[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqTOT69i4IQXGbxBPZyYrlF9QWVaFBLsNhBGBFqF6luw":3,"$fBS_PxfEUxpaTjdN8o8sKRZGnJJW6TVgfk9nAJKZweRQ":112,"$fOWASob4Jdp3qMrV-h4OTYGbg4Pxezb9OtZbLL5akmH8":117},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":34,"analysis":35,"fingerprints":97},"ultimate-testimonials","Ultimate Testimonials","0.2","David Gwyer","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgwyer\u002F","\u003Cp>The only testimonials plugin you’ll ever need! Fully functional features include front end testimonial submission, random testimonials, and a built-in ratings system.\u003C\u002Fp>\n\u003Cp>Create beautiful testimonials and display them via shortcodes, widgets, or a fixed URL (e.g. yoursite.com\u002Ftestimonials).\u003C\u002Fp>\n\u003Cp>Ultimate Testimonials is an all-in-one solution for adding testimonials to your site. Create them very quickly and easily via the dedicated testimonials editor, then optionally add them to one or more testimonial groups for flexible display options. Each testimonial can belong to a single group, multiple groups, or no groups.\u003C\u002Fp>\n\u003Cp>Display testimonials anywhere on your site. e.g. headers, footers, sidebars, or in posts and pages!\u003C\u002Fp>\n\u003Cp>Easily create a new testimonial via the dedicated editor and include all the information you want to display such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Message\u003C\u002Fli>\n\u003Cli>Excerpt\u003C\u002Fli>\n\u003Cli>Image\u003C\u002Fli>\n\u003Cli>Company\u002Fwebsite\u003C\u002Fli>\n\u003Cli>Author\u003C\u002Fli>\n\u003Cli>Rating\u003C\u002Fli>\n\u003Cli>Template (range of templates available)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Add a testimonial image by uploading an image via the testimonial editor, or by optionally specifying a Gravatar email to associate an image with a testimonial.\u003C\u002Fp>\n\u003Cp>There are several ways to display the testimonials you’ve created. Use shortcodes to display individual testimonials, or groups of testimonials anywhere on your site. Or, use the dedicated widget to show a group of testimonials in a sidebar, header, or footer (depending on what widget areas your current theme supports).\u003C\u002Fp>\n\u003Cp>Alternatively, there are permalink URLs available to display single testimonials or testimonial archives (all testimonials or only those from specific groups). These URLs look something like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>yoursite.com\u002Ftestimonials (\u003C= Displays all testimonials)\u003C\u002Fli>\n\u003Cli>yoursite.com\u002Ftestimonials\u002Fmain (\u003C= Displays all testimonials from the ‘main’ group)\u003C\u002Fli>\n\u003Cli>yoursite.com\u002Ftestimonial\u002Fmy-testimonial (\u003C= Displays the individual testimonial with slug name ‘my-testimonial’)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Choose from a range of pre-made templates included in Ultimate Templates!\u003C\u002Fp>\n\u003Cp>Click \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fultimate-testimonials\" rel=\"ugc\">here\u003C\u002Fa> for plugin support.\u003C\u002Fp>\n\u003Cp>If you have a moment let us know what you think about ‘Ultimate Testimonials’ in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fultimate-testimonials\u002Freviews\u002F\" rel=\"ugc\">comments\u003C\u002Fa>. Your feedback is really important to us and helps up continuously improve upon the plugin. Help us to make it even better!\u003C\u002Fp>\n\u003Cp>And please rate the plugin if you find it useful. It would be most appreciated.\u003C\u002Fp>\n\u003Cp>Thanks for all your support! 🙂\u003C\u002Fp>\n","The only testimonials plugin you'll ever need! Fully functional. Includes front-end submission, random testimonials, built-in ratings system.",10,1475,0,"2017-02-21T19:40:00.000Z","4.7.33","4.0","",[],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-testimonials\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-testimonials.0.2.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"dgwyer",12,108540,84,156,68,"2026-05-20T05:17:49.953Z",[],{"attackSurface":36,"codeSignals":72,"taintFlows":79,"riskAssessment":80,"analyzedAt":96},{"hooks":37,"ajaxHandlers":68,"restRoutes":69,"shortcodes":70,"cronEvents":71,"entryPointCount":13,"unprotectedCount":13},[38,45,48,52,56,60,65],{"type":39,"name":40,"callback":41,"priority":42,"file":43,"line":44},"action","after_setup_theme","setup_default_features",9,"wpgo-ultimate-testimonials.php",47,{"type":39,"name":40,"callback":46,"priority":28,"file":43,"line":47},"load_supported_features",52,{"type":39,"name":49,"callback":50,"file":43,"line":51},"widgets_init","register_widgets",61,{"type":39,"name":53,"callback":54,"file":43,"line":55},"customize_controls_enqueue_scripts","enqueue_customizer_scripts",62,{"type":39,"name":57,"callback":58,"file":43,"line":59},"plugins_loaded","localize_plugin",63,{"type":61,"name":62,"callback":63,"file":43,"line":64},"filter","widget_text","shortcode_unautop",114,{"type":61,"name":62,"callback":66,"file":43,"line":67},"do_shortcode",115,[],[],[],[],{"dangerousFunctions":73,"sqlUsage":74,"outputEscaping":76,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":78},[],{"prepared":13,"raw":13,"locations":75},[],{"escaped":13,"rawEcho":13,"locations":77},[],[],[],{"summary":81,"deductions":82},"Based on the provided static analysis and vulnerability history, the \"ultimate-testimonials\" plugin version 0.2 exhibits a strong security posture. The code analysis reveals no dangerous functions, file operations, or external HTTP requests. Crucially, all SQL queries are properly prepared, and all output is correctly escaped, indicating good coding practices against common web vulnerabilities. The absence of any taint analysis findings further reinforces this, suggesting no discernible paths for unsanitized user input to lead to vulnerabilities.\n\nHowever, a significant concern arises from the complete lack of security mechanisms. There are zero AJAX handlers, REST API routes, shortcodes, or cron events that are protected by authentication or capability checks. This means that if any entry points were to be introduced in the future, they would be entirely unprotected by default. The absence of any recorded vulnerabilities in its history might suggest either a very limited usage, a lack of rigorous historical auditing, or that the current limited attack surface has simply not been targeted or exploited. This lack of historical issues, while positive, does not negate the inherent risk posed by a plugin with zero built-in security checks for any potential future features.\n\nIn conclusion, while the current codebase for \"ultimate-testimonials\" v0.2 appears clean and free from immediate exploitable flaws due to its minimal features and good sanitization practices, the complete absence of any authorization or nonce checks across its entry points presents a significant, albeit latent, risk. This plugin is essentially a blank slate for potential vulnerabilities should any functionality be added without proper security considerations. The strength lies in its current simplicity and clean code; its weakness is the complete lack of foundational security controls.",[83,86,88,90,92,94],{"reason":84,"points":85},"No capability checks found",20,{"reason":87,"points":85},"No nonce checks found",{"reason":89,"points":11},"No AJAX handlers with auth checks",{"reason":91,"points":11},"No REST API routes with permission callbacks",{"reason":93,"points":11},"No shortcodes with auth checks",{"reason":95,"points":11},"No cron events with auth checks","2026-04-16T12:49:50.093Z",{"wat":98,"direct":104},{"assetPaths":99,"generatorPatterns":101,"scriptPaths":102,"versionParams":103},[100],"\u002Fwp-content\u002Fplugins\u002Fultimate-testimonials\u002Flib\u002Fcss\u002Fwpgo-tml-customizer.css",[],[],[],{"cssClasses":105,"htmlComments":107,"htmlAttributes":108,"restEndpoints":109,"jsGlobals":110,"shortcodeOutput":111},[106],"wpgo-ultimate-testimonials",[],[],[],[],[],{"error":113,"url":114,"statusCode":115,"statusMessage":116,"message":116},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fultimate-testimonials\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":118,"versions":119},2,[120,126],{"version":6,"download_url":20,"svn_tag_url":121,"released_at":22,"has_diff":122,"diff_files_changed":123,"diff_lines":22,"trac_diff_url":124,"vulnerabilities":125,"is_current":113},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-testimonials\u002Ftags\u002F0.2\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fultimate-testimonials%2Ftags%2F0.1&new_path=%2Fultimate-testimonials%2Ftags%2F0.2",[],{"version":127,"download_url":128,"svn_tag_url":129,"released_at":22,"has_diff":122,"diff_files_changed":130,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":131,"is_current":122},"0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-testimonials.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fultimate-testimonials\u002Ftags\u002F0.1\u002F",[],[]]