[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAdwPJ_8EheuU3H6eGbAd5hKol4P-SGkll_U2ARvZE1g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":69,"fingerprints":118},"wcz-hot-posts","WCZ Hot Posts","1.0","Fida Al Hasan","https:\u002F\u002Fprofiles.wordpress.org\u002Ffida02\u002F","\u003Cp>This plugin shows 8 most commented posts of last month. It shows Thumbnail, Title, Author’s Avatar of the post in a dynamic way. We didn’t use any Java Script in this plugin for faster performance. It is a light plugin actually so much light. It won’t increase your site’s load time.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Most Commented post of last month\u003C\u002Fli>\n\u003Cli>Post title with thumbnail\u003C\u002Fli>\n\u003Cli>Post author’s avatar\u003C\u002Fli>\n\u003Cli>Shows post title and author avatar on mouse hover\u003C\u002Fli>\n\u003Cli>Light and fast\u003C\u002Fli>\n\u003Cli>Widget, Shortcode and PHP code included.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Why dont you rate the plugin if you like it !! 🙂  >>\u003C\u002Fp>\n\u003Cp>Our team \u003Ca href=\"http:\u002F\u002Fwebcarezone.com\" rel=\"nofollow ugc\">Web Care Zone\u003C\u002Fa>\u003C\u002Fp>\n","This plugin shows most commented posts of last month with thumbnail, title, author's avatar of the posts in a dynamic way.",10,2005,100,3,"","3.7.41","2.8",[19,20,21,22,4],"hot-post","hot-post-plugin","hot-posts","wcz","http:\u002F\u002Fwebcarezone.com\u002Fproject\u002Fwcz-hot-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwcz-hot-posts.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"fida02",2,80,93,30,89,"2026-04-05T01:03:14.134Z",[38,58],{"slug":39,"name":40,"version":6,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":25,"downloaded":45,"rating":25,"num_ratings":25,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":56,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":57},"cb-news-ticker","CB News Ticker","Md Abul Bashar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhmbashar\u002F","\u003Cp>You can use the plugin for newspaper website as a news ticker, right now hs some of standard design, but coming soon awesome design for free, you can use the plugin anywhere buy using the shortcode [cb-news-ticker]\u003Cbr \u002F>\nAlso have some of attribute\u003C\u002Fp>\n\u003Cp>You’re Welcome to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhmbashar\u002FCB-News-Ticker\" rel=\"nofollow ugc\">Github Repo\u003C\u002Fa> for features\u002Fpull request\u003C\u002Fp>\n\u003Ch3>Shortcode [cb-news-ticker]\u003C\u002Fh3>\n\u003Ch3>Shortcode attr\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>'post_type' for post type\n'count' How much post will be show\n'id'    which post will be show\n'bg_color' you can change background color\n'color' you can change text color\n'bn_text' you can change ('Breaking News') text\n'button' you can swtich cross button (close button used cookies)\n'design' you can choose normal or marquee design\n'cat_slug' you can show category bese post\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhmbashar\u002FCB-News-Ticker\" rel=\"nofollow ugc\">Github Project & Details\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffacebook.com\u002Fhmbashar\" rel=\"nofollow ugc\">Md Abul Bashar\u003C\u002Fa>\u003C\u002Fp>\n","Display News ticker [cb-news-ticker]",1139,"2022-07-26T07:55:00.000Z","6.0.11","4.6","5.6",[51,19,52,53],"display-post","popular-post","shortcode","http:\u002F\u002Fwww.codingbank.com\u002Fplugins\u002Fcb-news-ticker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcb-news-ticker.zip",85,"2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":6,"author":41,"author_profile":42,"description":61,"short_description":62,"active_installs":25,"downloaded":63,"rating":25,"num_ratings":25,"last_updated":64,"tested_up_to":65,"requires_at_least":48,"requires_php":49,"tags":66,"homepage":67,"download_link":68,"security_score":56,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":57},"display-popular-post","Display Popular Post","\u003Cp>This plugin as a addons for the plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-postviews\u002F\" rel=\"ugc\">WP-PostViews\u003C\u002Fa> Must be you need to installed and properly configure the (\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-postviews\u002F\" rel=\"ugc\">WP-PostViews\u003C\u002Fa>) plugin. If you’ve configured properly then our addons plugin will be work.\u003C\u002Fp>\n","Display popular post using shortcode ['cb-dp-post']",1146,"2019-09-24T18:29:00.000Z","5.2.24",[51,19,52,53],"https:\u002F\u002Fcodingbank.com\u002Fplugins\u002Fcb-display-popular-post","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-popular-post.1.0.zip",{"attackSurface":70,"codeSignals":97,"taintFlows":110,"riskAssessment":111,"analyzedAt":117},{"hooks":71,"ajaxHandlers":89,"restRoutes":90,"shortcodes":91,"cronEvents":96,"entryPointCount":80,"unprotectedCount":25},[72,78,81,85],{"type":73,"name":74,"callback":75,"file":76,"line":77},"action","init","wcz_hot_posts_style","wcz-hot-posts.php",64,{"type":73,"name":74,"callback":79,"priority":80,"file":76,"line":32},"wcz_hot_posts_widget",1,{"type":73,"name":82,"callback":83,"file":84,"line":14},"admin_menu","register_wczhp_menu_page","wcz_admin.php",{"type":73,"name":86,"callback":87,"file":84,"line":88},"admin_init","register_wczhp_settings",4,[],[],[92],{"tag":93,"callback":94,"file":76,"line":95},"wczhotposts","wcz_hot_posts",57,[],{"dangerousFunctions":98,"sqlUsage":99,"outputEscaping":101,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":80,"bundledLibraries":109},[],{"prepared":25,"raw":25,"locations":100},[],{"escaped":25,"rawEcho":31,"locations":102},[103,107],{"file":104,"line":105,"context":106},"admin\\usage.php",55,"raw output",{"file":76,"line":108,"context":106},45,[],[],{"summary":112,"deductions":113},"The \"wcz-hot-posts\" v1.0 plugin exhibits a generally good security posture based on the provided static analysis. It demonstrates no known vulnerabilities (CVEs) and has no recorded history of past security issues, suggesting a development team that is either proactive in security or has not yet encountered significant flaws.  The code analysis reveals no dangerous functions, raw SQL queries, or file operations, which are common sources of vulnerabilities. The presence of a capability check, even if it's the only one, is a positive sign for access control. However, a significant concern arises from the lack of output escaping. With 100% of the identified outputs not properly escaped, this presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic content rendered by the shortcode could be manipulated by an attacker to inject malicious scripts into the user's browser. The limited attack surface (one shortcode) and the absence of AJAX handlers or REST API routes without authentication checks mitigate some of the potential impact, but the unescaped output remains the primary security weakness.",[114],{"reason":115,"points":116},"Output escaping: 0% properly escaped",8,"2026-03-16T23:20:08.984Z",{"wat":119,"direct":125},{"assetPaths":120,"generatorPatterns":122,"scriptPaths":123,"versionParams":124},[121],"\u002Fwp-content\u002Fplugins\u002Fwcz-hot-posts\u002Fcss\u002Fstyle.css",[],[],[],{"cssClasses":126,"htmlComments":128,"htmlAttributes":134,"restEndpoints":156,"jsGlobals":157,"shortcodeOutput":158},[127],"new-wrapper",[129,130,131,132,133],"\u003C!-- Shortcode -->","\u003C!-- WEBCAREZONE.COM -->","\u003C!-- Style -->","\u003C!-- Widget -->","\u003C!-- Option Page -->",[135,136,137,138,139,140,141,142,143,144,145,146,143,147,148,143,147,149,150,151,152,153,143,154,155],"\u003C!-- widget_ops = array('description' => __( 'Most commented posts of last month with post title, thumbnail & author avatar','wcz') ); -->","\u003C!-- $this->WP_Widget('nd_ajax_login', __('WCZ Hot Posts','wcz'), $widget_ops); -->","\u003C!-- If you like this plugin please give a review to it -->","\u003C!-- Go to Appearance > Widgets -->","\u003C!-- Please don't place it in sidebar which width is below 900px -->","\u003C!-- Put this shortcode in your blog post\u002Fpage\u002Fwidget -->","\u003C!-- Or, insert this php code in your theme or any other template file -->","\u003C!-- Q: How can I increase\u002Fdecrease posts number? -->","\u003C!-- A: Go here -->","\u003C!-- Find this line -->","\u003C!-- Here replace the -->","\u003C!-- Q: How can I increase\u002Fdecrease thumbnail image size? -->","\u003C!-- Here in the -->","\u003C!-- Q: How can I increase\u002Fdecrease Avatar image size? -->","\u003C!-- Q: Plugin isn't perfectly centered in the site. How can I center it? -->","\u003C!-- A: Different site has different width that's why sometimes plugin don't center perfectly .To center go here -->","\u003C!-- Here find this -->","\u003C!-- and change the width -->","\u003C!-- Q: I don't want to show the Avatar. How can I remove it? -->","\u003C!-- Here remove this line -->","\u003C!-- About the team -->",[],[],[159],"[wczhotposts]"]