[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxejiEaLygYtRNFRA0QOlL9oZcbSmxFk6LoGuIQ68efY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":79,"crawl_stats":38,"alternatives":87,"analysis":179,"fingerprints":446},"word-balloon","Word Balloon","4.23.1","YAHMAN","https:\u002F\u002Fprofiles.wordpress.org\u002Fback2nature\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdev.word-balloon.com\u002Fen\u002Fword-balloon\u002F\" rel=\"nofollow ugc\">Word Balloon\u003C\u002Fa> will easy to add speech balloon in your post.\u003Cbr \u002F>\nThere’s a wide variety of speech balloon.\u003Cbr \u002F>\nOther than this, there are function to add  effect , filter, icon ,sound.\u003Cbr \u002F>\nSupport for Block editor(Gutenberg) & Classic Editor.\u003Cbr \u002F>\nTranslation ready and currently translated in Japanese(日本語).\u003C\u002Fp>\n\u003Ch3>Related links (English):\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdev.word-balloon.com\u002Fen\u002Fword-balloon-pro\u002F\" rel=\"nofollow ugc\">Word Balloon PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch3>Related links (Japanese):\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.word-balloon.com\u002Fen\u002Fword-balloon\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdev.word-balloon.com\u002Fword-balloon\u002Fdemo\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdev.word-balloon.com\u002Fen\u002Fword-balloon-pro\u002F\" rel=\"nofollow ugc\">Word Balloon PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n","Support for Block editor(Gutenberg) & Classic Editor.You will easy to add speech balloon in your post.",10000,364789,100,8,"2026-01-07T06:03:00.000Z","6.9.4","3.9.3","5.3",[20,21,22,23,24],"balloon","bubble","chat","comic","speech","https:\u002F\u002Fdev.word-balloon.com\u002Fen\u002Fword-balloon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fword-balloon.4.23.1.zip",97,3,0,"2024-06-19 00:00:00","2026-03-15T15:16:48.613Z",[33,49,65],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2024-35781","word-balloon-authenticated-contributor-local-file-inclusion","Word Balloon \u003C= 4.21.1 - Authenticated (Contributor+) Local File Inclusion","The Word Balloon plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.",null,"\u003C=4.21.1","4.22.0","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2024-07-08 20:24:05",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8b481631-effc-40e8-8be0-18a36ea1c081?source=api-prod",20,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64},"CVE-2023-5884","word-balloon-cross-site-request-forgery","Word Balloon \u003C= 4.20.2 - Cross-Site Request Forgery","The Word Balloon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.20.2. This is due to missing or incorrect nonce validation on the 'delete' action. This makes it possible for unauthenticated attackers to delete arbitrary avatars via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=4.20.2","4.20.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-11-13 00:00:00","2024-01-22 19:56:02",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F54297bce-e5b7-469e-9c28-1d88e78aacc7?source=api-prod",71,{"id":66,"url_slug":67,"title":68,"description":69,"plugin_slug":4,"theme_slug":38,"affected_versions":70,"patched_in_version":71,"severity":56,"cvss_score":72,"cvss_vector":73,"vuln_type":74,"published_date":75,"updated_date":61,"references":76,"days_to_patch":78},"CVE-2022-4751","word-balloon-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Word Balloon \u003C= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Word Balloon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 4.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page","\u003C=4.19.2","4.19.3",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-12-28 00:00:00",[77],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F503dcefe-1147-4b8e-96e2-c21f49a7bc5b?source=api-prod",391,{"slug":80,"display_name":7,"profile_url":8,"plugin_count":81,"total_installs":82,"avg_security_score":83,"avg_patch_time_days":84,"trust_score":85,"computed_at":86},"back2nature",5,71800,96,161,76,"2026-04-05T09:46:15.529Z",[88,109,126,147,163],{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":29,"num_ratings":29,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":108,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-speech-balloon","WP-Speech-Balloon","2.4","RA's_Tips4Life","https:\u002F\u002Fprofiles.wordpress.org\u002Ftips4life\u002F","\u003Cp>吹き出し会話を使いたい場所に「テンプレートコード」を貼り付けて、必要箇所に「画像URL」「アバターの名前」「文章」を書くだけで吹き出し会話が表示されます。\u003Cbr \u002F>\n吹き出しの種類は現在「左右各5種類ずつ」あります。\u003Cbr \u002F>\n吹き出しの種類を変更する方法もとても簡単で、「テンプレートコードの数字」を変えるだけで簡単に変更する事ができます。\u003C\u002Fp>\n\u003Cp>First, paste 「Template Code」 where you want to use a speech balloon. And just write 「Image URL」「Name of Avatar」「Text」 in the required place, speech balloon will be displayed.\u003Cbr \u002F>\nCurrently, there are 5 types of “pattern of speech balloon” left and right.\u003Cbr \u002F>\nThe way to change the “pattern of speech balloon” is also very easy, just change the number of the 「Template Code」.\u003C\u002Fp>\n\u003Ch3>Notice\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>このプラグインは “ob_start()” や “ob_end_flush()” を使用しているため、このプラグインを使用するとサーバーベースのキャッシュサービスと競合する可能性があり、それらのサーバーでの使用をサポートすることはできません。。\u003C\u002Fli>\n\u003Cli>This plugin uses “ob_start()” and “ob_end_flush()”. So use of this plugin may conflict with server based cache services, and cannot support it’s use on those servers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP-Speech-Balloon 2.4 の使い方\u003C\u002Fh3>\n\u003Cp>【テンプレート】\u003Cbr \u002F>\n——————————▽\u003Cbr \u002F>\n・通常吹き出し(左パターン)\u003Cbr \u002F>\n[L1_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・通常吹き出し(左パターン グレー)\u003Cbr \u002F>\n[L1_gray_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・通常吹き出し(右パターン)\u003Cbr \u002F>\n[R1_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・通常吹き出し(右パターン グレー)\u003Cbr \u002F>\n[R1_gray_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・ぽわぽわ吹き出し(左パターン)\u003Cbr \u002F>\n[L2_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・ぽわぽわ吹き出し(左パターン グレー)\u003Cbr \u002F>\n[L2_gray_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・ぽわぽわ吹き出し(右パターン)\u003Cbr \u002F>\n[R2_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・ぽわぽわ吹き出し(右パターン グレー)\u003Cbr \u002F>\n[R2_gray_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・パステル&ステッチ吹き出し(左パターン)\u003Cbr \u002F>\n[L3_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・パステル&ステッチ吹き出し(左パターン グレー)\u003Cbr \u002F>\n[L3_gray_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・パステル&ステッチ吹き出し(右パターン)\u003Cbr \u002F>\n[R3_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・パステル&ステッチ吹き出し(右パターン グレー)\u003Cbr \u002F>\n[R3_gray_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・LINE風吹き出し(左パターン)\u003Cbr \u002F>\n[L4_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・LINE風吹き出し(右パターン)\u003Cbr \u002F>\n[R4_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・Twitter風吹き出し(左パターン)\u003Cbr \u002F>\n[L5_wsbStart][L_wsbAvatar][L_wsbName][L_wsbText][L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・Twitter風吹き出し(右パターン)\u003Cbr \u002F>\n[R5_wsbStart][R_wsbText][R_wsbAvatar][R_wsbName][R_wsbEnd]\u003Cbr \u002F>\n——————————▲\u003C\u002Fp>\n\u003Cp>【使い方】※「画像URL」、「アバターの名前」、「会話の内容」を書き換えて使います。\u003Cbr \u002F>\n——————————▽\u003Cbr \u002F>\n・通常吹き出し(左パターン)\u003Cbr \u002F>\n[L1_wsbStart][L_wsbAvatar]画像URL[L_wsbName]表示する名前[L_wsbText]会話の内容[L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・通常吹き出し(右パターン)\u003Cbr \u002F>\n[R1_wsbStart][R_wsbText]会話の内容[R_wsbAvatar]画像URL[R_wsbName]表示する名前[R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・ぽわぽわ吹き出し(左パターン)\u003Cbr \u002F>\n[L2_wsbStart][L_wsbAvatar]画像URL[L_wsbName]表示する名前[L_wsbText]会話の内容[L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・ぽわぽわ吹き出し(右パターン)\u003Cbr \u002F>\n[R2_wsbStart][R_wsbText]会話の内容[R_wsbAvatar]画像URL[R_wsbName]表示する名前[R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・パステル&ステッチ吹き出し(左パターン)\u003Cbr \u002F>\n[L3_wsbStart][L_wsbAvatar]画像URL[L_wsbName]表示する名前[L_wsbText]会話の内容[L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・パステル&ステッチ吹き出し(右パターン)\u003Cbr \u002F>\n[R3_wsbStart][R_wsbText]会話の内容[R_wsbAvatar]画像URL[R_wsbName]表示する名前[R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・LINE風吹き出し(左パターン)\u003Cbr \u002F>\n[L4_wsbStart][L_wsbAvatar]画像URL[L_wsbName]表示する名前[L_wsbText]会話の内容[L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・LINE風吹き出し(右パターン)\u003Cbr \u002F>\n[R4_wsbStart][R_wsbText]会話の内容[R_wsbAvatar]画像URL[R_wsbName]表示する名前[R_wsbEnd]\u003C\u002Fp>\n\u003Cp>・Twitter風吹き出し(左パターン)\u003Cbr \u002F>\n[L5_wsbStart][L_wsbAvatar]画像URL[L_wsbName]表示する名前[L_wsbText]会話の内容[L_wsbEnd]\u003C\u002Fp>\n\u003Cp>・Twitter風吹き出し(右パターン)\u003Cbr \u002F>\n[R5_wsbStart][R_wsbText]会話の内容[R_wsbAvatar]画像URL[R_wsbName]表示する名前[R_wsbEnd]\u003C\u002Fp>\n\u003Cp>※グレーモードは[○○_wsbStart]の部分を[○○_gray_wsbStart]に変えるとグレーモードをお使い頂けます。\u003Cbr \u002F>\n※「LINE風吹き出し」や「Twitter風吹き出し」にグレーモードはありません。\u003Cbr \u002F>\n——————————▲\u003C\u002Fp>\n\u003Cp>使い方などの詳細は以下のページをご覧ください。\u003C\u002Fp>\n\u003Cp>「WP-Speech-Balloon」の使い方\u003Cbr \u002F>\nhttps:\u002F\u002Ftips4life.me\u002Fwp-speech-balloon-how-to-use\u003C\u002Fp>\n\u003Cp>「WP-Speech-Balloon」のインストール方法\u003Cbr \u002F>\nhttps:\u002F\u002Ftips4life.me\u002Fwp-speech-balloon-install\u003C\u002Fp>\n\u003Cp>「WP-Speech-Balloon」のアップデート方法\u003Cbr \u002F>\nhttps:\u002F\u002Ftips4life.me\u002Fwp-speech-balloon-update\u003C\u002Fp>\n\u003Cp>▽ 更新履歴はこちら ▽\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Ftips4life.me\u002Ftag\u002Fwp-speech-balloon\u003C\u002Fp>\n","WordPress の記事内で簡単に吹き出し会話を使えるプラグインです。AMPページでも通常ページと同じように吹き出し会話を使えます。 This is a plugin that makes it easy to use balloon conversation with WordPress.",400,3801,"2019-04-11T09:43:00.000Z","5.1.22","4.9.4","5.2.4",[20,103,22,104,105],"bubbles","fukidashi","speech-balloon","https:\u002F\u002Ftips4life.me\u002Fwp-speech-balloon_2_4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-speech-balloon.zip",85,{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":29,"num_ratings":29,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":101,"tags":122,"homepage":124,"download_link":125,"security_score":108,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"speech-balloon-maker","Speech Balloon Maker （ふきだしメーカー）","1.0.6","Densuke","https:\u002F\u002Fprofiles.wordpress.org\u002Fdensuke\u002F","\u003Cp>At your Edit Post view, use shortcode as [balloon-r] or [balloon-l].\u003C\u002Fp>\n\u003Cp>Change balloon style at ‘Tools’->’Speech Balloon Maker’ screen.\u003C\u002Fp>\n\u003Cp>You can also change style at shortcode parameter ex. [baloon-r name=’foo’ style=’border’ img=’https:\u002F\u002Ffoo.com\u002Fbar.jpg’]\u003C\u002Fp>\n","You can make speech balloon as you like.",200,4265,"2019-04-29T12:03:00.000Z","4.9.29","4.9",[20,21,104,105,123],"speech-bubble","https:\u002F\u002Fengineering.dn-voice.info\u002Fdensuke-wp-plugin\u002Fspeech-balloon-maker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspeech-balloon-maker.1.0.6.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":13,"num_ratings":136,"last_updated":137,"tested_up_to":120,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":145,"download_link":146,"security_score":108,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"conversation-viewer-display-chat-bubbles","Conversation Viewer – Display Chat Bubbles","1.1","Ryder Damen","https:\u002F\u002Fprofiles.wordpress.org\u002Fryderdamen\u002F","\u003Cp>Conversation Viewer is a responsive WordPress plugin for displaying chat conversations between people as if in their native apps.\u003C\u002Fp>\n\u003Cp>It allows you to write up conversations between two, or groups of more than two people, without having to take screenshots. These conversations can be easily switched into various messaging app styles. There are a few currently supported styles.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Facebook Messenger (the default)\u003C\u002Fli>\n\u003Cli>Android Messages\u003C\u002Fli>\n\u003Cli>iOS Texting\u003C\u002Fli>\n\u003Cli>WhatsApp\u003C\u002Fli>\n\u003Cli>Snapchat\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With responsive CSS, these conversations look great on all screens, are more responsive and accessible than uploading screenshots.\u003C\u002Fp>\n\u003Ch3>Getting Started & Customization\u003C\u002Fh3>\n\u003Cp>For the complete documentation on how to do everything including example code, visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fryderdamen\u002FWP-Conversation-Viewer\" rel=\"nofollow ugc\">GitHub Readme Page\u003C\u002Fa>.\u003C\u002Fp>\n","A plugin for displaying chat bubbles on your site, like in their original messaging apps.",30,1928,2,"2018-03-09T20:11:00.000Z","3.8","5.6",[141,142,143,144,123],"chat-bubble","chat-bubbles","conversation-viewer","facebook-messenger","http:\u002Fryderdamen.com\u002Fprojects\u002Fconversation-viewer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconversation-viewer-display-chat-bubbles.zip",{"slug":148,"name":149,"version":150,"author":151,"author_profile":152,"description":153,"short_description":154,"active_installs":48,"downloaded":155,"rating":13,"num_ratings":156,"last_updated":157,"tested_up_to":158,"requires_at_least":159,"requires_php":139,"tags":160,"homepage":161,"download_link":162,"security_score":108,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"guten-bubble","Guten-bubble","0.9.2","niatn1012","https:\u002F\u002Fprofiles.wordpress.org\u002Fniatn1012\u002F","\u003Cp>Guten-bubble can create a speech bubble display like a chat conversation.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It’s easy to create speech bubble using Guten-bubble block for Gutenberg editor in WordPress 5.0 or later.\u003C\u002Fli>\n\u003Cli>Pick from 24 color themes for speech bubble.\u003C\u002Fli>\n\u003Cli>You can use it as an icon image by importing image files from WordPress’s media library. Let’s make interesting articles by using icon image on hand!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>How to use in block editor\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add a Guten-bubble block where you want to add a speech bubble.\u003C\u002Fli>\n\u003Cli>Enter serif in the balloon in the block ( the part where ‘Enter serif here …’ placeholder is displayed ), select character icon and set the balloon in the inspector.\u003C\u002Fli>\n\u003C\u002Fol>\n","Displays a speech bubble like a chat conversation.",2726,1,"2023-01-29T12:38:00.000Z","6.1.10","5.0.0",[20,21,24],"https:\u002F\u002Fgithub.com\u002FNia-TN1012\u002Fguten-bubble\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguten-bubble.0.9.2.zip",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":29,"downloaded":171,"rating":29,"num_ratings":29,"last_updated":172,"tested_up_to":16,"requires_at_least":173,"requires_php":139,"tags":174,"homepage":177,"download_link":178,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"hinagata-speech-balloon","Hinagata Speech Balloon","1.2.4","Ryouji Mineya","https:\u002F\u002Fprofiles.wordpress.org\u002Fmineyaryouji\u002F","\u003Cp>Hinagata Speech Balloon is a WordPress plugin that adds a flexible speech balloon block to the Gutenberg editor.\u003Cbr \u002F>\nIt is designed to let you manage “Presets” for your balloons, so you can easily reuse the same character or style across your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n*   \u003Cstrong>Preset Management\u003C\u002Fstrong>: create up to 20 balloon presets.\u003Cbr \u002F>\n*   \u003Cstrong>Highly Customizable\u003C\u002Fstrong>: Set avatar images, names, colors, shapes (circle\u002Fsquare\u002Frounded), border styles, and more.\u003Cbr \u002F>\n*   \u003Cstrong>Block Editor Integration\u003C\u002Fstrong>: Select a preset from the block settings dropdown.\u003Cbr \u002F>\n*   \u003Cstrong>Dynamic Template\u003C\u002Fstrong>: Advanced users can edit the HTML output structure in the settings.\u003Cbr \u002F>\n*   \u003Cstrong>Import\u002FExport\u003C\u002Fstrong>: Easy JSON export for backup or migration.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses npm and webpack to bundle JavaScript and CSS files.\u003Cbr \u002F>\nThe source code is located in the \u003Ccode>src\u003C\u002Fcode> directory.\u003C\u002Fp>\n\u003Cp>To install dependencies:\u003Cbr \u002F>\n    npm install\u003C\u002Fp>\n\u003Cp>To build the project:\u003Cbr \u002F>\n    npm run build\u003C\u002Fp>\n\u003Cp>To start development mode (watch):\u003Cbr \u002F>\n    npm start\u003C\u002Fp>\n\u003Cp>To create a release zip:\u003Cbr \u002F>\n    npm run plugin-zip\u003C\u002Fp>\n","Adds a highly customizable \"Speech Balloon\" block to the WordPress editor. Allows creating presets with avatars and inserting them as blocks.",248,"2026-03-07T04:26:00.000Z","5.8",[175,176,22,105],"avatar","block","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhinagata-speech-balloon.1.2.4.zip",{"attackSurface":180,"codeSignals":302,"taintFlows":355,"riskAssessment":431,"analyzedAt":445},{"hooks":181,"ajaxHandlers":270,"restRoutes":281,"shortcodes":282,"cronEvents":301,"entryPointCount":14,"unprotectedCount":156},[182,188,192,196,200,203,207,212,216,220,224,227,231,236,240,243,247,250,253,259,262,266],{"type":183,"name":184,"callback":185,"file":186,"line":187},"action","admin_footer","word_balloon_post_page","inc\\admin\\admin_enqueue.php",168,{"type":183,"name":189,"callback":190,"priority":13,"file":186,"line":191},"admin_print_footer_scripts","word_balloon_custom_edit_style",177,{"type":183,"name":189,"callback":193,"priority":194,"file":186,"line":195},"word_balloon_old_wp",99999,180,{"type":183,"name":197,"callback":198,"file":199,"line":48},"admin_menu","word_balloon_add_menu","inc\\admin.php",{"type":183,"name":201,"callback":202,"file":199,"line":108},"enqueue_block_editor_assets","word_balloon_block_control_panel",{"type":183,"name":204,"callback":205,"file":199,"line":206},"admin_enqueue_scripts","word_balloon_custom_enqueue",90,{"type":208,"name":209,"callback":210,"file":199,"line":211},"filter","mce_buttons","word_balloon_register_tinymce_button",101,{"type":208,"name":213,"callback":214,"file":199,"line":215},"mce_external_plugins","word_balloon_tinymce_button_script",102,{"type":183,"name":217,"callback":218,"file":199,"line":219},"admin_init","word_balloon_tinymce_button",105,{"type":183,"name":189,"callback":221,"priority":222,"file":199,"line":223},"word_balloon_custom_add_quicktags",11,148,{"type":183,"name":201,"callback":225,"file":199,"line":226},"word_balloon_user_styles",223,{"type":208,"name":228,"callback":229,"file":199,"line":230},"tiny_mce_before_init","word_balloon_extend_tiny_mce_before_init",232,{"type":208,"name":232,"callback":233,"priority":234,"file":199,"line":235},"plugin_action_links","word_balloon_plugin_action_links",10,245,{"type":183,"name":237,"callback":238,"file":199,"line":239},"plugins_loaded","word_balloon_update_check",334,{"type":183,"name":237,"callback":241,"file":199,"line":242},"word_balloon_textdomain_load",340,{"type":183,"name":244,"callback":245,"file":199,"line":246},"customize_controls_enqueue_scripts","closure",571,{"type":183,"name":248,"callback":245,"file":199,"line":249},"customize_controls_print_scripts",576,{"type":183,"name":251,"callback":245,"file":199,"line":252},"customize_register",583,{"type":208,"name":254,"callback":255,"priority":256,"file":257,"line":258},"the_posts","detect_from_posts",99,"inc\\enqueue.php",166,{"type":208,"name":260,"callback":261,"priority":256,"file":257,"line":187},"the_content","content_filter",{"type":183,"name":263,"callback":264,"priority":234,"file":257,"line":265},"wp_enqueue_scripts","enqueue",169,{"type":208,"name":260,"callback":267,"file":268,"line":269},"word_balloon_linebreak_fix","inc\\shortcode.php",41,[271,276],{"action":272,"nopriv":273,"callback":274,"hasNonce":273,"hasCapCheck":273,"file":199,"line":275},"word_balloon_nonce_action_center",false,"word_balloon_nonce_action_event",42,{"action":277,"nopriv":273,"callback":278,"hasNonce":279,"hasCapCheck":273,"file":199,"line":280},"word_balloon_call_ajax","word_balloon_ajax_get_sound_url",true,568,[],[283,287,290,293,295,298],{"tag":284,"callback":285,"file":199,"line":286},"word_balloon","word_balloon_dummy_shortcode",347,{"tag":288,"callback":285,"file":199,"line":289},"word_balloon_wallpaper",349,{"tag":291,"callback":285,"file":199,"line":292},"word_balloon_side_by_side",351,{"tag":284,"callback":294,"file":268,"line":222},"word_balloon_do_shortcode",{"tag":288,"callback":296,"file":268,"line":297},"word_balloon_shortcode_do_wallpaper",19,{"tag":291,"callback":299,"file":268,"line":300},"word_balloon_shortcode_do_side_by_side",27,[],{"dangerousFunctions":303,"sqlUsage":304,"outputEscaping":318,"fileOperations":29,"externalRequests":29,"nonceChecks":349,"capabilityChecks":350,"bundledLibraries":351},[],{"prepared":28,"raw":305,"locations":306},4,[307,310,313,315],{"file":308,"line":191,"context":309},"inc\\admin\\admin_block.php","$wpdb->get_results() with variable interpolation",{"file":311,"line":312,"context":309},"inc\\admin\\post\\admin-post_main_select.php",7,{"file":314,"line":84,"context":309},"inc\\class-w_b_list_table.php",{"file":316,"line":317,"context":309},"inc\\shortcode\\shortcode_build_box.php",87,{"escaped":319,"rawEcho":320,"locations":321},276,12,[322,326,328,330,332,335,337,339,341,343,345,347],{"file":323,"line":324,"context":325},"inc\\admin\\admin_edit.php",228,"raw output",{"file":323,"line":327,"context":325},230,{"file":323,"line":329,"context":325},235,{"file":323,"line":331,"context":325},240,{"file":333,"line":334,"context":325},"inc\\admin\\edit\\admin_usage_environment.php",88,{"file":333,"line":336,"context":325},123,{"file":311,"line":338,"context":325},25,{"file":199,"line":340,"context":325},137,{"file":199,"line":342,"context":325},139,{"file":199,"line":344,"context":325},557,{"file":346,"line":275,"context":325},"inc\\ajax_nonce.php",{"file":346,"line":348,"context":325},109,6,9,[352],{"name":353,"version":38,"knownCves":354},"TinyMCE",[],[356,379,393,401,412,423],{"entryPoint":357,"graph":358,"unsanitizedCount":136,"severity":56},"word_balloon_usage_environment (inc\\admin\\edit\\admin_usage_environment.php:4)",{"nodes":359,"edges":376},[360,365,370,373],{"id":361,"type":362,"label":363,"file":333,"line":364},"n0","source","$_SERVER['SERVER_SOFTWARE']",92,{"id":366,"type":367,"label":368,"file":333,"line":364,"wp_function":369},"n1","sink","echo() [XSS]","echo",{"id":371,"type":362,"label":372,"file":333,"line":349},"n2","$_SERVER",{"id":374,"type":367,"label":368,"file":333,"line":375,"wp_function":369},"n3",107,[377,378],{"from":361,"to":366,"sanitized":273},{"from":371,"to":374,"sanitized":273},{"entryPoint":380,"graph":381,"unsanitizedCount":29,"severity":392},"word_balloon_admin_page (inc\\admin\\admin_edit.php:7)",{"nodes":382,"edges":390},[383,386],{"id":361,"type":362,"label":384,"file":323,"line":385},"$_POST",114,{"id":366,"type":367,"label":387,"file":323,"line":388,"wp_function":389},"update_option() [Settings Manipulation]",117,"update_option",[391],{"from":361,"to":366,"sanitized":279},"low",{"entryPoint":394,"graph":395,"unsanitizedCount":29,"severity":392},"\u003Cadmin_edit> (inc\\admin\\admin_edit.php:0)",{"nodes":396,"edges":399},[397,398],{"id":361,"type":362,"label":384,"file":323,"line":385},{"id":366,"type":367,"label":387,"file":323,"line":388,"wp_function":389},[400],{"from":361,"to":366,"sanitized":279},{"entryPoint":402,"graph":403,"unsanitizedCount":136,"severity":392},"\u003Cadmin_usage_environment> (inc\\admin\\edit\\admin_usage_environment.php:0)",{"nodes":404,"edges":409},[405,406,407,408],{"id":361,"type":362,"label":363,"file":333,"line":364},{"id":366,"type":367,"label":368,"file":333,"line":364,"wp_function":369},{"id":371,"type":362,"label":372,"file":333,"line":349},{"id":374,"type":367,"label":368,"file":333,"line":375,"wp_function":369},[410,411],{"from":361,"to":366,"sanitized":273},{"from":371,"to":374,"sanitized":273},{"entryPoint":413,"graph":414,"unsanitizedCount":29,"severity":392},"word_balloon_nonce_action_event (inc\\ajax_nonce.php:7)",{"nodes":415,"edges":421},[416,417],{"id":361,"type":362,"label":384,"file":346,"line":297},{"id":366,"type":367,"label":418,"file":346,"line":419,"wp_function":420},"get_results() [SQLi]",70,"get_results",[422],{"from":361,"to":366,"sanitized":279},{"entryPoint":424,"graph":425,"unsanitizedCount":29,"severity":392},"\u003Cajax_nonce> (inc\\ajax_nonce.php:0)",{"nodes":426,"edges":429},[427,428],{"id":361,"type":362,"label":384,"file":346,"line":297},{"id":366,"type":367,"label":418,"file":346,"line":419,"wp_function":420},[430],{"from":361,"to":366,"sanitized":279},{"summary":432,"deductions":433},"The 'word-balloon' plugin v4.23.1 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in output escaping, with 96% of outputs properly handled, and a strong emphasis on nonce checks and capability checks, indicating an awareness of common WordPress security vulnerabilities. The absence of file operations and external HTTP requests further mitigates certain risk vectors. However, the presence of one unprotected AJAX handler represents a significant concern, as it could be exploited by unauthenticated users to trigger plugin functionality. Additionally, the vulnerability history of this plugin is a notable weakness, with three past CVEs, including one high-severity vulnerability related to Remote File Inclusion. This history, coupled with the current unprotected entry point, suggests a recurring pattern of security oversight that requires attention.",[434,436,439,441,443],{"reason":435,"points":14},"Unprotected AJAX handler detected",{"reason":437,"points":438},"Past high severity vulnerability (RFI)",15,{"reason":440,"points":234},"Past medium severity vulnerabilities (CSRF, XSS)",{"reason":442,"points":305},"SQL queries partially un-prepared",{"reason":444,"points":349},"Taint flows with unsanitized paths","2026-03-16T17:42:57.134Z",{"wat":447,"direct":456},{"assetPaths":448,"generatorPatterns":451,"scriptPaths":452,"versionParams":453},[449,450],"\u002Fwp-content\u002Fplugins\u002Fword-balloon\u002Fcss\u002Fword_balloon_user.min.css","\u002Fwp-content\u002Fplugins\u002Fword-balloon\u002Fjs\u002Fword_balloon_block.min.js",[],[450],[454,455],"word-balloon\u002Fcss\u002Fword_balloon_user.min.css?ver=","word-balloon\u002Fjs\u002Fword_balloon_block.min.js?ver=",{"cssClasses":457,"htmlComments":458,"htmlAttributes":459,"restEndpoints":461,"jsGlobals":462,"shortcodeOutput":473},[],[],[460],"data-word-balloon-block",[],[463,464,465,466,467,468,469,470,471,472],"word_balloon_block_balloon","word_balloon_block_icon","word_balloon_block_icon_position","word_balloon_block_effect","word_balloon_block_filter","word_balloon_block_in_view","word_balloon_block_in_view_balloon","word_balloon_block_quote_effect","word_balloon_block_avatar","word_balloon_block_avatar_select_option",[]]