[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsSwlb6-Q1lCewF5j6FCA8QnuewzVNgQHE6Y9SNCij3I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":90,"fingerprints":226},"wp-all-post-type-widget","WP All Post Type Widget","1.0.4","amairatech","https:\u002F\u002Fprofiles.wordpress.org\u002Famairatech\u002F","\u003Cp>WP All Post Type Widget WordPress plugin add default post type and his category (post).\u003Cbr \u002F>\nYou can display post with custom post type and his category base.\u003C\u002Fp>\n\u003Ch4>Descriptions of Widgets\u003C\u002Fh4>\n\u003Ch4>Post Type (Custom Post Type or default)\u003C\u002Fh4>\n\u003Cp>display a list of the custom posts by post type.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Title\u003C\u002Fstrong> – description that appears over the list of custom posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Type\u003C\u002Fstrong> – if selected, filter by a custom post type. (e.g. post).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Category\u003C\u002Fstrong> – Category filtered by post type.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Number of posts to show (at most unlimited)\u003C\u002Fstrong> – enter the number of posts to display.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display post date?\u003C\u002Fstrong> – if checked, display post date.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Orderby\u003C\u002Fstrong> Default order by date\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order\u003C\u002Fstrong> Default order is desc\u003C\u002Fli>\n\u003C\u002Ful>\n","WP All Post Type Widget WordPress plugin add default post type and his category (post)",20,1502,100,3,"2019-09-28T11:06:00.000Z","5.2.24","3.7","",[20,21,22,4],"custom-post-type-widget","custom-taxonomy-post","wordpress-all-post-type-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-all-post-type-widget.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T06:48:22.908Z",[35,54,72],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":13,"downloaded":43,"rating":44,"num_ratings":14,"last_updated":45,"tested_up_to":16,"requires_at_least":46,"requires_php":18,"tags":47,"homepage":52,"download_link":53,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"vi-random-posts-widget","Vi Random Post Widget","1.1","Team Startbit","https:\u002F\u002Fprofiles.wordpress.org\u002Fvivacityinfotechjaipur\u002F","\u003Cp>Vi Random Posts Widget plugin allows us to create a custom random or category posts list as a widget. It gives you a list of random posts via shortcode or widget with thumbnail, excerpt and post date, also you can display it from your custom post type or from a post category.\u003C\u002Fp>\n\u003Cp>=Features=\u003C\u002Fp>\n\u003Cpre>\u003Ccode>WordPress 5.2.1 Support.\nAllow you to add a URL in widget title\nDisplay thumbnails and customizable size.\nDisplay excerpt of customizable length.\nDisplay from all, specific or multiple category.\nDisplay your post date with customomizable format.\nDisplay your post author.\nDisplay post comment counts\nDisplay your custom Post types.    \nUser can add a custom css class in widget.\nAdd custom html or text before and\u002For after posts lists.\nDisplay random post using shortcode '[virp\u002F]'.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Rate Us \u002F Feedback\u003C\u002Fh4>\n\u003Cp>Please take the time to let us and others know about your experiences by leaving a review, so that we can improve the plugin for you and other users.\u003C\u002Fp>\n\u003Ch4>Want More?\u003C\u002Fh4>\n\u003Cp>If You Want more functionality or some modifications, just drop us a line what you want and We will try to add or modify the plugin functions.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Thanks to Aqua Resizer. (http:\u002F\u002Faquagraphite.com)\u003C\u002Fli>\n\u003Cli>Thanks to Font Awesome. (https:\u002F\u002Ffortawesome.github.io\u002FFont-Awesome\u002F)\u003C\u002Fli>\n\u003C\u002Ful>\n","Vi Random Posts Widget plugin allows us to create a custom random or category posts list as a widget. It gives you a list of random posts via shortcod &hellip;",6248,74,"2019-06-18T07:34:00.000Z","3.0",[20,48,49,50,51],"latest-post-widget","post-widget","random-post","random-post-widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvi-random-posts-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvi-random-posts-widget.1.1.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":13,"downloaded":62,"rating":13,"num_ratings":30,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":18,"tags":66,"homepage":70,"download_link":71,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"wp-posts-widget","WP Post Widget","1.8","WP-EXPERTS.IN","https:\u002F\u002Fprofiles.wordpress.org\u002Findia-web-developer\u002F","\u003Cp>It’s a very simple plugin to display recent posts on your website sidebar widget and also there are an option to choose posts of your custom post type.\u003C\u002Fp>\n\u003Cp>Note : please don’t forget to leave your valuable feedback and suggsations for make my plugin much more better compare to other plugins.\u003C\u002Fp>\n\u003Cp>Do You Have Any Query? \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-experts.in\u002Fcontact-us\u002F?utm_source=wordpress.org&utm_medium=free-plugin&utm_campaign=post-widget\" rel=\"nofollow ugc\">Submit here\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Video Tutorial :\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFHUBeo8Yif4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>`Features`\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>An option to show comment count\u003C\u002Fli>\n\u003Cli>An option to define hide widget title\u003C\u002Fli>\n\u003Cli>An option to choose custom post type\u003C\u002Fli>\n\u003Cli>Display post from specific category \u003C\u002Fli>\n\u003Cli>An option to exclude\u002Finclude specific posts.\u003C\u002Fli>\n\u003Cli>An option to define post filter order.\u003C\u002Fli>\n\u003Cli>An option to define post content limit.\u003C\u002Fli>\n\u003Cli>An option to define to display number of posts\u003C\u002Fli>\n\u003C\u002Ful>\n","Posts widget! Add list of recent posts from your CUSTOM POST TYPE.",7028,"2023-11-14T15:20:00.000Z","6.4.8","6.0",[20,67,68,49,69],"custom-post-types","post-type-widget","widget","http:\u002F\u002Fwww.wp-experts.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-posts-widget.1.8.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":13,"num_ratings":30,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":18,"tags":85,"homepage":88,"download_link":89,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"simple-recent-post-widget","Simple Recent Post Widget","1.0","Jobayer Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fjobayer007\u002F","\u003Cp>This is a widget plugin to show recent or popular post into your sidebar or footer area.\u003C\u002Fp>\n\u003Cp>It is also support any kinds of post types or custom post type.Just install this plugin go to Appearence > Widgets then add Simple Post Widget into any of your sidebar. Here you will get some options.\u003Cbr \u002F>\n1. Post Title\u003Cbr \u002F>\n2. Post Type\u003Cbr \u002F>\n3. Post Order By\u003Cbr \u002F>\n4. Posts Per Page\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>You may provide arbitrary sections, in the same format as the ones above.  This may be of use for extremely complicated\u003Cbr \u002F>\nplugins where more information needs to be conveyed that doesn’t fit into the categories of “description” or\u003Cbr \u002F>\n“installation.”  Arbitrary sections will be shown below the built-in sections outlined above.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Some feature\u003C\u002Fli>\n\u003Cli>Another feature\u003C\u002Fli>\n\u003Cli>Something else about the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>something\u003C\u002Fli>\n\u003Cli>something else\u003C\u002Fli>\n\u003Cli>third thing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s a link to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" title=\"Your favorite software\" rel=\"ugc\">WordPress\u003C\u002Fa> and one to \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" title=\"Markdown is what the parser uses to process much of the readme file\" rel=\"nofollow ugc\">Markdown’s Syntax Documentation\u003C\u002Fa>.\u003Cbr \u002F>\nTitles are optional, naturally.\u003C\u002Fp>\n\u003Cp>Markdown uses email style notation for blockquotes and I’ve been told:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Asterisks for \u003Cem>emphasis\u003C\u002Fem>. Double it up  for \u003Cstrong>strong\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cpre>\u003Ccode>\u003C?php code(); \u002F\u002F goes in backticks ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Simple Post Widget",10,1869,"2016-11-23T10:49:00.000Z","4.7.32","4.4",[20,49,86,87],"show-widget","simple-post-widget","http:\u002F\u002Fdev-jobayer.com\u002Frecent-post-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-recent-post-widget.zip",{"attackSurface":91,"codeSignals":122,"taintFlows":183,"riskAssessment":210,"analyzedAt":225},{"hooks":92,"ajaxHandlers":110,"restRoutes":118,"shortcodes":119,"cronEvents":120,"entryPointCount":121,"unprotectedCount":121},[93,99,102,107],{"type":94,"name":95,"callback":96,"file":97,"line":98},"action","wp_head","public_scripts","classes\\class-widget.php",9,{"type":94,"name":100,"callback":101,"file":97,"line":80},"admin_enqueue_scripts","scripts",{"type":94,"name":103,"callback":104,"file":105,"line":106},"plugins_loaded","anonymous","classes\\class-wpaptw.php",41,{"type":94,"name":108,"callback":104,"file":105,"line":109},"widgets_init",49,[111,115],{"action":112,"nopriv":113,"callback":112,"hasNonce":113,"hasCapCheck":113,"file":97,"line":114},"wpaptw_get_category",false,11,{"action":112,"nopriv":116,"callback":112,"hasNonce":113,"hasCapCheck":113,"file":97,"line":117},true,12,[],[],[],2,{"dangerousFunctions":123,"sqlUsage":124,"outputEscaping":126,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":182},[],{"prepared":25,"raw":25,"locations":125},[],{"escaped":127,"rawEcho":128,"locations":129},5,31,[130,133,135,136,138,140,142,143,144,146,148,149,151,152,154,156,157,159,161,163,164,166,168,169,171,173,174,175,177,178,180],{"file":97,"line":131,"context":132},61,"raw output",{"file":97,"line":134,"context":132},63,{"file":97,"line":44,"context":132},{"file":97,"line":137,"context":132},80,{"file":97,"line":139,"context":132},110,{"file":97,"line":141,"context":132},111,{"file":97,"line":141,"context":132},{"file":97,"line":141,"context":132},{"file":97,"line":145,"context":132},114,{"file":97,"line":147,"context":132},115,{"file":97,"line":147,"context":132},{"file":97,"line":150,"context":132},118,{"file":97,"line":150,"context":132},{"file":97,"line":153,"context":132},124,{"file":97,"line":155,"context":132},125,{"file":97,"line":155,"context":132},{"file":97,"line":158,"context":132},126,{"file":97,"line":160,"context":132},130,{"file":97,"line":162,"context":132},131,{"file":97,"line":162,"context":132},{"file":97,"line":165,"context":132},138,{"file":97,"line":167,"context":132},139,{"file":97,"line":167,"context":132},{"file":97,"line":170,"context":132},146,{"file":97,"line":172,"context":132},147,{"file":97,"line":172,"context":132},{"file":97,"line":172,"context":132},{"file":97,"line":176,"context":132},150,{"file":97,"line":176,"context":132},{"file":97,"line":179,"context":132},151,{"file":97,"line":181,"context":132},162,[],[184,201],{"entryPoint":185,"graph":186,"unsanitizedCount":30,"severity":200},"wpaptw_get_category (classes\\class-widget.php:156)",{"nodes":187,"edges":198},[188,193],{"id":189,"type":190,"label":191,"file":97,"line":192},"n0","source","$_GET",159,{"id":194,"type":195,"label":196,"file":97,"line":181,"wp_function":197},"n1","sink","echo() [XSS]","echo",[199],{"from":189,"to":194,"sanitized":113},"medium",{"entryPoint":202,"graph":203,"unsanitizedCount":30,"severity":209},"\u003Cclass-widget> (classes\\class-widget.php:0)",{"nodes":204,"edges":207},[205,206],{"id":189,"type":190,"label":191,"file":97,"line":192},{"id":194,"type":195,"label":196,"file":97,"line":181,"wp_function":197},[208],{"from":189,"to":194,"sanitized":113},"low",{"summary":211,"deductions":212},"The \"wp-all-post-type-widget\" v1.0.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows no history of known vulnerabilities. The absence of dangerous functions, file operations, external HTTP requests, and bundled libraries further contribute to a reduced attack surface in those specific areas. However, significant concerns arise from the static analysis. The plugin has a small but unprotected attack surface, with two AJAX handlers that lack authentication checks, presenting a direct entry point for potential attackers. Furthermore, a substantial portion of its output (86%) is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is present in these outputs. The taint analysis also flagged two flows with unsanitized paths, indicating potential vulnerabilities in how data is processed, even though they were not classified as critical or high severity. The lack of nonce and capability checks on the AJAX handlers, combined with the unescaped outputs, are the most prominent security weaknesses.\n\nIn conclusion, while the plugin avoids common pitfalls like vulnerable SQL queries or a history of CVEs, its current state presents tangible risks. The unprotected AJAX endpoints and insufficient output escaping are critical areas that require immediate attention to prevent potential compromise. The absence of nonce and capability checks is a glaring omission in securing these entry points. Addressing these specific issues would significantly improve the plugin's security.",[213,215,218,221,223],{"reason":214,"points":80},"AJAX handlers without authentication checks",{"reason":216,"points":217},"Unescaped output (14% properly escaped)",8,{"reason":219,"points":220},"Taint flows with unsanitized paths",7,{"reason":222,"points":80},"Missing nonce checks on AJAX handlers",{"reason":224,"points":80},"Missing capability checks","2026-03-16T23:06:31.875Z",{"wat":227,"direct":238},{"assetPaths":228,"generatorPatterns":232,"scriptPaths":233,"versionParams":234},[229,230,231],"\u002Fwp-content\u002Fplugins\u002Fwp-all-post-type-widget\u002Fassets\u002Fcss\u002Fwpaptw-public.css","\u002Fwp-content\u002Fplugins\u002Fwp-all-post-type-widget\u002Fassets\u002Fjs\u002Fwpaptw-public.js","\u002Fwp-content\u002Fplugins\u002Fwp-all-post-type-widget\u002Fassets\u002Fjs\u002Fwpaptw-admin.js",[],[230,231],[235,236,237],"wp-all-post-type-widget\u002Fassets\u002Fcss\u002Fwpaptw-public.css?ver=","wp-all-post-type-widget\u002Fassets\u002Fjs\u002Fwpaptw-public.js?ver=","wp-all-post-type-widget\u002Fassets\u002Fjs\u002Fwpaptw-admin.js?ver=",{"cssClasses":239,"htmlComments":247,"htmlAttributes":248,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":252},[240,241,242,243,244,245,246],"wpaptw-posts-ul","wpaptw-thumbnail","half_title","wpaptw_post_types_box","wpaptw_category_combo","wpaptw_orderby_combo","wpaptw_order_combo",[],[249],"wpaptw-all-post-type-widget-posts",[],[112],[]]