[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCxogJT3nfQddY7KfcsuFcRBB3K1giXwMnH27iH2Q6GY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":125,"fingerprints":174},"top-post","Top Post","0.0.5","V.J.Catkick","https:\u002F\u002Fprofiles.wordpress.org\u002Fvjcatkick-1\u002F","\u003Cp>Display top post and most active entries on your sidebar simply. This package contains two widget so you do not need to install them separately.\u003C\u002Fp>\n","Display top post and most active entries on your sidebar simply. This package contains two widget so you do not need to install them separately.",20,6976,0,"2011-07-12T02:42:00.000Z","2.7","2.6","",[19,20,21,4],"most-active","sidebar","stat","http:\u002F\u002Fwww.vjcatkick.com\u002F?page_id=4892","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-post.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"vjcatkick-1",10,110,88,30,86,"2026-04-05T02:01:09.691Z",[37,62,79,95,108],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":13,"last_vuln_date":61,"fetched_at":26},"xhanch-my-twitter","Xhanch – My Twitter","2.7.9","xhanch_studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fxhanch_studio\u002F","\u003Cp>Xhanch – My Twitter (developed by \u003Ca href=\"http:\u002F\u002Fxhanch.com\u002F\" title=\"Xhanch Studio\" rel=\"nofollow ugc\">Xhanch Studio\u003C\u002Fa>) is the best WordPress Twitter plugin to show\u002Fhide or include\u002Fexclude your latest tweets, replies from other members to you, replies from you to other members, retweets, and direct messages from your Twitter account(s).\u003C\u002Fp>\n\u003Cp>You can customize it with our predefined flexible settings\u002Foptions easily and it can be displayed via sidebar, post or page with advanced tweets filtering system.\u003C\u002Fp>\n\u003Cp>You can also post a tweet\u002Fstatus directly from your website and auto tweet your newly published post\u002Fpage.\u003C\u002Fp>\n\u003Cp>An intensive cache system is provided as well that amke this plugin light weight.\u003C\u002Fp>\n\u003Cp>Xhanch My Twitter is going to provide complete integration between your wordpress website and your twitter account. This plugin can connect to and access from multiple Twitter accounts.\u003C\u002Fp>\n\u003Cp>We will keep improving this plugin in order to make this plugin to be the best Twitter plugin for WordPress\u003C\u002Fp>\n\u003Cp>For complete features list, installation and setup, screen shots, FAQs, update logs\u002Fchangelog, and support:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-twitter\u002F\" title=\"Xhanch - My Twitter\" rel=\"nofollow ugc\">Plugin details\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fforum.xhanch.com\u002Findex.php\u002Fboard,3.0.html\" title=\"Forum\u002Fcommunity center\" rel=\"nofollow ugc\">Forum\u002Fcommunity center\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fforum.xhanch.com\u002Findex.php\u002Fboard,13.0.html\" title=\"Change\u002Fupdate logs\" rel=\"nofollow ugc\">Change\u002Fupdate logs\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fxhanch_studio\" title=\"Click here to see All free plugins from Xhanch Studio\" rel=\"ugc\">Click here to see All free plugins from Xhanch Studio\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fforum.xhanch.com\u002Findex.php\u002Fboard,3.0.html\" title=\"Xhanch - My Twitter\" rel=\"nofollow ugc\">Click here to visit the forum for this plugin\u003C\u002Fa>\u003C\u002Fp>\n","The best plugin to display your latest tweets, replies, direct messages, retweets, auto and manual tweet and lots more. Support multiple accounts",200,1699937,100,4,"2016-09-04T04:36:00.000Z","4.6.30","2.3",[53,20,54,55,56],"post","status","tweet","twitter","http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-twitter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxhanch-my-twitter.zip",84,1,"2014-08-01 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":30,"downloaded":70,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":76,"download_link":77,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":78},"comments-statistics","Display Comments Statistics","1.6.0","Marco Rodrigues","https:\u002F\u002Fprofiles.wordpress.org\u002Fgothicx\u002F","\u003Cp>This plugin shows the total number of articles and comments as well as statistics about which platforms and browsers were used in comment writing. It uses icons to identify both platforms and browsers.\u003Cbr \u002F>\nYou can see a screenshot of it at “Screenshots”. Worry not, the plugin is written in English 🙂\u003C\u002Fp>\n\u003Cp>This plugin was originally created by Mario Gamito (R.I.P). I think he deserves someone to maintain it.\u003C\u002Fp>\n","This plugin shows the total number of articles and comments as well as statistics about which platforms and browsers were used in comment writing.",11792,"3.0.5","2.0.2",[74,20,75],"comments","statistics","http:\u002F\u002Fwww.marblehole.com\u002Fcomments-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomments-statistics.zip","2026-03-15T10:48:56.248Z",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":30,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":15,"requires_php":17,"tags":90,"homepage":93,"download_link":94,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"freelance-status","Freelance Status","0.0.6","konrad_ha","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonrad_ha\u002F","\u003Cp>Sidebar-widget displaying your freelance-availability status in a nice box. Might be used for other stuff as well. You can set options (color and text) for two states (A and B) and switch comfortably between them. The widget is rendered as a nice box with a slight arrow in the sidebar.\u003C\u002Fp>\n","Sidebar-widget displaying your freelance-availability status in a nice box. Might be used for other stuff as well.",3127,"2009-08-04T11:29:00.000Z","2.8.2",[91,20,54,92],"freelance","widget","http:\u002F\u002Fkonrad-haenel.de\u002Fdownloads\u002Ffreelance-status-wordpress-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreelance-status.0.0.6.zip",{"slug":96,"name":97,"version":98,"author":17,"author_profile":99,"description":100,"short_description":101,"active_installs":30,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":104,"requires_at_least":72,"requires_php":17,"tags":105,"homepage":106,"download_link":107,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wordcount","WordCount","1.0","https:\u002F\u002Fprofiles.wordpress.org\u002Fn0mad\u002F","\u003Cp>This plugin enables you to have an overview over the amount of words you’re reading on someones blog. It’s a simple, Drag n’ Droppable, easy to install little box with following fields:\u003C\u002Fp>\n\u003Col>\n\u003Cli>words (words you actually selected)\u003C\u002Fli>\n\u003Cli>amount last words\u003C\u002Fli>\n\u003Cli>time needed (the amount of time needed to read)\u003C\u002Fli>\n\u003Cli>words per second\u003C\u002Fli>\n\u003Cli>average words per second\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>to change it’s position at start: edit wordcount.css\u003C\u002Fp>\n\u003Cp>-top: 50px; -right:5px;\u003C\u002Fp>\n\u003Cp>thanks a lot to Peter-Paul Koch for the Drag-Drop script!\u003C\u002Fp>\n\u003Cp>that’s it – enjoy!\u003C\u002Fp>\n","This plugin enables you to have an overview over the amount of words you're reading on someones blog.",2087,"2009-03-19T12:02:00.000Z","2.7.1",[20,75,92],"http:\u002F\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordcount.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":30,"downloaded":116,"rating":13,"num_ratings":13,"last_updated":117,"tested_up_to":51,"requires_at_least":118,"requires_php":17,"tags":119,"homepage":123,"download_link":124,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"ym-online-status","Yahoo Messenger Online Status","0.3.1","Huda Toriq","https:\u002F\u002Fprofiles.wordpress.org\u002Fhudatoriq\u002F","\u003Cp>With this plugin, Yahoo Messenger users can put a nice, fully customized image button that shows whether they’re online or not on their blog.\u003C\u002Fp>\n","Allows blog owners to show their Yahoo Messenger online status using their own status button.",35829,"2007-12-01T08:50:00.000Z","2.0",[120,121,20,54,122],"messenger","online","yahoo","http:\u002F\u002Fwww.hudatoriq.web.id\u002Fwp-hacks\u002Fym-online-status","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fym-online-status.0.3.1.zip",{"attackSurface":126,"codeSignals":141,"taintFlows":166,"riskAssessment":167,"analyzedAt":173},{"hooks":127,"ajaxHandlers":137,"restRoutes":138,"shortcodes":139,"cronEvents":140,"entryPointCount":13,"unprotectedCount":13},[128,134],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","plugins_loaded","widget_top_post_vjck_init","widget_top_post.php",176,{"type":129,"name":130,"callback":135,"file":132,"line":136},"widget_most_active_vjck_init",177,[],[],[],[],{"dangerousFunctions":142,"sqlUsage":143,"outputEscaping":145,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":165},[],{"prepared":13,"raw":13,"locations":144},[],{"escaped":13,"rawEcho":146,"locations":147},11,[148,150,152,154,156,157,158,160,161,162,164],{"file":132,"line":31,"context":149},"raw output",{"file":132,"line":151,"context":149},111,{"file":132,"line":153,"context":149},112,{"file":132,"line":155,"context":149},134,{"file":132,"line":155,"context":149},{"file":132,"line":155,"context":149},{"file":132,"line":159,"context":149},136,{"file":132,"line":159,"context":149},{"file":132,"line":159,"context":149},{"file":132,"line":163,"context":149},138,{"file":132,"line":163,"context":149},[],[],{"summary":168,"deductions":169},"The 'top-post' v0.0.5 plugin exhibits a seemingly strong security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs, coupled with the fact that all SQL queries use prepared statements, is highly encouraging. Furthermore, the plugin reports zero AJAX handlers, REST API routes, shortcodes, or cron events, indicating a very small attack surface. Taint analysis also shows no identified flows, which is a positive sign.\n\nHowever, a significant concern arises from the output escaping metrics. With 11 total outputs and 0% properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data that is displayed to users without proper sanitization could be exploited by attackers to inject malicious scripts. The lack of nonce checks and capability checks across all entry points (though there are none reported) means that if any entry points were to be introduced in the future without these security measures, they would be immediately exploitable.\n\nIn conclusion, while the plugin has a clean vulnerability history and good practices in SQL handling and attack surface minimization, the critical deficiency in output escaping poses a significant and immediate risk. This needs to be addressed urgently to prevent potential XSS attacks.",[170],{"reason":171,"points":172},"0% output escaping for 11 outputs",8,"2026-03-16T23:01:05.659Z",{"wat":175,"direct":180},{"assetPaths":176,"generatorPatterns":177,"scriptPaths":178,"versionParams":179},[],[],[],[],{"cssClasses":181,"htmlComments":184,"htmlAttributes":185,"restEndpoints":200,"jsGlobals":201,"shortcodeOutput":202},[182,183],"widget_top_post_vjck","widget_most_active_vjck",[],[186,187,188,189,190,191,192,193,194,195,196,197,198,199],"id=\"widget_top_post_vjck_src_title\"","name=\"top_post_vjck_src_title\"","id=\"top_post_vjck_src_title\"","name=\"top_post_vjck_max_entries\"","id=\"top_post_vjck_max_entries\"","name=\"top_post_vjck_src_submit\"","id=\"top_post_vjck_src_submit\"","id=\"widget_most_active_vjck_src_title\"","name=\"most_active_vjck_src_title\"","id=\"most_active_vjck_src_title\"","name=\"most_active_vjck_max_entries\"","id=\"most_active_vjck_max_entries\"","name=\"most_active_vjck_src_submit\"","id=\"most_active_vjck_src_submit\"",[],[],[203,204],"\u003Cdiv id=\"widget_top_post_vjck\">\u003Cul>","\u003Cdiv id=\"widget_most_active_vjck\">\u003Cul>"]