[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOrUL15vff6ynJrF1mO_xkTZ53LWBMf-_Dnp7BlDE8qA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":77,"fingerprints":210},"show-some-love-kikicoza","Show Some Love from kiki.co.za","1.1.1","14850842","https:\u002F\u002Fprofiles.wordpress.org\u002F14850842-1\u002F","\u003Cp>This plugin remembers the details of each person you have added so you don’t have to retype all the details in each post and displays it below the relevant posts. We make it easy to show some love.\u003C\u002Fp>\n\u003Cp>Major Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Keeps a database of the providers you previously used\u003C\u002Fli>\n\u003Cli>Links and categories are auto filled\u003C\u002Fli>\n\u003Cli>Add and remove multiple provider with ease\u003C\u002Fli>\n\u003Cli>Automatically appended to content\u003C\u002Fli>\n\u003Cli>Set the show some love header\u003C\u002Fli>\n\u003Cli>Open links in new window\u003C\u002Fli>\n\u003Cli>Custom CSS\u003C\u002Fli>\n\u003Cli>Display links in lists or inline\u003C\u002Fli>\n\u003C\u002Ful>\n","Show some love to the people who make it possible to do what you do.",10,1487,0,"2013-01-09T14:53:00.000Z","3.5.2","3.0","",[19,20,21],"content-links","link-love","link-to-providers","http:\u002F\u002Fwww.kiki.co.za\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-some-love-kikicoza.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"14850842-1",1,30,84,"2026-04-04T02:30:01.394Z",[35,58],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":17,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"add-anchor-links","Add Anchor Links","1.0.4","Karolina Vyskocilova","https:\u002F\u002Fprofiles.wordpress.org\u002Fvyskoczilova\u002F","\u003Cp>Creates anchor links to heading tags in the content of selected posts, just like Github does within the Readme.md files.\u003C\u002Fp>\n\u003Cp>Get involved and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvyskoczilova\u002Fadd-anchor-links\" rel=\"nofollow ugc\">join Github\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Select post type where the anchor links will be added.\u003C\u002Fli>\n\u003Cli>Disable CSS.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>PHP PHP 7 & PHP 8\u003C\u002Fli>\n\u003C\u002Ful>\n","Creates anchor links to heading tags in the content of selected posts, just like Github does within the Readme.md files.",1000,18750,94,6,"2024-11-05T11:35:00.000Z","6.7.5","4.8","7.1",[52,53,54,19,55],"anchor","anchor-links","content","headings","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-anchor-links.1.0.4.zip",92,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":17,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":76},"auto-anchor-links","Auto Anchor List","1.0","mindwiremedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fmindwiremedia\u002F","\u003Cp>Creates anchor links to heading tags in the content and displays them automatically at the top of the content, or allows for custom placement with tags or sidebar widget.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n    1. Has option to auto display anchor links to Heading tags in content.\u003Cbr \u002F>\n    2. Allows control of which content to auto display links.\u003Cbr \u002F>\n    3. Can disable plugin css to allow custom styles to be applied.\u003Cbr \u002F>\n    4. Has widget available for display\u003Cbr \u002F>\n    5. Insert custom title to display above links\u003Cbr \u002F>\n    6. Clears all traces from any excerpts displayed\u003C\u002Fp>\n","Creates anchor links to heading tags in the content and displays automatically at the top of the content, or allows for custom placement with tags.",50,5035,90,2,[53,54,19,71,72],"links","sidebar","http:\u002F\u002Fwww.mindwiremedia.net\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fauto-anchor-list-wordpress-plugin-home\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-anchor-links.zip",100,"2026-03-15T10:48:56.248Z",{"attackSurface":78,"codeSignals":127,"taintFlows":164,"riskAssessment":200,"analyzedAt":209},{"hooks":79,"ajaxHandlers":119,"restRoutes":120,"shortcodes":121,"cronEvents":126,"entryPointCount":30,"unprotectedCount":13},[80,86,90,94,98,102,106,111,115],{"type":81,"name":82,"callback":83,"file":84,"line":85},"action","admin_menu","sp_opt_add_page","show-some-love-plugin.php",35,{"type":81,"name":87,"callback":88,"file":84,"line":89},"admin_init","sp_opt_do_action",42,{"type":81,"name":91,"callback":92,"file":84,"line":93},"admin_notices","sp_opt_message",58,{"type":81,"name":95,"callback":96,"file":84,"line":97},"add_meta_boxes","dynamic_add_custom_box",71,{"type":81,"name":99,"callback":100,"file":84,"line":101},"save_post","dynamic_save_postdata",72,{"type":81,"name":103,"callback":104,"file":84,"line":105},"admin_head","sp_vendors_css",215,{"type":107,"name":108,"callback":109,"file":84,"line":110},"filter","the_content","sp_content",270,{"type":81,"name":112,"callback":113,"file":84,"line":114},"wp_head","sp_wp_stylesheets",322,{"type":81,"name":116,"callback":117,"file":84,"line":118},"init","sp_load_my_scripts",331,[],[],[122],{"tag":123,"callback":124,"file":84,"line":125},"show-some-love","show_some_love_sc",313,[],{"dangerousFunctions":128,"sqlUsage":139,"outputEscaping":141,"fileOperations":13,"externalRequests":13,"nonceChecks":30,"capabilityChecks":30,"bundledLibraries":163},[129,133,136],{"fn":130,"file":84,"line":131,"context":132},"unserialize",87,"$auto_arr = unserialize(get_option('sp_auto_suggest_list'));",{"fn":130,"file":84,"line":134,"context":135},128,"var projects = [\u003C?php $auto_arr = unserialize(get_option('sp_auto_suggest_list'));",{"fn":130,"file":84,"line":137,"context":138},196,"$arr_auto_sugg = unserialize($auto_sugg);",{"prepared":13,"raw":13,"locations":140},[],{"escaped":13,"rawEcho":11,"locations":142},[143,146,148,150,152,153,155,157,159,161],{"file":84,"line":144,"context":145},93,"raw output",{"file":84,"line":147,"context":145},112,{"file":84,"line":149,"context":145},125,{"file":84,"line":151,"context":145},135,{"file":84,"line":151,"context":145},{"file":84,"line":154,"context":145},163,{"file":84,"line":156,"context":145},218,{"file":84,"line":158,"context":145},219,{"file":84,"line":160,"context":145},319,{"file":84,"line":162,"context":145},320,[],[165,184],{"entryPoint":166,"graph":167,"unsanitizedCount":13,"severity":183},"sp_opt_do_action (show-some-love-plugin.php:45)",{"nodes":168,"edges":180},[169,174],{"id":170,"type":171,"label":172,"file":84,"line":173},"n0","source","$_REQUEST (x4)",51,{"id":175,"type":176,"label":177,"file":84,"line":178,"wp_function":179},"n1","sink","update_option() [Settings Manipulation]",53,"update_option",[181],{"from":170,"to":175,"sanitized":182},true,"low",{"entryPoint":185,"graph":186,"unsanitizedCount":13,"severity":183},"\u003Cshow-some-love-plugin> (show-some-love-plugin.php:0)",{"nodes":187,"edges":197},[188,189,190,193],{"id":170,"type":171,"label":172,"file":84,"line":173},{"id":175,"type":176,"label":177,"file":84,"line":178,"wp_function":179},{"id":191,"type":171,"label":192,"file":84,"line":66},"n2","$_REQUEST",{"id":194,"type":176,"label":195,"file":84,"line":162,"wp_function":196},"n3","echo() [XSS]","echo",[198,199],{"from":170,"to":175,"sanitized":182},{"from":191,"to":194,"sanitized":182},{"summary":201,"deductions":202},"The 'show-some-love-kikicoza' plugin version 1.1.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries, employing nonce and capability checks on its single identified entry point (a shortcode), and having no known historical vulnerabilities.  Furthermore, the taint analysis found no unsanitized flows, indicating that data handled by the plugin is likely being treated with appropriate security measures.\n\nHowever, significant concerns arise from the static code analysis. The presence of the `unserialize` function three times is a critical red flag.  If the data being unserialized is not strictly controlled and comes from an untrusted source, it can lead to arbitrary object injection vulnerabilities. Additionally, a notable weakness is that 100% of the plugin's output is not properly escaped. This exposes the plugin to cross-site scripting (XSS) vulnerabilities, where malicious scripts could be injected into the frontend of a WordPress site.\n\nGiven the lack of historical vulnerabilities, it suggests the plugin developers may be diligent. However, the identified code-level risks, particularly the unserialize function and unescaped output, represent immediate threats that require attention. The plugin's limited attack surface and the presence of basic authentication checks are mitigating factors, but the core issues of unserialization and output sanitization must be addressed to ensure a secure implementation.",[203,206],{"reason":204,"points":205},"Dangerous function: unserialize used",15,{"reason":207,"points":208},"Output escaping: 100% unescaped",8,"2026-03-17T00:55:28.199Z",{"wat":211,"direct":220},{"assetPaths":212,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[213,214,215],"\u002Fwp-content\u002Fplugins\u002Fshow-some-love-kikicoza\u002Fjs\u002Fjquery-ui.min.js","\u002Fwp-content\u002Fplugins\u002Fshow-some-love-kikicoza\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fshow-some-love-kikicoza\u002Fjs\u002Fsp-admin.js",[],[213,215],[219],"show-some-love-kikicoza\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":221,"htmlComments":230,"htmlAttributes":231,"restEndpoints":241,"jsGlobals":242,"shortcodeOutput":244},[222,223,224,225,226,227,228,229],"meta-category","meta-name","metabox_names","metabox_desc","metaboxes_table","input_text","meta-link","sp-meta",[],[232,233,234,235,236,237,238,239,240],"sp-target","sp-style","sp-custom","sp-display","sp_vendors","sp_head","sp-head","dynamicMeta_noncename","sp_auto_suggest_list",[],[243],"jQuery",[]]