[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-6lXBRjt8TSjFf7D7_sHqy7aFw1O2ymiThpd0H9_wT0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":59,"crawl_stats":37,"alternatives":66,"analysis":67,"fingerprints":212},"show-all-comments-in-one-page","Show All Comments","7.0.1","AppJetty","https:\u002F\u002Fprofiles.wordpress.org\u002Fbiztechc\u002F","\u003Cp>Plugin’s settings will display at Settings > BT Comments\u003C\u002Fp>\n\u003Col>\n\u003Cli>This plugin is useful for displaying all comments in one single page.\u003C\u002Fli>\n\u003Cli>You can displaying all the comments which are in posts or pages. For that you must choose pages or Posts at settings.\u003C\u002Fli>\n\u003Cli>Using related short code all the comments will displaying on assigned page.\u003C\u002Fli>\n\u003Cli>Short code is : [bt_comments]\u003C\u002Fli>\n\u003Cli>You can override admin setings in different page by using parameters with shortcode like:  pagination=yes\u002Fno , comments_per_page={number} and display_filter=yes\u002Fno.\u003C\u002Fli>\n\u003Cli>You can apply this short code into page\u002Fpost’s editor or also can add into PHP file.\u003Cbr \u002F>\nLike\n   \u003C\u002Fli>\n\u003Cli>You can also exclude pages or posts for which you dont want to show comments.\u003C\u002Fli>\n\u003Cli>Comments will displaying into pagination format if you select pagination option into setting. \u003C\u002Fli>\n\u003Cli>On front side there will be filter to search comments by post\u002Fcategories on front side.You can enable\u002Fdisable this filter from admin settings page.\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin displays all the comments received on your various posts in a single page with filter, enabling the readers to read all the comments in a  …",500,16379,78,14,"2022-12-21T05:55:00.000Z","6.1.10","3.6.1","",[20,21,22,23,24],"all-comments-in-one-page","comments-filter","eazy-comments-management","manage-all-comments-in-one-page","show-all-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-all-comments-in-one-page.zip",62,2,1,"2025-05-07 00:00:00","2026-03-15T15:16:48.613Z",[32,46],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-47607","show-all-comments-authenticated-administrator-stored-cross-site-scripting","Show All Comments \u003C= 7.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Show All Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=7.0.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-13 14:25:34",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2eb2adf2-127a-48cc-8908-8413f81ccf14?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":51,"patched_in_version":6,"severity":39,"cvss_score":52,"cvss_vector":53,"vuln_type":42,"published_date":54,"updated_date":55,"references":56,"days_to_patch":58},"CVE-2022-4295","show-all-comments-reflected-cross-site-scripting","Show All Comments \u003C= 7.0.0 - Reflected Cross-Site Scripting","The Show All Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sac_posts' parameter in versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=7.0.0",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-12-23 00:00:00","2024-01-22 19:56:02",[57],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fba385261-bee2-491d-9b31-a1624d740dff?source=api-prod",396,{"slug":60,"display_name":7,"profile_url":8,"plugin_count":61,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":58,"trust_score":64,"computed_at":65},"biztechc",8,820,84,68,"2026-04-04T06:09:57.041Z",[],{"attackSurface":68,"codeSignals":111,"taintFlows":166,"riskAssessment":192,"analyzedAt":211},{"hooks":69,"ajaxHandlers":94,"restRoutes":103,"shortcodes":104,"cronEvents":109,"entryPointCount":110,"unprotectedCount":27},[70,76,80,86,90],{"type":71,"name":72,"callback":73,"file":74,"line":75},"action","admin_menu","bt_comments_create_menu","bt-comments.php",9,{"type":71,"name":77,"callback":78,"file":74,"line":79},"admin_init","register_bt_comments_settings",17,{"type":81,"name":82,"callback":83,"priority":84,"file":74,"line":85},"filter","comments_clauses","wpse_121051",10,310,{"type":71,"name":87,"callback":88,"file":74,"line":89},"wp_enqueue_scripts","sac_wp_enqueue_styles_and_scripts",603,{"type":81,"name":91,"callback":92,"file":74,"line":93},"pre_option_page_comments","__return_true",630,[95,100],{"action":96,"nopriv":97,"callback":98,"hasNonce":97,"hasCapCheck":97,"file":74,"line":99},"sac_post_type_call",false,"sac_post_type_call_callback",548,{"action":96,"nopriv":101,"callback":98,"hasNonce":97,"hasCapCheck":97,"file":74,"line":102},true,549,[],[105],{"tag":106,"callback":107,"file":74,"line":108},"bt_comments","custom_comments",241,[],3,{"dangerousFunctions":112,"sqlUsage":113,"outputEscaping":123,"fileOperations":114,"externalRequests":114,"nonceChecks":114,"capabilityChecks":114,"bundledLibraries":165},[],{"prepared":114,"raw":110,"locations":115},0,[116,119,121],{"file":74,"line":117,"context":118},370,"$wpdb->get_results() with variable interpolation",{"file":74,"line":120,"context":118},384,{"file":74,"line":122,"context":118},397,{"escaped":124,"rawEcho":125,"locations":126},12,21,[127,130,131,132,134,136,138,140,142,144,146,147,149,150,152,154,156,158,160,162,163],{"file":74,"line":128,"context":129},81,"raw output",{"file":74,"line":128,"context":129},{"file":74,"line":128,"context":129},{"file":74,"line":133,"context":129},112,{"file":74,"line":135,"context":129},137,{"file":74,"line":137,"context":129},146,{"file":74,"line":139,"context":129},160,{"file":74,"line":141,"context":129},178,{"file":74,"line":143,"context":129},580,{"file":74,"line":145,"context":129},589,{"file":74,"line":145,"context":129},{"file":74,"line":148,"context":129},593,{"file":74,"line":148,"context":129},{"file":74,"line":151,"context":129},643,{"file":74,"line":153,"context":129},646,{"file":74,"line":155,"context":129},651,{"file":74,"line":157,"context":129},655,{"file":74,"line":159,"context":129},661,{"file":74,"line":161,"context":129},670,{"file":74,"line":161,"context":129},{"file":74,"line":164,"context":129},677,[],[167,183],{"entryPoint":168,"graph":169,"unsanitizedCount":28,"severity":39},"sac_post_type_call_callback (bt-comments.php:551)",{"nodes":170,"edges":181},[171,176],{"id":172,"type":173,"label":174,"file":74,"line":175},"n0","source","$_REQUEST",553,{"id":177,"type":178,"label":179,"file":74,"line":143,"wp_function":180},"n1","sink","echo() [XSS]","echo",[182],{"from":172,"to":177,"sanitized":97},{"entryPoint":184,"graph":185,"unsanitizedCount":28,"severity":191},"\u003Cbt-comments> (bt-comments.php:0)",{"nodes":186,"edges":189},[187,188],{"id":172,"type":173,"label":174,"file":74,"line":175},{"id":177,"type":178,"label":179,"file":74,"line":143,"wp_function":180},[190],{"from":172,"to":177,"sanitized":97},"low",{"summary":193,"deductions":194},"The \"show-all-comments-in-one-page\" plugin version 7.0.1 presents a significant security risk.  The static analysis reveals a concerning lack of input validation and authorization checks. Two AJAX handlers are exposed without any authentication, creating a direct attack vector. Furthermore, all three SQL queries are executed without prepared statements, leaving the plugin vulnerable to SQL injection attacks. The taint analysis also indicates flows with unsanitized paths, although no critical or high severity issues were found in this specific analysis. The plugin's vulnerability history is a major red flag, with two known CVEs, one of which remains unpatched. The prevalence of Cross-site Scripting vulnerabilities in its history suggests a pattern of insufficient output escaping and improper input neutralization.",[195,198,200,202,205,207,209],{"reason":196,"points":197},"Unpatched CVE",15,{"reason":199,"points":84},"AJAX handlers without auth checks",{"reason":201,"points":84},"Raw SQL queries without prepare",{"reason":203,"points":204},"Low percentage of properly escaped output",5,{"reason":206,"points":84},"Missing nonce checks on AJAX",{"reason":208,"points":204},"Missing capability checks",{"reason":210,"points":204},"Flows with unsanitized paths","2026-03-16T19:37:53.081Z",{"wat":213,"direct":222},{"assetPaths":214,"generatorPatterns":217,"scriptPaths":218,"versionParams":219},[215,216],"\u002Fwp-content\u002Fplugins\u002Fshow-all-comments-in-one-page\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fshow-all-comments-in-one-page\u002Fjs\u002Fbt_script.js",[],[216],[220,221],"show-all-comments-in-one-page\u002Fstyle.css?ver=","show-all-comments-in-one-page\u002Fjs\u002Fbt_script.js?ver=",{"cssClasses":223,"htmlComments":224,"htmlAttributes":225,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":239},[],[],[226,227,228,229,230,231,232,233,234,235,236],"name=\"bt_post_type[]\"","name=\"bt_pagination\"","name=\"bt_comments_per_page\"","name=\"bt_exclude_post\"","name=\"biztech_sac_avatar\"","name=\"biztech_show_date\"","name=\"biztech_open_new_tab\"","name=\"biztech_comments_order\"","name=\"bt_display_filter\"","name=\"bt_show_post_link\"","name=\"bt_show_comment_link\"",[],[],[]]