[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0QeoCq53DdwMy5hu4rjZAydGqNHg3nOY98bDPGIqho4":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":33,"analysis":71,"fingerprints":207},"slogan-widget","2.1.0","tobig","https:\u002F\u002Fprofiles.wordpress.org\u002Ftobig\u002F","\u003Cp>With this plugin you can create slogans fpr month or year. A Widget show this slogans for the actual month or year.\u003C\u002Fp>\n\u003Cp>It is possible to export and import and create, delete, edit a slogan.\u003C\u002Fp>\n\u003Cp>Dieses Plugin speichert mit Hilfe der Custom Post Types Sprüche in der Datenbank die mit einem Datum, auf Basis von mm.yyyy, versehen sind. Mit einem Widget können diese dann entsprechend der aktuellen Zeit angezeigt werden.\u003C\u002Fp>\n\u003Cp>Funktionen des Plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widget zum Anzeigen der Sprüche (Anzeige erfolgt auf aktuellem Monat und Jahr)\u003C\u002Fli>\n\u003Cli>Export \u002F Import Funktion der Sprüche über die WordPress Export \u002F Import Schnittstelle\u003C\u002Fli>\n\u003Cli>Übersichtsseite\u003C\u002Fli>\n\u003Cli>Erstellen und Bearbeiten Seite\u003C\u002Fli>\n\u003Cli>Löschfunktion\u003C\u002Fli>\n\u003C\u002Ful>\n","Dieses Plugin speichert mit Hilfe der Custom Post Types Sprüche in der Datenbank die mit einem Datum, auf Basis von mm.yyyy, versehen sind.",10,2342,80,1,"2022-11-21T20:10:00.000Z","6.1.10","4.0.0","",[19,20,21],"jahresspruch","monatsspruch","slogan","http:\u002F\u002Fgnetos.de","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslogan-widget.2.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":13,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},30,84,"2026-04-05T18:45:31.647Z",[34,53],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":30,"downloaded":42,"rating":12,"num_ratings":13,"last_updated":43,"tested_up_to":44,"requires_at_least":45,"requires_php":17,"tags":46,"homepage":51,"download_link":52,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"slogan-rotator","Slogan Rotator","1.0.1","Mitch","https:\u002F\u002Fprofiles.wordpress.org\u002Flowest\u002F","\u003Cp>A small but useful plugin which will show a different slogan every time the visitor refreshes the page.\u003C\u002Fp>\n\u003Cp>To display the slogans, use the \u003Ccode>[slogan-rotator]\u003C\u002Fcode> shortcode. To add, delete or edit a slogan, go to Settings > Slogan Rotator. Add as many slogans as you want.\u003C\u002Fp>\n","Show a different slogan every time the visitor refreshes the page.",1660,"2017-02-19T00:31:00.000Z","4.7.32","3.0",[47,48,49,21,50],"page","rotation","rotator","slogans","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fslogan-rotator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslogan-rotator.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":25,"downloaded":61,"rating":25,"num_ratings":25,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":17,"download_link":69,"security_score":70,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"box-slogan-block","Box Slogan Gutenberg Block","0.1.0","Manzur Ahmed","https:\u002F\u002Fprofiles.wordpress.org\u002Fmonju123\u002F","\u003Cp>Box Slogan Block is a custom Gutenberg Block to showcase your important information on your WordPress site. It has a lot of customization options.\u003C\u002Fp>\n\u003Ch3>Video Tutorial\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLRpp5GXAHvE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple, light-weight, and super-fast\u003C\u002Fli>\n\u003Cli>Built with only Gutenberg Native Components\u003C\u002Fli>\n\u003Cli>No Block Builder at all\u003C\u002Fli>\n\u003Cli>100% Responsive on different sizes of devices\u003C\u002Fli>\n\u003Cli>Modern and eye-catching clean design\u003C\u002Fli>\n\u003Cli>Grid Columns Management on Different Devices like Desktop, Tablet, and Mobile\u003C\u002Fli>\n\u003Cli>Custom Color Options\u003C\u002Fli>\n\u003Cli>Custom spacing options\u003C\u002Fli>\n\u003Cli>You can include a beautiful button to link to your post, page, or, custom post type\u003C\u002Fli>\n\u003Cli>Easy to Use in Gutenberg Editor\u003C\u002Fli>\n\u003Cli>This block exactly the same both in the Gutenberg editor and the frontend\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About Developer\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>Designed & Developed By Manzur Ahmed. Available for any freelance work, feel free to \u003Ca href=\"https:\u002F\u002Fwww.webtechriser.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">Contact Me\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Box Slogan Block is a custom Gutenberg Block to showcase your important information on your WordPress site. It has a lot of customization options.",1533,"2024-04-19T16:53:00.000Z","6.5.8","6.1","7.0",[54,67,68],"custom-block","gutenberg-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbox-slogan-block.0.1.0.zip",92,{"attackSurface":72,"codeSignals":131,"taintFlows":199,"riskAssessment":200,"analyzedAt":206},{"hooks":73,"ajaxHandlers":127,"restRoutes":128,"shortcodes":129,"cronEvents":130,"entryPointCount":25,"unprotectedCount":25},[74,80,85,89,92,96,99,102,105,108,112,115,119,123],{"type":75,"name":76,"callback":77,"file":78,"line":79},"filter","manage_qs_slogan_type_posts_columns","qs_slogan_type_change_columns","slogan-widget.php",140,{"type":81,"name":82,"callback":83,"file":78,"line":84},"action","manage_posts_custom_column","qs_slogan_type_custom_columns2",543,{"type":81,"name":86,"callback":87,"file":78,"line":88},"admin_menu","add_qs_slogan_type_box_slogan",544,{"type":81,"name":86,"callback":90,"file":78,"line":91},"add_qs_slogan_type_box_sloganscripture",546,{"type":81,"name":93,"callback":94,"file":78,"line":95},"save_post","save_qs_slogan_type_taxonomy_slogancategory",547,{"type":81,"name":86,"callback":97,"file":78,"line":98},"add_qs_slogan_type_box_slogancategory",548,{"type":81,"name":93,"callback":100,"file":78,"line":101},"save_qs_slogan_type_taxonomy_sloganscripture",549,{"type":81,"name":86,"callback":103,"file":78,"line":104},"add_qs_slogan_type_box_slogantime",550,{"type":81,"name":93,"callback":106,"file":78,"line":107},"save_qs_slogan_type_taxonomy_slogantime",551,{"type":81,"name":109,"callback":110,"file":78,"line":111},"init","create_qs_slogan_type",552,{"type":81,"name":109,"callback":113,"file":78,"line":114},"create_qs_slogan_type_taxonomy",553,{"type":81,"name":116,"callback":117,"file":78,"line":118},"widgets_init","qssloganplugin_register_widgets",558,{"type":75,"name":120,"callback":121,"file":78,"line":122},"the_content","replace_content_with_slogan",559,{"type":75,"name":124,"callback":125,"file":78,"line":126},"get_user_option_screen_layout_qs_slogan_type","closure",560,[],[],[],[],{"dangerousFunctions":132,"sqlUsage":133,"outputEscaping":135,"fileOperations":25,"externalRequests":25,"nonceChecks":196,"capabilityChecks":197,"bundledLibraries":198},[],{"prepared":25,"raw":25,"locations":134},[],{"escaped":25,"rawEcho":136,"locations":137},29,[138,141,143,145,147,149,151,153,155,157,158,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194],{"file":78,"line":139,"context":140},157,"raw output",{"file":78,"line":142,"context":140},164,{"file":78,"line":144,"context":140},167,{"file":78,"line":146,"context":140},173,{"file":78,"line":148,"context":140},175,{"file":78,"line":150,"context":140},211,{"file":78,"line":152,"context":140},219,{"file":78,"line":154,"context":140},231,{"file":78,"line":156,"context":140},239,{"file":78,"line":156,"context":140},{"file":78,"line":159,"context":140},254,{"file":78,"line":161,"context":140},259,{"file":78,"line":163,"context":140},273,{"file":78,"line":165,"context":140},279,{"file":78,"line":167,"context":140},280,{"file":78,"line":169,"context":140},425,{"file":78,"line":171,"context":140},429,{"file":78,"line":173,"context":140},466,{"file":78,"line":175,"context":140},467,{"file":78,"line":177,"context":140},469,{"file":78,"line":179,"context":140},487,{"file":78,"line":181,"context":140},488,{"file":78,"line":183,"context":140},489,{"file":78,"line":185,"context":140},490,{"file":78,"line":187,"context":140},494,{"file":78,"line":189,"context":140},495,{"file":78,"line":191,"context":140},496,{"file":78,"line":193,"context":140},497,{"file":78,"line":195,"context":140},498,8,4,[],[],{"summary":201,"deductions":202},"Based on the provided static analysis and vulnerability history, the \"slogan-widget\" v2.1.0 plugin appears to have a generally good security posture, with no known vulnerabilities and a limited attack surface. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with exposed entry points is a strong positive. Furthermore, the plugin utilizes prepared statements for all its SQL queries, which is a critical best practice for preventing SQL injection. The presence of nonce and capability checks, while not exhaustive across all code paths, indicates some level of security awareness in its development.\n\nHowever, a significant concern arises from the output escaping. With 29 total outputs and 0% properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic content displayed by the widget that is not properly escaped could be manipulated by an attacker to inject malicious scripts. While taint analysis shows no current unsanitized flows, this could be due to the limited scope of the analysis or the specific data handled by the widget. The lack of historical vulnerabilities is encouraging, but it does not mitigate the immediate risk posed by the unescaped output.\n\nIn conclusion, the \"slogan-widget\" plugin demonstrates strengths in its limited attack surface and secure SQL handling. However, the complete lack of output escaping is a critical weakness that exposes it to XSS attacks. The absence of known vulnerabilities is positive, but the unescaped output presents a clear and present danger that needs immediate attention. Addressing the output escaping issue should be the top priority for improving the security of this plugin.",[203],{"reason":204,"points":205},"0% output escaping",15,"2026-03-17T00:40:44.272Z",{"wat":208,"direct":213},{"assetPaths":209,"generatorPatterns":210,"scriptPaths":211,"versionParams":212},[],[],[],[],{"cssClasses":214,"htmlComments":215,"htmlAttributes":216,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":219},[],[],[],[],[],[]]