme.",700,96102,88,13,"2021-02-15T22:57:00.000Z","5.6.17","5.1",[91,92,93,94,22],"about-us","author-badge","post-tabs","related-posts","https:\u002F\u002Fwww.gabfire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgabfire-widget-pack.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":71,"tags":112,"homepage":115,"download_link":116,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"call-to-action-widget","Call to Action Widget","1.1","Charlie Strickler","https:\u002F\u002Fprofiles.wordpress.org\u002Fcharliestricklergmailcom\u002F","\u003Cp>A modified version of the standard WordPress text widget.  In addition to a title and textarea\u002Fhtml field the CTA widget includes an image URL that can be positioned above or below the title, a button text field and a button URL field.  CTA widget is short for “Call to Action” widget.  We frequently see website designs with 3 columns of widgets on the home page.  Frequently these buckets or widgets utilize an image, title, description, and call to action button.  This widget makes it easier for beginners to change the content of these blocks without editing HTML.\u003C\u002Fp>\n\u003Cp>Read more about this widget on \u003Ca href=\"http:\u002F\u002Fwordpress.boomvisibility.com\u002Fcta-widget\u002F\" rel=\"nofollow ugc\">wordpress.boomvisibility.com\u003C\u002Fa>\u003C\u002Fp>\n","A simple text widget with Title, Image URL, A text\u002Fhtml area, Link Text and Link URL.  This simple widget is often used for a call to action widget.",200,13953,94,6,"2013-12-10T00:00:00.000Z","3.7.41","3.0.2",[98,113,114,22],"cta-widget","image-widget","http:\u002F\u002Fwww.boomvisibility.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-to-action-widget.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":13,"downloaded":125,"rating":13,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":71,"tags":130,"homepage":134,"download_link":135,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"allow-javascript-in-text-widgets","Allow Javascript in Text Widgets","0.3","Philip John","https:\u002F\u002Fprofiles.wordpress.org\u002Fphilipjohn\u002F","\u003Cp>Replaces the default text widget with one that allows Javascript so you can do basic things like add Google Ads to your sidebar without using other plugins.\u003C\u002Fp>\n\u003Cp>Important: It’s only intended for Multisite. If you use it in standard WordPress and it doesn’t work or breaks something don’t expect any sympathy.\u003C\u002Fp>\n","Replaces the default text widget with one that allows Javascript so you can do basic things like add Google Ads to your sidebar without using other pl …",11242,2,"2014-09-03T20:15:00.000Z","4.0.38","3.2.1",[131,132,133,22,23],"filter","javascript","kses","http:\u002F\u002Fphilipjohn.co.uk\u002F#pj-better-multisite-text-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fallow-javascript-in-text-widgets.0.3.zip",{"attackSurface":137,"codeSignals":157,"taintFlows":224,"riskAssessment":225,"analyzedAt":235},{"hooks":138,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":27,"unprotectedCount":27},[139,145,149],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","widgets_init","revedw_register_widgets","reve-dynamic-widget.php",32,{"type":140,"name":146,"callback":147,"file":143,"line":148},"plugins_loaded","revedw_load_textdomain",50,{"type":140,"name":150,"callback":151,"priority":11,"file":143,"line":152},"upgrader_process_complete","revedw_check_upgrade",69,[],[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":223},[],{"prepared":27,"raw":27,"locations":160},[],{"escaped":27,"rawEcho":34,"locations":162},[163,167,169,171,173,174,176,178,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221],{"file":164,"line":165,"context":166},"reve-dynamic-widget-class.php",60,"raw output",{"file":164,"line":168,"context":166},61,{"file":164,"line":170,"context":166},71,{"file":164,"line":172,"context":166},72,{"file":164,"line":85,"context":166},{"file":164,"line":175,"context":166},89,{"file":164,"line":177,"context":166},99,{"file":164,"line":13,"context":166},{"file":164,"line":180,"context":166},111,{"file":164,"line":182,"context":166},112,{"file":164,"line":184,"context":166},129,{"file":164,"line":186,"context":166},130,{"file":164,"line":188,"context":166},141,{"file":164,"line":190,"context":166},142,{"file":164,"line":192,"context":166},153,{"file":164,"line":194,"context":166},154,{"file":164,"line":196,"context":166},165,{"file":164,"line":198,"context":166},166,{"file":164,"line":200,"context":166},177,{"file":164,"line":202,"context":166},178,{"file":164,"line":204,"context":166},189,{"file":164,"line":206,"context":166},190,{"file":164,"line":208,"context":166},201,{"file":164,"line":210,"context":166},202,{"file":164,"line":212,"context":166},218,{"file":164,"line":214,"context":166},219,{"file":164,"line":216,"context":166},361,{"file":164,"line":218,"context":166},366,{"file":164,"line":220,"context":166},383,{"file":164,"line":222,"context":166},388,[],[],{"summary":226,"deductions":227},"The 'reve-dynamic-widget' plugin version 1.7.0 exhibits a concerning security posture primarily due to a significant lack of output escaping. While the static analysis indicates no dangerous functions, raw SQL queries (though prepared), file operations, or external HTTP requests, the fact that 100% of its 30 output points are unescaped is a major red flag. This creates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through the plugin's output. The absence of any identified CVEs or past vulnerabilities is positive, but it cannot offset the critical risk posed by the unescaped output, which could be exploited even without a known vulnerability history.\n\nThe plugin's attack surface is minimal, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events, which is generally a good practice for reducing potential entry points. However, the lack of explicit capability checks or nonce checks, combined with the unescaped output, suggests a potential oversight in securing user-facing data. In conclusion, while the plugin avoids common pitfalls like dangerous functions or raw SQL, the pervasive issue of unescaped output makes it a significant XSS risk. Future development should prioritize robust output sanitization to improve its security.",[228,230,233],{"reason":229,"points":67},"All output is unescaped",{"reason":231,"points":232},"No capability checks",5,{"reason":234,"points":232},"No nonce checks","2026-03-17T00:56:08.510Z",{"wat":237,"direct":243},{"assetPaths":238,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[],[],[],[242],"reve-dynamic-widget\u002Freve-dynamic-widget.php?ver=1.7.0",{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[],[],[],[],[],[]]