[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fA86tI2ZtFdn97vQK0lKnjYhOJSRcteTvem5EGgCAK5Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":129,"fingerprints":178},"webfinger","WebFinger","4.0.1","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>WebFinger allows you to be discovered on the web using an identifier like \u003Ccode>you@yourdomain.com\u003C\u002Fcode> — similar to how email works, but for your online identity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why is this useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fediverse & Mastodon:\u003C\u002Fstrong> WebFinger is essential for federation. It allows Mastodon and other ActivityPub-powered platforms to find and follow your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Decentralized Identity:\u003C\u002Fstrong> People can look you up using your WordPress domain, making your site the canonical source for your online identity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with other plugins:\u003C\u002Fstrong> This plugin provides the foundation that other plugins (like the ActivityPub plugin) build upon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When someone searches for \u003Ccode>@you@yourdomain.com\u003C\u002Fcode> on Mastodon or another federated service, their server asks your WordPress site: “Who is this person?” WebFinger answers that question by providing information about you and links to your profiles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Technical details:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebFinger is an open standard (\u003Ca href=\"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7033\" rel=\"nofollow ugc\">RFC 7033\u003C\u002Fa>) that enables discovery of information about people and resources on the internet. It works by responding to requests at \u003Ccode>\u002F.well-known\u002Fwebfinger\u003C\u002Fcode> on your domain.\u003C\u002Fp>\n","WebFinger for WordPress",1000,21454,74,3,"2025-12-16T11:02:00.000Z","6.9.4","4.2","",[20,21,22,23,4],"activitypub","discovery","jrd","ostatus","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webfinger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebfinger.4.0.1.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"pfefferle",8,3470,98,321,78,"2026-04-04T05:13:44.243Z",[40,54,70,89,111],{"slug":41,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":27,"num_ratings":27,"last_updated":47,"tested_up_to":16,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":52,"download_link":53,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"host-meta","1.3.2","\u003Cp>This plugin provides a host-meta – file for WordPress (RFC: http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc6415).\u003C\u002Fp>\n\u003Cp>From the RFC:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Web-based protocols often require the discovery of host policy or metadata, where host is not a single resource but the entity controlling the collection of resources identified by URIs with a common host as defined.  While these protocols have a wide range of metadata needs, they often define metadata that is concise, has simple syntax requirements, and can benefit from storing its metadata in a common location used by other related protocols.\u003C\u002Fp>\n\u003Cp>Because there is no URI or a resource available to describe a host, many of the methods used for associating per-resource metadata (such as HTTP headers) are not available.  This often leads to the overloading of the root HTTP resource (e.g. ‘http:\u002F\u002Fexample.com\u002F’) with host metadata that is not specific to the root resource (e.g. a home page or web application), and which often has nothing to do it.\u003C\u002Fp>\n\u003Cp>This memo registers the “well-known” URI suffix ‘host-meta’ in the Well-Known URI Registry established by, and specifies a simple, general-purpose metadata document for hosts, to be used by multiple Web-based protocols.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Logo by \u003Ca href=\"http:\u002F\u002Fhueniverse.com\u002F2009\u002F11\u002F23\u002Fhost-meta-aka-site-meta-and-well-known-uris\u002F\" rel=\"nofollow ugc\">Eran Hammer\u003C\u002Fa>\u003C\u002Fp>\n","host-meta for WordPress!",80,8283,"2025-12-07T18:30:00.000Z","3.0.5","5.2",[21,41,22,23,51],"xrd","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-host-meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-meta.1.3.2.zip",{"slug":55,"name":56,"version":57,"author":7,"author_profile":8,"description":58,"short_description":59,"active_installs":11,"downloaded":60,"rating":45,"num_ratings":61,"last_updated":62,"tested_up_to":16,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":68,"download_link":69,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"nodeinfo","NodeInfo(2)","3.1.0","\u003Cp>\u003Ca href=\"http:\u002F\u002Fnodeinfo.diaspora.software\u002F\" rel=\"nofollow ugc\">NodeInfo\u003C\u002Fa> is an effort to create a standardized way of exposing metadata about a server running one of the distributed social networks. The two key goals are being able to get better insights into the user base of distributed social networking and the ability to build tools that allow users to choose the best fitting software and server for their needs.\u003C\u002Fp>\n\u003Cp>This plugin provides a barebone JSON file with basic “node”-informations. The file can be extended by other WordPress plugins, like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fostatus-for-wordpress\u002F\" rel=\"ugc\">OStatus\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-dandelion\" rel=\"nofollow ugc\">Diaspora\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Factivitypub\u002F\" rel=\"ugc\">ActivityPub\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpterotype\u002F\" rel=\"ugc\">Pterotype\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>What information does this plugin share?\u003C\u002Fh3>\n\u003Cp>The plugin exposes the following public information about your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Software\u003C\u002Fstrong>: WordPress version (major version only for privacy)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Usage statistics\u003C\u002Fstrong>: Number of users, posts, and comments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site info\u003C\u002Fstrong>: Your site name and description\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protocols\u003C\u002Fstrong>: Which federation protocols your site supports (e.g., ActivityPub)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Services\u003C\u002Fstrong>: Which external services your site can connect to (e.g., RSS feeds)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This information helps other servers in the Fediverse discover and interact with your site.\u003C\u002Fp>\n\u003Ch3>Supported NodeInfo versions\u003C\u002Fh3>\n\u003Cp>This plugin supports all major NodeInfo specification versions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>NodeInfo 1.0\u003C\u002Fstrong> and \u003Cstrong>1.1\u003C\u002Fstrong> – Original specifications\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NodeInfo 2.0\u003C\u002Fstrong>, \u003Cstrong>2.1\u003C\u002Fstrong>, and \u003Cstrong>2.2\u003C\u002Fstrong> – Current specifications with extended metadata\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NodeInfo2\u003C\u002Fstrong> – Alternative single-endpoint format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Endpoints\u003C\u002Fh3>\n\u003Cp>After activation, the following endpoints become available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002F.well-known\u002Fnodeinfo\u003C\u002Fcode> – Discovery document (start here)\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F2.2\u003C\u002Fcode> – NodeInfo 2.2 (recommended)\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F2.1\u003C\u002Fcode> – NodeInfo 2.1\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F2.0\u003C\u002Fcode> – NodeInfo 2.0\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F1.1\u003C\u002Fcode> – NodeInfo 1.1\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F1.0\u003C\u002Fcode> – NodeInfo 1.0\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002F.well-known\u002Fx-nodeinfo2\u003C\u002Fcode> – NodeInfo2 format\u003C\u002Fli>\n\u003C\u002Ful>\n","NodeInfo and NodeInfo2 for WordPress!",18204,1,"2025-12-30T16:58:00.000Z","6.6","7.2",[20,66,67,55,23],"diaspora","fediverse","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-nodeinfo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnodeinfo.3.1.0.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":26,"num_ratings":61,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":64,"tags":83,"homepage":86,"download_link":87,"security_score":88,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"nostr-verify","Nostr Verify","1.2.0","Jeremy Herve","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeherve\u002F","\u003Cp>Nostr Verify is a WordPress plugin that allows you to verify yourself with Nostr, using NIP-05, just like described in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnostr-protocol\u002Fnips\u002Fblob\u002Fmaster\u002F05.md\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Verify yourself with Nostr, using NIP-05",60,2694,"2024-11-12T07:12:00.000Z","6.7.5","6.2",[21,22,84,85],"nostr","well-known","https:\u002F\u002Fjeremy.hu\u002Fnostr-verify-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnostr-verify.1.2.0.zip",92,{"slug":20,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":35,"num_ratings":98,"last_updated":99,"tested_up_to":16,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":108,"vuln_count":109,"unpatched_count":27,"last_vuln_date":110,"fetched_at":29},"ActivityPub","8.0.1","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>Enter the fediverse with \u003Cstrong>ActivityPub\u003C\u002Fstrong>, broadcasting your blog to a wider audience! Attract followers, deliver updates, and receive comments from a diverse user base of \u003Cstrong>ActivityPub\u003C\u002Fstrong>-compliant platforms.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQzYozbNneVc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>With the ActivityPub plugin installed, your WordPress blog itself functions as a federated profile, along with profiles for each author. For instance, if your website is \u003Ccode>example.com\u003C\u002Fcode>, then the blog-wide profile can be found at \u003Ccode>@example.com@example.com\u003C\u002Fcode>, and authors like Jane and Bob would have their individual profiles at \u003Ccode>@jane@example.com\u003C\u002Fcode> and \u003Ccode>@bob@example.com\u003C\u002Fcode>, respectively.\u003C\u002Fp>\n\u003Cp>An example: I give you my Mastodon profile name: \u003Ccode>@pfefferle@mastodon.social\u003C\u002Fcode>. You search, see my profile, and hit follow. Now, any post I make appears in your Home feed. Similarly, with the ActivityPub plugin, you can find and follow Jane’s profile at \u003Ccode>@jane@example.com\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Once you follow Jane’s \u003Ccode>@jane@example.com\u003C\u002Fcode> profile, any blog post she crafts on \u003Ccode>example.com\u003C\u002Fcode> will land in your Home feed. Simultaneously, by following the blog-wide profile \u003Ccode>@example.com@example.com\u003C\u002Fcode>, you’ll receive updates from all authors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: If no one follows your author or blog instance, your posts remain unseen. The simplest method to verify the plugin’s operation is by following your profile. If you possess a Mastodon profile, initiate by following your new one.\u003C\u002Fp>\n\u003Cp>The plugin works with the following tested federated platforms, but there may be more that it works with as well:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjoinmastodon.org\u002F\" rel=\"nofollow ugc\">Mastodon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpleroma.social\u002F\" rel=\"nofollow ugc\">Pleroma\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fakkoma.social\u002F\" rel=\"nofollow ugc\">Akkoma\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffriendi.ca\u002F\" rel=\"nofollow ugc\">friendica\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhubzilla.org\u002F\" rel=\"nofollow ugc\">Hubzilla\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpixelfed.org\u002F\" rel=\"nofollow ugc\">Pixelfed\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsocialhome.network\u002F\" rel=\"nofollow ugc\">Socialhome\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fjoin.misskey.page\u002F\" rel=\"nofollow ugc\">Misskey\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some things to note:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The blog-wide profile is only compatible with sites with rewrite rules enabled. If your site does not have rewrite rules enabled, the author-specific profiles may still work.\u003C\u002Fli>\n\u003Cli>Many single-author blogs have chosen to turn off or redirect their author profile pages, usually via an SEO plugin like Yoast or Rank Math. This is usually done to avoid duplicate content with your blog’s home page. If your author page has been deactivated in this way, then ActivityPub author profiles won’t work for you. Instead, you can turn your author profile page back on, and then use the option in your SEO plugin to noindex the author page. This will still resolve duplicate content issues with search engines and will enable ActivityPub author profiles to work.\u003C\u002Fli>\n\u003Cli>Once ActivityPub is installed, \u003Cem>only new posts going forward\u003C\u002Fem> will be available in the fediverse. Likewise, even if you’ve been using ActivityPub for a while, anyone who follows your site will only see new posts you publish from that moment on. They will never see previously-published posts in their Home feed. This process is very similar to subscribing to a newsletter. If you subscribe to a newsletter, you will only receive future emails, but not the old archived ones. With ActivityPub, if someone follows your site, they will only receive new blog posts you publish from then on.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>So what’s the process?\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the ActivityPub plugin.\u003C\u002Fli>\n\u003Cli>Go to the plugin’s settings page and adjust the settings to your liking. Click the Save button when ready.\u003C\u002Fli>\n\u003Cli>Make sure your blog’s author profile page is active if you are using author profiles.\u003C\u002Fli>\n\u003Cli>Go to Mastodon or any other federated platform, and search for your profile, and follow it. Your new profile will be in the form of either \u003Ccode>@your_username@example.com\u003C\u002Fcode> or \u003Ccode>@example.com@example.com\u003C\u002Fcode>, so that is what you’ll search for.\u003C\u002Fli>\n\u003Cli>On your blog, publish a new post.\u003C\u002Fli>\n\u003Cli>From Mastodon, check to see if the new post appears in your Home feed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: It may take up to 15 minutes or so for the new post to show up in your federated feed. This is because the messages are sent to the federated platforms using a delayed cron. This avoids breaking the publishing process for those cases where users might have lots of followers. So please don’t assume that just because you didn’t see it show up right away that something is broken. Give it some time. In most cases, it will show up within a few minutes, and you’ll know everything is working as expected.\u003C\u002Fp>\n","Connect your site to the Open Social Web and let millions of users follow, share, and interact with your content from Mastodon, Pixelfed, and more.",6000,495122,39,"2026-03-11T09:26:00.000Z","6.5","7.4",[20,103,67,104,105],"activitystream","indieweb","social-web","https:\u002F\u002Fgithub.com\u002FAutomattic\u002Fwordpress-activitypub","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitypub.8.0.1.zip",99,5,"2024-01-05 00:00:00",{"slug":112,"name":113,"version":114,"author":113,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":27,"num_ratings":27,"last_updated":120,"tested_up_to":121,"requires_at_least":49,"requires_php":18,"tags":122,"homepage":126,"download_link":127,"security_score":26,"vuln_count":61,"unpatched_count":27,"last_vuln_date":128,"fetched_at":29},"taboola","Taboola","3.0.2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaboolawordpress\u002F","\u003Cp>This plugin provides an easy way to integrate Taboola content into your WordPress pages.\u003Cbr \u002F>\nUsing Taboola’s mix of sponsored and editorial content, you can generate revenue and drive engagement.\u003Cbr \u002F>\n(Requires an account with Taboola. For more detail, see the \u003Ca href=\"https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin\u002F\" rel=\"nofollow ugc\">Taboola Dev Center\u003C\u002Fa>.)\u003C\u002Fp>\n","Use the Taboola plugin to generate revenue from native ads and drive engagement with editorial content.",3000,51300,"2025-10-29T11:42:00.000Z","6.8.0",[123,124,125,21,112],"ad-networks","ads","content-recommendations","https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaboola.zip","2023-07-24 00:00:00",{"attackSurface":130,"codeSignals":136,"taintFlows":167,"riskAssessment":168,"analyzedAt":177},{"hooks":131,"ajaxHandlers":132,"restRoutes":133,"shortcodes":134,"cronEvents":135,"entryPointCount":27,"unprotectedCount":27},[],[],[],[],[],{"dangerousFunctions":137,"sqlUsage":138,"outputEscaping":140,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":166},[],{"prepared":14,"raw":27,"locations":139},[],{"escaped":27,"rawEcho":141,"locations":142},10,[143,147,149,151,153,156,158,161,162,164],{"file":144,"line":145,"context":146},"includes\\class-legacy.php",88,"raw output",{"file":144,"line":148,"context":146},90,{"file":144,"line":150,"context":146},93,{"file":144,"line":152,"context":146},123,{"file":154,"line":155,"context":146},"includes\\class-webfinger.php",104,{"file":154,"line":157,"context":146},116,{"file":159,"line":160,"context":146},"templates\\profile-settings.php",20,{"file":159,"line":160,"context":146},{"file":159,"line":163,"context":146},35,{"file":159,"line":165,"context":146},36,[],[],{"summary":169,"deductions":170},"The WebFinger plugin v4.0.1 exhibits a mixed security posture.  The static analysis reveals a commendably small attack surface with zero identified entry points, which is a strong indicator of good security design. Furthermore, all SQL queries utilize prepared statements, mitigating the risk of SQL injection. The complete absence of known CVEs and vulnerability history suggests a historically stable and well-maintained plugin.\n\nHowever, a significant concern arises from the complete lack of output escaping. With 10 total outputs analyzed and 0% properly escaped, this indicates a high risk of cross-site scripting (XSS) vulnerabilities. Any dynamic data rendered by this plugin without proper sanitization or escaping could be exploited by attackers to inject malicious scripts. The absence of nonce checks and capability checks, while not directly posing an immediate risk without identified entry points, would become critical vulnerabilities if any new entry points were introduced or if existing ones were overlooked in the static analysis.",[171,173,175],{"reason":172,"points":33},"100% of outputs are not escaped",{"reason":174,"points":14},"No nonce checks found",{"reason":176,"points":14},"No capability checks found","2026-03-16T18:51:00.098Z",{"wat":179,"direct":184},{"assetPaths":180,"generatorPatterns":181,"scriptPaths":182,"versionParams":183},[],[],[],[],{"cssClasses":185,"htmlComments":186,"htmlAttributes":187,"restEndpoints":190,"jsGlobals":191,"shortcodeOutput":192},[],[],[188,189],"webfinger_profile_nonce","webfinger_resource",[],[],[]]