[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBZEXmbQj3PWzKkO6O1HVvF51nWPQK596jL7KFD56JXQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":138,"fingerprints":207},"site-announcements","Site Announcements","1.0.4","Edward","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpnook\u002F","\u003Cp>Site Announcements allows you to broadcast site-wide messages to your visitors, as well as set custom parameters for the messages,\u003Cbr \u002F>\nsuch as the background and text color, and how long a user-hidden announcement should be hidden from users.\u003C\u002Fp>\n\u003Cp>By default, announcements will open in a slide-down modal (showing the announcement content). Alternatively, each announcement can be configured to point to an internal or external URL. Announcements with no URL and no content will simply display user-selected text, which can be handy for broadcasting things like coupon codes or important messages to users.\u003C\u002Fp>\n\u003Cp>Plays well with the WordPress Admin Toolbar and is mobile-friendly. Has been tested with 100+ WordPress themes and should work well on all themes. If you have theme compatibility issues, please post a support thread or contact me.\u003C\u002Fp>\n\u003Cp>The plugin’s font sizes and families are inherited from the theme. If you wish to make adjustments to the announcement bar’s font sizes or types you will need to add custom CSS to override your theme’s styles.\u003C\u002Fp>\n\u003Cp>Site Announcements uses animate.css for the modal transitions and JSCookie for setting a cookie if a user hides a modal.\u003C\u002Fp>\n","Site Announcements allows you to broadcast site-wide messages to your visitors, as well as set custom parameters for the messages, such as the backgro &hellip;",400,7622,90,4,"2019-02-28T03:17:00.000Z","5.1.22","4.0","",[20,21,22,23],"announcements","messages","news","users","https:\u002F\u002Fcodewrangler.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-announcements.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"wpnook",3,410,30,84,"2026-04-05T06:37:41.470Z",[39,61,81,103,121],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":11,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bp-default-data","BuddyPress Default Data","1.4.0","Slava Abakumov","https:\u002F\u002Fprofiles.wordpress.org\u002Fslaffik\u002F","\u003Cp>Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data – useful for testing purpose.\u003C\u002Fp>\n\u003Cp>All imported users will have avatars, generated by 8biticon.com and displayed by Gravatar.\u003C\u002Fp>\n\u003Cp>Please use this plugin with caution and not on a live site! Again, USE FOR TESTING THEMES AND PLUGINGS, NOT ON A STAGING SITE WITH LIVE DATA. Plugin should not mess with your live data, but not guaranteed.\u003C\u002Fp>\n\u003Cp>Clear BuddyPress button will delete all data, that was generated by this plugin: messages, groups, notifications, friends, forum posts, xprofile. Plugin won’t reimport data if clicked twice.\u003C\u002Fp>\n\u003Cp>And turn off email notifications in profile (friendship accepted and messages received) – or you will spam yourself 🙂 Imported users have these settings already turned off.\u003C\u002Fp>\n","Plugin will create lots of users, messages, friends connections, groups, topics, activity items, profile data - useful for testing purpose.",72981,78,22,"2024-11-30T22:53:00.000Z","6.7.5","4.4","5.3",[55,56,57,21,23],"buddypress","groups","import","https:\u002F\u002Fovirium.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-default-data.1.4.0.zip",92,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":13,"downloaded":69,"rating":27,"num_ratings":27,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":79,"download_link":80,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bh-wp-autologin-urls","Magic Emails & Autologin URLs","2.4.2","Brian Henry","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrianhenryie\u002F","\u003Cp>A new “Email Magic Link” button is added to the standard WordPress and WooCommerce login screens. If there is a user\u003Cbr \u002F>\naccount for the username filled out, they will receive an email with a link to log them in without a password.\u003C\u002Fp>\n\u003Cp>All emails sent from WordPress will contain login codes in links pointing back to the website:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comment reply emails\u003C\u002Fli>\n\u003Cli>Abandoned cart emails\u003C\u002Fli>\n\u003Cli>Membership reminder emails\u003C\u002Fli>\n\u003Cli>etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No configuration is required, by default:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Autologin URLs work for one week\u003C\u002Fli>\n\u003Cli>Emails to administrators are excluded\u003C\u002Fli>\n\u003Cli>Emails on exclusion shortlist are not modified\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>An API is available for developers to use autologin codes elsewhere in WordPress, e.g. push notifications, and to conditionally disable the plugin’s use. Code is published on GitHub, uses WordPress Plugin Boilerplate, conforms (mostly) to WordPress Coding Standards, and is unit & integration tested.\u003C\u002Fp>\n","Adds magic email link to login screen. Adds single-use passwords to WordPress emails' URLs for frictionless login.",5034,"2024-05-26T20:43:00.000Z","6.4.8","4.5.0","7.4",[75,76,77,78,23],"email","links","login","newsletter","https:\u002F\u002Fwordpress.org\u002FBrianHenryIE\u002Fbh-wp-autologin-urls","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbh-wp-autologin-urls.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":18,"tested_up_to":93,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":100,"download_link":101,"security_score":91,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":102},"scrolltick","ScrollTick","1.0","uisumo","https:\u002F\u002Fprofiles.wordpress.org\u002Fuisumo\u002F","\u003Cp>ScrollTick allows to add any news to be scrolled on site. It has tons of options where you can scroll the news in horizontal or vertical way.Make use of the shortcodes ,where you can manage all features for every group of news.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Col>\n\u003Cli>All settings can be override via shortcode\u003C\u002Fli>\n\u003Cli>Groupable announcement\u003C\u002Fli>\n\u003Cli>set amount of delay while scrolling\u003C\u002Fli>\n\u003Cli>expiration date for each news \u003C\u002Fli>\n\u003Cli>shorcodes for special features for each group\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Shortcode\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>[scrolltick]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Shortcode Args \u003C\u002Fh3>\n\u003Cpre>\u003Ccode>groups =>  '1,2,3,4' # Enter , seperated term ids\nposts =>  '1,2,3,4' # Enter , seperated post ids\ndelay_before_start =>  100 # Only Numeric values\ndirection => 'up' # UP \u002F LEFT \u002F RIGHT \u002F DOWN\nduplicated =>   'yes' # Yes \u002F No\ngap =>  10 # Only Numeric values\nduration =>  1000 # Only Numeric values And Values are calcuated in ms 1000 means 1000ms\nspeed => 100 # Only Numeric values\npause_on_hover =>  'yes' # Yes \u002F No\npause_on_cycle =>  'yes' # Yes \u002F No\nstart_visible => 'yes' # Yes \u002F No\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This is the simple way to create scrolling text in your website.",40,2284,100,1,"5","3.0",[20,96,97,98,99],"horizontal","news-scroller","scrolling","vertical-news","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fscrolltick\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscrolltick.1.0.zip","2026-03-15T10:48:56.248Z",{"slug":104,"name":105,"version":84,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":36,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":94,"requires_php":18,"tags":115,"homepage":119,"download_link":120,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"responsive-news-announcements","Responsive News & Announcements","Rupok","https:\u002F\u002Fprofiles.wordpress.org\u002Fre_enter_rupok\u002F","\u003Cp>An announcement plugin that shows your announcements\u002Fbreaking news\u002Foffers\u002Fnotice on top of the website.\u003Cbr \u002F>\nStylish show of announcements will attract the eye of your visitors. Fully controlled by date. Best suitable for promotional offers, Notices etc.\u003C\u002Fp>\n\u003Cp>Here you can get more information about this plugin – http:\u002F\u002Fwww.rupok.me\u002Fprojects\u003C\u002Fp>\n","An announcement plugin that shows your announcements\u002Fbreaking news\u002Foffers\u002Fnotice on top of the website.",20,8612,5,"2013-02-05T09:01:00.000Z","3.5.2",[116,20,117,22,118],"announcement","breaking-news","ticker","http:\u002F\u002Fwww.rupok.me\u002Fprojects","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsive-news-announcements.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":91,"num_ratings":33,"last_updated":18,"tested_up_to":131,"requires_at_least":132,"requires_php":73,"tags":133,"homepage":136,"download_link":137,"security_score":91,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":102},"my-newsletter","My Newsletter","2.0.2","Georgijevic","https:\u002F\u002Fprofiles.wordpress.org\u002Fgeorgijevic\u002F","\u003Cp>My Newsletter is a lightweight newsletter plugin focused on a practical use case many site owners need immediately:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>send a campaign to WordPress users,\u003C\u002Fli>\n\u003Cli>send a campaign to commenters,\u003C\u002Fli>\n\u003Cli>optionally target commenters from a specific post,\u003C\u002Fli>\n\u003Cli>queue the campaign and process it in the background,\u003C\u002Fli>\n\u003Cli>include unsubscribe links in every message,\u003C\u002Fli>\n\u003Cli>track basic campaign progress in the admin area.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is intentionally simple and WordPress-native. It relies on \u003Ccode>wp_mail()\u003C\u002Fcode> for sending and WP-Cron for queue processing, which makes it easy to install and use on most shared hosting environments.\u003C\u002Fp>\n\u003Ch4>Core functionality\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Campaign composer (admin screen)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create a newsletter subject and HTML content.\u003C\u002Fli>\n\u003Cli>Use the WordPress editor for message body content.\u003C\u002Fli>\n\u003Cli>Choose recipient source:\u003C\u002Fli>\n\u003Cli>Users + Commenters\u003C\u002Fli>\n\u003Cli>Users only\u003C\u002Fli>\n\u003Cli>Commenters only\u003C\u002Fli>\n\u003Cli>Commenters on a specific post\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Background queue processing\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Recipients are queued in a custom plugin table.\u003C\u002Fli>\n\u003Cli>Sending runs in batches through WP-Cron (instead of trying to send everything in one browser request).\u003C\u002Fli>\n\u003Cli>Reduces the risk of timeouts and broken sends on slower hosting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Test email before full campaign\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send a test message to any email address from the composer screen.\u003C\u002Fli>\n\u003Cli>Uses the same rendering path and unsubscribe footer logic as real sends.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Secure unsubscribe links\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Every email can include an unsubscribe URL.\u003C\u002Fli>\n\u003Cli>Unsubscribe tokens use an HMAC-based signature (derived from WordPress salts).\u003C\u002Fli>\n\u003Cli>Unsubscribed addresses are stored in a dedicated plugin table and skipped in future campaigns.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Template variables (placeholders)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>{{site_name}}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>{{site_url}}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>{{recipient_name}}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>{{recipient_email}}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>{{unsubscribe_url}}\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Settings screen\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>From name\u003C\u002Fli>\n\u003Cli>From email\u003C\u002Fli>\n\u003Cli>Reply-To (optional)\u003C\u002Fli>\n\u003Cli>Max emails per cron run (batch size)\u003C\u002Fli>\n\u003Cli>Footer HTML (appended to outgoing emails)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Basic campaign tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Shows recent campaigns in admin.\u003C\u002Fli>\n\u003Cli>Displays queue progress (total \u002F sent \u002F failed \u002F queued).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How sending works (important)\u003C\u002Fh4>\n\u003Cp>This plugin uses \u003Cstrong>WP-Cron\u003C\u002Fstrong>. WP-Cron runs when your site receives traffic. That means:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>On active sites, sending progresses regularly.\u003C\u002Fli>\n\u003Cli>On low-traffic sites, sending may be slower.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For production use, it is recommended to configure a real server cron that triggers \u003Ccode>wp-cron.php\u003C\u002Fcode> periodically.\u003C\u002Fp>\n\u003Ch4>Email deliverability note\u003C\u002Fh4>\n\u003Cp>My Newsletter sends through \u003Ccode>wp_mail()\u003C\u002Fcode>. Actual delivery quality depends on your hosting and email configuration.\u003C\u002Fp>\n\u003Cp>For best results, use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a real SMTP provider,\u003C\u002Fli>\n\u003Cli>a verified sender domain,\u003C\u002Fli>\n\u003Cli>properly configured SPF \u002F DKIM \u002F DMARC,\u003C\u002Fli>\n\u003Cli>a valid \u003Ccode>From\u003C\u002Fcode> address on your domain.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data storage\u003C\u002Fh4>\n\u003Cp>The plugin creates two custom tables:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wpnl_queue\u003C\u002Fcode> – campaign queue and send status\u003C\u002Fli>\n\u003Cli>\u003Ccode>wpnl_unsub\u003C\u002Fcode> – unsubscribed email addresses\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On uninstall, those plugin tables and plugin options are removed.\u003C\u002Fp>\n","Send newsletters to WordPress users and commenters with background queue processing, test email sending, and secure unsubscribe links.",10,4097,"6.9.4","5.8",[134,135,75,78,23],"bulk-email","commenters","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmy-newsletter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-newsletter.2.0.2.zip",{"attackSurface":139,"codeSignals":172,"taintFlows":199,"riskAssessment":200,"analyzedAt":206},{"hooks":140,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":27,"unprotectedCount":27},[141,147,150,153,156,159,162,164],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","plugins_loaded","anonymous","includes\\class-cw-site-announcements.php",138,{"type":142,"name":148,"callback":144,"file":145,"line":149},"admin_enqueue_scripts",153,{"type":142,"name":151,"callback":144,"file":145,"line":152},"add_meta_boxes",154,{"type":142,"name":154,"callback":144,"file":145,"line":155},"save_post_cw-announcement",155,{"type":142,"name":157,"callback":144,"file":145,"line":158},"init",170,{"type":142,"name":160,"callback":144,"file":145,"line":161},"wp_enqueue_scripts",171,{"type":142,"name":160,"callback":144,"file":145,"line":163},172,{"type":165,"name":166,"callback":144,"file":145,"line":167},"filter","wp_footer",173,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":27,"externalRequests":27,"nonceChecks":92,"capabilityChecks":92,"bundledLibraries":198},[],{"prepared":27,"raw":27,"locations":175},[],{"escaped":177,"rawEcho":178,"locations":179},6,8,[180,184,185,187,189,191,193,195],{"file":181,"line":182,"context":183},"admin\\class-cw-site-announcements-admin.php",87,"raw output",{"file":181,"line":60,"context":183},{"file":181,"line":186,"context":183},98,{"file":181,"line":188,"context":183},102,{"file":181,"line":190,"context":183},123,{"file":181,"line":192,"context":183},140,{"file":181,"line":194,"context":183},148,{"file":196,"line":197,"context":183},"public\\class-cw-site-announcements-public.php",159,[],[],{"summary":201,"deductions":202},"The \"site-announcements\" plugin v1.0.4 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any registered entry points like AJAX handlers, REST API routes, shortcodes, or cron events, significantly minimizes the plugin's attack surface. Furthermore, the analysis indicates robust coding practices, with no dangerous functions identified, all SQL queries utilizing prepared statements, and the presence of nonce and capability checks. The lack of file operations and external HTTP requests further reduces potential vulnerabilities.\n\nHowever, a notable concern lies in the output escaping. With 43% of outputs properly escaped, there's a significant portion (57%) that is not. This can potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed. The taint analysis showing zero flows with unsanitized paths is positive, but the potential for XSS due to insufficient output escaping remains a risk that could be exploited if specific conditions are met.\n\nThe plugin's vulnerability history is excellent, with zero known CVEs, indicating a history of secure development and maintenance. This, combined with the current analysis, suggests a generally secure plugin. However, the risk associated with improper output escaping should not be overlooked, as it's a common vector for attacks.",[203],{"reason":204,"points":205},"Insufficient output escaping detected",7,"2026-03-16T19:50:34.404Z",{"wat":208,"direct":215},{"assetPaths":209,"generatorPatterns":211,"scriptPaths":212,"versionParams":213},[210],"\u002Fwp-content\u002Fplugins\u002Fsite-announcements\u002Fadmin\u002Fjs\u002Fcw-site-announcements-admin.js",[],[210],[214],"cw-site-announcements-admin.js?ver=",{"cssClasses":216,"htmlComments":219,"htmlAttributes":220,"restEndpoints":227,"jsGlobals":228,"shortcodeOutput":229},[217,218],"cw_announcement_url","cw_closable_settings",[],[221,222,223,224,225,226],"name=\"cw_background_color\"","name=\"cw_text_color\"","name=\"cw_enable_url\"","name=\"cw_announcement_url\"","name=\"cw_is_announcement_closable\"","name=\"cw_closable_time\"",[],[],[]]