[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fND50LXiqzHOXSjw_skPsq2yGyv8pV8KB7eCJV0YW1L0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":118,"fingerprints":250},"tradebit-download-shop","Tradebit Download and Affiliate Shop","3.0.0","tradebit","https:\u002F\u002Fprofiles.wordpress.org\u002Ftradebit\u002F","\u003Cp>The ultimate plugin to upload and sell digital goods like photos, MP3 music or\u003Cbr \u002F>\nwebsite templates. With this plugin you will get:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a free Tradebit merchant account (waives the $4.95 activation fee)\u003C\u002Fli>\n\u003Cli>an integrated button in your admin panel to fire up the member area\u003C\u002Fli>\n\u003Cli>a sidebar widget, that links with your ID to tradebit and lists your products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Tradebit.com is the marketplace for digital goods and gives you access to\u003Cbr \u002F>\n\u003Cstrong>millions of legal digital goods\u003C\u002Fstrong> that you may additionally add to your\u003Cbr \u002F>\nblog.\u003C\u002Fp>\n\u003Cp>This plugin gives you secure storage space of 99 Gigabytes on tradebit to\u003Cbr \u002F>\nhost your digital inventory and includes the option to integrate affiliate\u003Cbr \u002F>\nlinks to the existing catalog on tradebit.\u003C\u002Fp>\n\u003Cp>Read more about the \u003Ca href=\"http:\u002F\u002Fwww.tradebit.com\u002Fdigital-goods-marketplace.php\" title=\"Download Shop\" rel=\"nofollow ugc\">Tradebit features\u003C\u002Fa>\u003Cbr \u002F>\nhere. The current version provides English accounts and will be enhanced to\u003Cbr \u002F>\nother languages down the road.\u003C\u002Fp>\n","Tradebit is the leading platform to publish and sell digital goods like photos and music. This plugin integrates it into your Wordpress blog!",10,3613,0,"","3.0.5","2.7.0",[18,19,20],"admin","links","widget","http:\u002F\u002Fwww.tradebit.info\u002Fdownloads\u002Fwordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftradebit-download-shop.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":29,"trust_score":31,"computed_at":32},3,30,95,91,"2026-04-04T15:41:23.300Z",[34,55,73,89,107],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":23,"num_ratings":44,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"dashboard-quick-link-widget","Dashboard quick links widget","1.6.0","Hem Thapa","https:\u002F\u002Fprofiles.wordpress.org\u002Fhemthapa\u002F","\u003Cp>A lightweight plugin to allows admins to create an admin dashboard widget with frequently accessed links for quick access.\u003C\u002Fp>\n\u003Cp>I originally developed this plugin after spending hours creating client\u002Fuser documentation for every WordPress project. Instead of writing step-by-step navigation documentation, I used this plugin to organise all necessary links on the single widget for non-technical users. As a developer, I also use this script myself to organise frequently accessed links for quick access.\u003C\u002Fp>\n\u003Ch4>Links format\u003C\u002Fh4>\n\u003Cp>Each link should be entered in a separate line in the following format\u003Cbr \u002F>\n(the fourth parameter, i.e. font awesome icon class is optional)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ccode>Link text|Button link|Button text|font-awesome icon class\u003C\u002Fcode>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>Post blog|\u002Fwp-admin\u002Fpost-new.php|Post blog\nPost blog|\u002Fwp-admin\u002Fpost-new.php|Post blog|fa fa-cog\nPost blog|\u002Fwp-admin\u002Fpost-new.php newtab|Post blog|fa fa-cog`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you have any feedback or queries please contact me at \u003Ca href=\"http:\u002F\u002Fhemthapa.com?ref=wp_dqlw\"hemthapa.com\"\" rel=\"nofollow ugc\">hemthapa.com\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin to allows admins to create a admin dashboard widget with frequently accessed links for quick access.",700,8592,8,"2026-01-23T07:08:00.000Z","6.9.4","3.0","7.3",[18,50,19,51,20],"dashboard","shortcut-widget","http:\u002F\u002Fwww.hemthapa.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-quick-link-widget.1.6.0.zip","2026-03-15T15:16:48.613Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":14,"tags":68,"homepage":70,"download_link":71,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"combined-image-and-text-widget","Combined Image and Text Widget","1.1","Nadav Rotchild","https:\u002F\u002Fprofiles.wordpress.org\u002Fnadav-rotchild\u002F","\u003Cp>Combined Image and Text Widget is a plugin that allows you to effortlessly add text and images to your sidebars, with or without links.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily add images to your sidebar using the native WordPress media uploader.\u003C\u002Fli>\n\u003Cli>Add classes, an id, an image alt and a link to your sidebar widget without touching any code.\u003C\u002Fli>\n\u003Cli>Supports WPML multilanguage capabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n","A widget plugin for text and image combinations, with multilingual support.",90,5375,"2016-10-07T01:21:00.000Z","4.6.30","2.8",[18,69,19,20],"images","http:\u002F\u002Fwww.nadavr.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcombined-image-and-text-widget.1.1.zip",85,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":13,"num_ratings":13,"last_updated":83,"tested_up_to":15,"requires_at_least":84,"requires_php":14,"tags":85,"homepage":87,"download_link":88,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"admin-links-sidebar-widget","Admin Links Widget","1.4.0","kdmurray","https:\u002F\u002Fprofiles.wordpress.org\u002Fkdmurray\u002F","\u003Cp>This plugin provides a widget which can contain links to pages in the administration panel in one of your sidebars.  These links are only visible to those already logged in as an administrator.\u003C\u002Fp>\n\u003Ch3>Setup Instructions\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Extract admin-links-sidebar-widget.php  into your wp-content\u002Fplugins folder (or a subfolder)\u003C\u002Fli>\n\u003Cli>Activate the plugin in WordPress\u003C\u002Fli>\n\u003Cli>Add the widget to your page\u003C\u002Fli>\n\u003Cli>Set the options to select which links you want displayed\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Release History\u003C\u002Fh3>\n\u003Cp>1.4.0 — Fixed a couple of things for WP 3.0, tested up to 3.0.1 successfully.\u003Cbr \u002F>\n1.3.1 — Tested for 2.7.1, minor code change\u003Cbr \u002F>\n1.3.0 — Refactoring to split the admin page and improve performance\u003Cbr \u002F>\n1.1.4 — Minor changes for compatibility with WordPress 2.5.x\u003Cbr \u002F>\n1.1.1 — Minor changes for compatibility with WordPress 2.3.3\u003Cbr \u002F>\n1.1.0 — Added two major features.  “Edit this post” and “Edit this page”\u003Cbr \u002F>\n1.0.9 — Fixed major bug in the URL construction which caused problems on blogs\u003Cbr \u002F>\n         which were not in the root folder of the web server.\u003Cbr \u002F>\n1.0.8 — Added Themes and Widgets admin links\u003Cbr \u002F>\n1.0.5 — Bug Fix: missing comments and plugins items\u003Cbr \u002F>\n1.0.3 — Documentation correction\u003Cbr \u002F>\n1.0.2 — Initial release\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>kdmurray.at.kdmurray.dot.net\u003Cbr \u002F>\nPlugin page: http:\u002F\u002Fkdmurray.net\u002F2010\u002F09\u002F22\u002Fadmin-links-plugin-updated-to-1-4-0\u002F\u003C\u002Fp>\n","This plugin provides a widget which can contain links to pages in the administration panel in one of your sidebars.  These links are only visible to t …",20,16674,"2010-09-22T07:29:00.000Z","1.5",[86,18,50,19,20],"adinistration","http:\u002F\u002Fkdmurray.net\u002F2010\u002F09\u002F22\u002Fadmin-links-plugin-updated-to-1-4-0\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-links-sidebar-widget.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":81,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":98,"tested_up_to":46,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":105,"download_link":106,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":54},"quicklinks-manager","QuickLinks Manager by Press.Zone","2.1.2","Avi Ezra","https:\u002F\u002Fprofiles.wordpress.org\u002Fresite\u002F","\u003Cp>QuickLinks Manager by Press.Zone is a powerful plugin designed to simplify navigation in the WordPress dashboard. It allows users to create a customizable widget on the dashboard screen with their chosen quick links. This functionality is particularly useful for frequent tasks, like accessing draft posts. The plugin offers full control over link selection with import and export options, making it ideal for managing multiple sites or setting up client websites with custom navigation paths.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dashboard widget displaying your custom quick links\u003C\u002Fli>\n\u003Cli>Admin Bar integration with Quick Links dropdown menu\u003C\u002Fli>\n\u003Cli>Drag-and-drop reordering of links\u003C\u002Fli>\n\u003Cli>Role-based access control for Admin Bar visibility\u003C\u002Fli>\n\u003Cli>Import\u002FExport functionality for easy migration\u003C\u002Fli>\n\u003Cli>Modern, responsive settings interface\u003C\u002Fli>\n\u003Cli>Open links in new tab option\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later. See LICENSE.md for more details.\u003C\u002Fp>\n","QuickLinks Manager by Press.Zone lets you create and manage custom quick links in the WordPress dashboard for easier navigation.",611,"2025-12-21T18:29:00.000Z","5.2.4","7.0",[102,50,103,104,20],"admin-bar","management","quick-links","https:\u002F\u002Fpress.zone\u002Fplugins\u002Fquicklinks-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquicklinks-manager.2.1.2.zip",{"slug":108,"name":109,"version":110,"author":7,"author_profile":8,"description":111,"short_description":112,"active_installs":11,"downloaded":113,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":114,"requires_at_least":16,"requires_php":14,"tags":115,"homepage":116,"download_link":117,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"paldrop-dropbox-shop","PalDrop Dropbox Shop","3.2.0","\u003Cp>The fastest way to sell files hosted on Dropbox! With this plugin you will get:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>a free Paldrop merchant account (for up to 10 registered products)\u003C\u002Fli>\n\u003Cli>an integrated button in your admin panel to fire up the member area\u003C\u002Fli>\n\u003Cli>a sidebar widget, that links with your ID to paldrop and lists your products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Paldrop.com is the standard way to sell files hosted on Dropbox and gives you\u003Cbr \u002F>\naccess to \u003Cstrong>millions of legal digital goods\u003C\u002Fstrong> that you may additionally add to your\u003Cbr \u002F>\nblog.\u003C\u002Fp>\n\u003Cp>Read more about the \u003Ca href=\"http:\u002F\u002Fwww.paldrop.com\u002F\" title=\"Downloads\" rel=\"nofollow ugc\">Paldrop features\u003C\u002Fa>\u003Cbr \u002F>\nhere. The current version provides English accounts and will be enhanced to\u003Cbr \u002F>\nother languages down the road.\u003C\u002Fp>\n","PalDrop allows you to add a simple and fast payment button for your Dropbox files! It combines your Paypal email with your Dropbox account and enables …",2826,"3.3.2",[18,19,20],"http:\u002F\u002Fwww.paldrop.com\u002Fwordpress.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpaldrop-dropbox-shop.3.2.1.zip",{"attackSurface":119,"codeSignals":140,"taintFlows":172,"riskAssessment":237,"analyzedAt":249},{"hooks":120,"ajaxHandlers":136,"restRoutes":137,"shortcodes":138,"cronEvents":139,"entryPointCount":13,"unprotectedCount":13},[121,127,132],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","admin_menu","tb_adminoptions","tradebit-shop.php",290,{"type":128,"name":129,"callback":130,"file":125,"line":131},"filter","media_buttons_context","tradebit_edit_plug",291,{"type":122,"name":133,"callback":134,"file":125,"line":135},"plugins_loaded","tbitWidget_install",294,[],[],[],[],{"dangerousFunctions":141,"sqlUsage":142,"outputEscaping":144,"fileOperations":170,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":171},[],{"prepared":13,"raw":13,"locations":143},[],{"escaped":13,"rawEcho":145,"locations":146},11,[147,150,152,154,156,158,160,162,164,166,168],{"file":125,"line":148,"context":149},48,"raw output",{"file":125,"line":151,"context":149},80,{"file":125,"line":153,"context":149},133,{"file":125,"line":155,"context":149},145,{"file":125,"line":157,"context":149},146,{"file":125,"line":159,"context":149},147,{"file":125,"line":161,"context":149},209,{"file":125,"line":163,"context":149},210,{"file":125,"line":165,"context":149},212,{"file":125,"line":167,"context":149},266,{"file":125,"line":169,"context":149},271,1,[],[173,191,200,219],{"entryPoint":174,"graph":175,"unsanitizedCount":170,"severity":190},"tradebit_edit_settings (tradebit-shop.php:22)",{"nodes":176,"edges":187},[177,182],{"id":178,"type":179,"label":180,"file":125,"line":181},"n0","source","$_SERVER['REQUEST_URI']",68,{"id":183,"type":184,"label":185,"file":125,"line":148,"wp_function":186},"n1","sink","echo() [XSS]","echo",[188],{"from":178,"to":183,"sanitized":189},false,"medium",{"entryPoint":192,"graph":193,"unsanitizedCount":170,"severity":190},"tbitcreateuserform (tradebit-shop.php:78)",{"nodes":194,"edges":198},[195,197],{"id":178,"type":179,"label":180,"file":125,"line":196},89,{"id":183,"type":184,"label":185,"file":125,"line":151,"wp_function":186},[199],{"from":178,"to":183,"sanitized":189},{"entryPoint":201,"graph":202,"unsanitizedCount":28,"severity":190},"tbitcreateuserremote (tradebit-shop.php:114)",{"nodes":203,"edges":216},[204,207,211,214],{"id":178,"type":179,"label":205,"file":125,"line":206},"$_REQUEST",116,{"id":183,"type":184,"label":208,"file":125,"line":209,"wp_function":210},"file_get_contents() [SSRF\u002FLFI]",139,"file_get_contents",{"id":212,"type":179,"label":213,"file":125,"line":206},"n2","$_REQUEST (x2)",{"id":215,"type":184,"label":185,"file":125,"line":155,"wp_function":186},"n3",[217,218],{"from":178,"to":183,"sanitized":189},{"from":212,"to":215,"sanitized":189},{"entryPoint":220,"graph":221,"unsanitizedCount":236,"severity":190},"\u003Ctradebit-shop> (tradebit-shop.php:0)",{"nodes":222,"edges":232},[223,225,226,227,228,230],{"id":178,"type":179,"label":224,"file":125,"line":181},"$_SERVER['REQUEST_URI'] (x2)",{"id":183,"type":184,"label":185,"file":125,"line":148,"wp_function":186},{"id":212,"type":179,"label":205,"file":125,"line":206},{"id":215,"type":184,"label":208,"file":125,"line":209,"wp_function":210},{"id":229,"type":179,"label":213,"file":125,"line":206},"n4",{"id":231,"type":184,"label":185,"file":125,"line":155,"wp_function":186},"n5",[233,234,235],{"from":178,"to":183,"sanitized":189},{"from":212,"to":215,"sanitized":189},{"from":229,"to":231,"sanitized":189},5,{"summary":238,"deductions":239},"The \"tradebit-download-shop\" v3.0.0 plugin exhibits a mixed security posture.  On the positive side, the absence of known vulnerabilities and a clean history of CVEs suggests a diligent maintenance effort or a lack of exploitation attempts. Furthermore, the absence of direct SQL queries without prepared statements and no external HTTP requests are strong indicators of good security practices in those areas.\n\nHowever, significant concerns arise from the static analysis. The complete lack of output escaping across all identified outputs is a critical weakness, potentially leading to cross-site scripting (XSS) vulnerabilities if any user-supplied data is ever rendered directly. Additionally, the presence of unsanitized path flows in the taint analysis, even without critical or high severity flags, indicates a potential risk for directory traversal or file inclusion vulnerabilities, especially given the single file operation identified. The absence of nonce and capability checks across all entry points, while there are no entry points identified as unprotected, still presents a latent risk if new entry points are introduced or if the analysis missed subtle ways to trigger code execution.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and avoids some common pitfalls like raw SQL, the pervasive issue of unescaped output and the unsanitized path flows are serious security concerns that require immediate attention. The lack of authentication checks on any potential entry points further amplifies these risks.",[240,242,245,247],{"reason":241,"points":44},"All outputs are unescaped",{"reason":243,"points":244},"Unsanitized path flows found",6,{"reason":246,"points":236},"No nonce checks",{"reason":248,"points":236},"No capability checks","2026-03-16T23:29:33.619Z",{"wat":251,"direct":256},{"assetPaths":252,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[],[],[],[],{"cssClasses":257,"htmlComments":259,"htmlAttributes":261,"restEndpoints":269,"jsGlobals":270,"shortcodeOutput":271},[258],"tradebit-pages",[260]," $myopenurl : $mytbitresult ",[262,263,264,265,266,267,268],"name=\"tbitaction\"","name=\"tbitlogin\"","name=\"tbitpw\"","name=\"tbitpw2\"","name=\"tbitpayoutmail\"","name=\"tbitterms\"","name=\"tbsubmit\"",[],[],[]]