[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7EnYAhfMjjOyaWKyr5SjlXvFg3-jtLP1IDzjhfD7GJg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":36,"fingerprints":75},"tsp-featured-posts","LAPDI Featured Posts","1.3.3","Sharron Denice","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharrondenice\u002F","\u003Cp>Let A Pro Do IT!’s (LAPDI) Featured Posts plugin allows you to add featured posts to your blog’s website via widget or on pages and posts using shortcodes. Featured Posts has five (5) layouts and can include thumbnails, post gallery and quotes.\u003C\u002Fp>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cp>Add a \u003Ccode>Featured Posts\u003C\u002Fcode> to posts and pages by using a shortcode inside your text or evaluated from within your theme. You may override page\u002Fpost \u003Ccode>Featured Posts\u003C\u002Fcode> options with shortcode attributes defined on the plugin’s settings page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[tsp-featured-posts]\u003C\u002Fcode> – Will display posts with the default options defined in the plugin’s settings page.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[tsp-featured-posts title=\"Title of Posts\" keep_formatting=\"N\" style=\"color: red;\" max_words=10 show_quotes=\"N\" show_thumb=\"Y\" show_event_data=\"N\" show_author=\"Y\" show_date\"N\" show_private=\"N\" show_text_posts=\"N\" number_posts=\"5\" excerpt_max=100 excerpt_min=60 post_class=\"\" fpost_type=\"post\" post_ids=\"5,3,4\" category=\"0\" slider_width=\"865\" slider_height=\"365 layout=\"0\" order_by=\"DESC\" thumb_width=\"80\" thumb_height=\"80\" read_more_text=\"more...\" before_title=\"\" after_title=\"\"]\u003C\u002Fcode> – Will override all attributes defined on the plugin’s settings page.\u003C\u002Fli>\n\u003C\u002Ful>\n","Featured Posts allows you to add featured posts to your blog's website via widgets, pages and\u002For posts.",70,19791,100,6,"2021-02-08T23:07:00.000Z","5.6.17","3.5.1","",[20],"featured-posts-display-gallery-slider-jquery-moving-boxes-the-software-people","https:\u002F\u002Fletaprodoitcom\u002Fapps\u002Fplugins\u002Fwordpress\u002Ffeatured-posts-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftsp-featured-posts.1.3.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"sharrondenice",7,220,30,84,"2026-04-04T17:41:09.291Z",[],{"attackSurface":37,"codeSignals":54,"taintFlows":65,"riskAssessment":66,"analyzedAt":74},{"hooks":38,"ajaxHandlers":45,"restRoutes":46,"shortcodes":47,"cronEvents":52,"entryPointCount":53,"unprotectedCount":24},[39],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","widgets_init","closure","tsp-featured-posts.php",80,[],[],[48],{"tag":49,"callback":50,"file":43,"line":51},"tsp_featured_posts","anonymous",75,[],1,{"dangerousFunctions":55,"sqlUsage":56,"outputEscaping":58,"fileOperations":24,"externalRequests":24,"nonceChecks":53,"capabilityChecks":24,"bundledLibraries":64},[],{"prepared":24,"raw":24,"locations":57},[],{"escaped":24,"rawEcho":53,"locations":59},[60],{"file":61,"line":62,"context":63},"TSP_Easy_Dev.extend.php",423,"raw output",[],[],{"summary":67,"deductions":68},"The tsp-featured-posts plugin v1.3.3 exhibits a generally good security posture, with no known vulnerabilities in its history and a limited attack surface. The static analysis reveals a clean codebase with no dangerous functions, file operations, or external HTTP requests. Importantly, all SQL queries are prepared, and nonce checks are present. However, a significant concern arises from the lack of output escaping. With 100% of outputs not being properly escaped, there is a high risk of cross-site scripting (XSS) vulnerabilities. While no taint flows were found, this could be due to the limited scope of the analysis or the absence of complex data manipulation within the plugin. The absence of capability checks for the shortcode, while not directly indicated as a vulnerability, is a missed opportunity for robust access control, especially if the shortcode's functionality is sensitive. The plugin's vulnerability history is a strong positive, suggesting robust development practices. Overall, the plugin is well-built in terms of preventing common vulnerabilities, but the unescaped output presents a critical area for immediate improvement to mitigate XSS risks.",[69,71],{"reason":70,"points":30},"Output escaping missing",{"reason":72,"points":73},"No capability checks on shortcode",5,"2026-03-17T05:37:56.204Z",{"wat":76,"direct":88},{"assetPaths":77,"generatorPatterns":85,"scriptPaths":86,"versionParams":87},[78,79,80,81,82,83,84],"\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Fassets\u002Fcss\u002Fmovingboxes.css","\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Fassets\u002Fcss\u002Fmovingboxes-ie.css","\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Ftsp-featured-posts.ie.css","\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Ftsp-featured-posts.css","\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Fassets\u002Fjs\u002Fjquery.movingboxes.js","\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Fassets\u002Fjs\u002Fslider-scripts.js","\u002Fwp-content\u002Fplugins\u002Ftsp-featured-posts\u002Fassets\u002Fjs\u002Fscripts.js",[],[],[],{"cssClasses":89,"htmlComments":91,"htmlAttributes":92,"restEndpoints":94,"jsGlobals":95,"shortcodeOutput":97},[90],"tspfp-featured-posts",[],[93],"data-tspfp-options",[],[96],"tspfp",[98,99],"[tsp_featured_posts]","[featured_posts]"]