[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOOGCJcqIKENeRapmEjJ6i9kg11GdFxa9lK1Ea9fV-RY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":22,"download_link":23,"security_score":13,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":35,"fingerprints":117},"sticky-notes","Sticky Note by Dolar Patel","1.1","DolarPatel","https:\u002F\u002Fprofiles.wordpress.org\u002Fdolar-patel\u002F","\u003Cp>Sticky Note by Dolar Patel is an easy to use widget plugin with Shortcode to generate Notice Text that you can use in any sidebar.\u003C\u002Fp>\n\u003Cp>No need of authentication such as password and API keys Generation for Sticky Note Plugin.\u003C\u002Fp>\n\u003Cp>We are not making any call backs to our server and not storing any data of user.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Control for specify number of paragraph length.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*Parameter\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Title Color - Define Title Text Color.  * Notice Text Color- Define Notice Text Color.  * Background Picture Type \u003C\u002Fcode>\u003C\u002Fpre>\n","A Simple plugin to generate Notice Text using Widget.",10,1307,100,4,"","4.5.33","4.2",[19,20,21],"notice-board","notice-widget","sticky-notes-widget","http:\u002F\u002Fwordpress.org\u002Fplugins\u002F\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsticky-notes.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"dolar-patel",1,30,94,"2026-04-04T21:22:52.950Z",[],{"attackSurface":36,"codeSignals":48,"taintFlows":102,"riskAssessment":103,"analyzedAt":116},{"hooks":37,"ajaxHandlers":44,"restRoutes":45,"shortcodes":46,"cronEvents":47,"entryPointCount":24,"unprotectedCount":24},[38],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","widgets_init","anonymous","widget_plugin.php",120,[],[],[],[],{"dangerousFunctions":49,"sqlUsage":53,"outputEscaping":55,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":101},[50],{"fn":51,"file":42,"line":43,"context":52},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"stn_plugin\");'));",{"prepared":24,"raw":24,"locations":54},[],{"escaped":56,"rawEcho":57,"locations":58},5,25,[59,62,64,65,66,68,70,71,72,74,76,77,78,80,82,83,85,87,88,89,91,93,95,97,99],{"file":42,"line":60,"context":61},38,"raw output",{"file":42,"line":63,"context":61},39,{"file":42,"line":63,"context":61},{"file":42,"line":63,"context":61},{"file":42,"line":67,"context":61},41,{"file":42,"line":69,"context":61},42,{"file":42,"line":69,"context":61},{"file":42,"line":69,"context":61},{"file":42,"line":73,"context":61},44,{"file":42,"line":75,"context":61},45,{"file":42,"line":75,"context":61},{"file":42,"line":75,"context":61},{"file":42,"line":79,"context":61},47,{"file":42,"line":81,"context":61},48,{"file":42,"line":81,"context":61},{"file":42,"line":84,"context":61},67,{"file":42,"line":86,"context":61},68,{"file":42,"line":86,"context":61},{"file":42,"line":86,"context":61},{"file":42,"line":90,"context":61},93,{"file":42,"line":92,"context":61},103,{"file":42,"line":94,"context":61},105,{"file":42,"line":96,"context":61},111,{"file":42,"line":98,"context":61},113,{"file":42,"line":100,"context":61},117,[],[],{"summary":104,"deductions":105},"The \"sticky-notes\" plugin v1.1 exhibits a mixed security posture.  On the positive side, it demonstrates good practices regarding SQL queries by exclusively using prepared statements and has no recorded vulnerability history, suggesting a generally stable codebase.  However, the static analysis reveals significant areas of concern. The presence of the `create_function` function is a critical vulnerability signal, as it is deprecated and can be a vector for remote code execution if user-supplied data is passed to it without strict sanitization. Furthermore, a substantial percentage of output is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities. The lack of any nonce or capability checks on entry points, coupled with a zero count for protected entry points, is alarming and leaves the plugin vulnerable to unauthorized actions or data manipulation.",[106,109,112,114],{"reason":107,"points":108},"Dangerous function create_function used",15,{"reason":110,"points":111},"Low output escaping percentage",8,{"reason":113,"points":11},"No nonce checks on entry points",{"reason":115,"points":11},"No capability checks on entry points","2026-03-16T23:19:39.454Z",{"wat":118,"direct":127},{"assetPaths":119,"generatorPatterns":122,"scriptPaths":123,"versionParams":124},[120,121],"\u002Fwp-content\u002Fplugins\u002Fsticky-notes\u002Fassests\u002Fcss\u002Fsticky.css","\u002Fwp-content\u002Fplugins\u002Fsticky-notes\u002Fassests\u002Fjs\u002Fjscolor.js",[],[121],[125,126],"sticky-notes\u002Fassests\u002Fcss\u002Fsticky.css?ver=","sticky-notes\u002Fassests\u002Fjs\u002Fjscolor.js?ver=",{"cssClasses":128,"htmlComments":132,"htmlAttributes":133,"restEndpoints":136,"jsGlobals":137,"shortcodeOutput":138},[129,130,131],"sticky_cover","sticky_cover_title","sticky_cover_text",[],[134,135],"data-field-id","data-field-name",[],[],[]]