[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnjlbW-2ctG5VPkoO2eL4suMyjO_cqu3lZd7WQnNaJ-E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":57,"fingerprints":180},"widget-visibility-without-jetpack","Widget Visibility Without Jetpack","1.2","Joan Boluda","https:\u002F\u002Fprofiles.wordpress.org\u002Fboluda\u002F","\u003Cp>Control what pages your widgets appear on. Based on Widget Visibility module, from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack\u002F\" rel=\"ugc\">Jetpack plugin\u003C\u002Fa>. Created by \u003Ca href=\"http:\u002F\u002Fwww.labitacoradeltigre.com\u002F\" rel=\"nofollow ugc\">Eduardo Larequi\u003C\u002Fa>, mantained by \u003Ca href=\"http:\u002F\u002Fboluda.com\" rel=\"nofollow ugc\">Joan Boluda\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin controls what pages your widgets appear on.",6000,38264,100,10,"2017-11-28T22:01:00.000Z","4.4.34","3.5.0","",[20],"widget-visibility","http:\u002F\u002Fboluda.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwidget-visibility-without-jetpack.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":23,"computed_at":34},"boluda",9,6930,87,30,"2026-04-05T01:43:20.360Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26},"themezee-toolkit","ThemeZee Toolkit","1.3","ThemeZee","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemezee\u002F","\u003Cp>The \u003Cem>ThemeZee Toolkit\u003C\u002Fem> is a collection of useful small modules and features, neatly bundled into a single plugin. This plugin has been designed specifically for ThemeZee WordPress themes but will also work with any theme.\u003C\u002Fp>\n\u003Ch4>Included Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Widget Visibility – Hide or show widgets conditionally\u003C\u002Fli>\n\u003Cli>Infinite Scroll – Add support for infinite scrolling on the blog homepage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For detailed setup instructions, visit the official \u003Ca href=\"https:\u002F\u002Fthemezee.com\u002Fdocs\u002Ftoolkit-documentation\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> page\u003C\u002Fp>\n","A collection of useful small plugins and features, neatly bundled into a single plugin.",148239,1,"2021-06-06T17:13:00.000Z","5.8.13","4.7","5.6",[51,52,53,54,20],"infinite-scroll","themezee","toolkit","widget-logic","https:\u002F\u002Fthemezee.com\u002Fplugins\u002Ftoolkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthemezee-toolkit.1.3.zip",{"attackSurface":58,"codeSignals":100,"taintFlows":139,"riskAssessment":166,"analyzedAt":179},{"hooks":59,"ajaxHandlers":88,"restRoutes":96,"shortcodes":97,"cronEvents":98,"entryPointCount":99,"unprotectedCount":99},[60,66,71,75,79,82,85],{"type":61,"name":62,"callback":63,"file":64,"line":65},"action","sidebar_admin_setup","widget_admin_setup","widget-visibility\\widget-conditions.php",13,{"type":67,"name":68,"callback":69,"priority":14,"file":64,"line":70},"filter","widget_update_callback","widget_update",14,{"type":61,"name":72,"callback":73,"priority":14,"file":64,"line":74},"in_widget_form","widget_conditions_admin",15,{"type":67,"name":76,"callback":77,"file":64,"line":78},"widget_display_callback","filter_widget",19,{"type":67,"name":80,"callback":80,"file":64,"line":81},"sidebars_widgets",20,{"type":61,"name":83,"callback":83,"file":64,"line":84},"template_redirect",21,{"type":61,"name":86,"callback":86,"file":64,"line":87},"init",698,[89,93],{"action":90,"nopriv":91,"callback":90,"hasNonce":91,"hasCapCheck":91,"file":64,"line":92},"widget_conditions_options",false,16,{"action":94,"nopriv":91,"callback":94,"hasNonce":91,"hasCapCheck":91,"file":64,"line":95},"widget_conditions_has_children",17,[],[],[],2,{"dangerousFunctions":101,"sqlUsage":102,"outputEscaping":104,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":138},[],{"prepared":24,"raw":24,"locations":103},[],{"escaped":105,"rawEcho":74,"locations":106},37,[107,110,112,114,116,118,120,122,124,126,128,130,132,134,136],{"file":64,"line":108,"context":109},135,"raw output",{"file":64,"line":111,"context":109},179,{"file":64,"line":113,"context":109},196,{"file":64,"line":115,"context":109},207,{"file":64,"line":117,"context":109},258,{"file":64,"line":119,"context":109},309,{"file":64,"line":121,"context":109},311,{"file":64,"line":123,"context":109},314,{"file":64,"line":125,"context":109},315,{"file":64,"line":127,"context":109},318,{"file":64,"line":129,"context":109},319,{"file":64,"line":131,"context":109},320,{"file":64,"line":133,"context":109},321,{"file":64,"line":135,"context":109},323,{"file":64,"line":137,"context":109},339,[],[140,158],{"entryPoint":141,"graph":142,"unsanitizedCount":24,"severity":157},"widget_conditions_admin (widget-visibility\\widget-conditions.php:279)",{"nodes":143,"edges":154},[144,149],{"id":145,"type":146,"label":147,"file":64,"line":148},"n0","source","$_POST['widget-conditions-visible']",293,{"id":150,"type":151,"label":152,"file":64,"line":148,"wp_function":153},"n1","sink","echo() [XSS]","echo",[155],{"from":145,"to":150,"sanitized":156},true,"low",{"entryPoint":159,"graph":160,"unsanitizedCount":24,"severity":157},"\u003Cwidget-conditions> (widget-visibility\\widget-conditions.php:0)",{"nodes":161,"edges":164},[162,163],{"id":145,"type":146,"label":147,"file":64,"line":148},{"id":150,"type":151,"label":152,"file":64,"line":148,"wp_function":153},[165],{"from":145,"to":150,"sanitized":156},{"summary":167,"deductions":168},"The plugin \"widget-visibility-without-jetpack\" v1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, all SQL queries are prepared, and there are no recorded vulnerabilities or known CVEs. The absence of file operations and external HTTP requests is also a positive indicator. However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, and critically, neither of them implements authentication checks, leaving them entirely unprotected. While taint analysis shows no high-severity issues with unsanitized paths, the lack of proper authorization on these entry points is a substantial risk that could be exploited. The code signals also indicate that 71% of outputs are properly escaped, which is decent but leaves room for potential cross-site scripting (XSS) vulnerabilities in the unescaped portion. The absence of nonce checks and capability checks on the AJAX handlers further exacerbates the security risks. In conclusion, while the plugin avoids common pitfalls like raw SQL and known vulnerabilities, the unprotected AJAX endpoints represent a significant security weakness that requires immediate attention.",[169,171,173,176],{"reason":170,"points":14},"AJAX handlers without authentication",{"reason":172,"points":14},"AJAX handlers without capability checks",{"reason":174,"points":175},"AJAX handlers without nonce checks",8,{"reason":177,"points":178},"Unescaped output (29% of 52)",6,"2026-03-16T18:06:19.157Z",{"wat":181,"direct":192},{"assetPaths":182,"generatorPatterns":186,"scriptPaths":187,"versionParams":189},[183,184,185],"\u002Fwp-content\u002Fplugins\u002Fwidget-visibility-without-jetpack\u002Fwidget-visibility\u002Fwidget-conditions\u002Frtl\u002Fwidget-conditions-rtl.css","\u002Fwp-content\u002Fplugins\u002Fwidget-visibility-without-jetpack\u002Fwidget-visibility\u002Fwidget-conditions\u002Fwidget-conditions.css","\u002Fwp-content\u002Fplugins\u002Fwidget-visibility-without-jetpack\u002Fwidget-visibility\u002Fwidget-conditions\u002Fwidget-conditions.js",[],[188],"widget-conditions\u002Fwidget-conditions.js",[190,191],"widget-conditions\u002Fwidget-conditions.css?ver=","widget-conditions\u002Fwidget-conditions.js?ver=",{"cssClasses":193,"htmlComments":195,"htmlAttributes":196,"restEndpoints":198,"jsGlobals":199,"shortcodeOutput":201},[194],"jetpack-widget-conditions",[],[197],"data-widget-conditions",[],[200],"Jetpack_Widget_Conditions",[]]