[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkLE6z0jTpSn2BCbbuCHLzmXUu_t52HYtoAc89I_Exq4":3,"$fCMymc5hHtsxP6DOKikOsrar728-k4COVDwKR1rqt4pg":475,"$fnaQXz-ElBlWS4FwXl1IWnlDt0MIFSJI84aRTDVjf77I":479},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":15,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":38,"fingerprints":458},"wp-auto-reload-widgets","WP Auto Reload Widgets","10.0.5","Axepro","https:\u002F\u002Fprofiles.wordpress.org\u002Faxepro\u002F","\u003Cp>WP Auto Reload Widgets Plugin is allow you to refresh your widgets period of time. Not only text widgets it is support all wordpress widgets. Set the time in seconds and automatically reload \u002F refresh your widgets. Once Installed pugin find \\”Auto Reload Widget Settings\\” under settings on wordpress dashboard.\u003C\u002Fp>\n","Wp Auto Reload Widgets plugin allow you to refresh all of widgets in period of time. Set time in seconds and automatically refresh.",100,5255,9,"2019-06-12T07:21:00.000Z","","3.5",[18,19,20,21,22],"auto-reload-widgets","autoload-widgets","automatic-widget-reload","autorefresh-text-widget","autorefresh-widgets","http:\u002F\u002Fwww.axebelk.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-auto-reload-widgets.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"axepro",1,30,84,"2026-05-19T22:13:08.396Z",[],{"attackSurface":39,"codeSignals":125,"taintFlows":311,"riskAssessment":440,"analyzedAt":457},{"hooks":40,"ajaxHandlers":99,"restRoutes":121,"shortcodes":122,"cronEvents":123,"entryPointCount":124,"unprotectedCount":33},[41,48,52,56,61,66,70,74,77,81,85,89,93,96],{"type":42,"name":43,"callback":44,"priority":45,"file":46,"line":47},"filter","widget_form_callback","ab_widget_form_extend",10,"Wp-auto-reload-widget.php",15,{"type":42,"name":49,"callback":50,"priority":45,"file":46,"line":51},"widget_update_callback","ab_widget_update",16,{"type":42,"name":53,"callback":54,"priority":45,"file":46,"line":55},"dynamic_sidebar_params","ab_dynamic_sidebar_params",17,{"type":57,"name":58,"callback":59,"file":46,"line":60},"action","wp_enqueue_scripts","ab_adding_scripts",20,{"type":57,"name":62,"callback":63,"file":64,"line":65},"template_redirect","admin_redirect_download_files","admin-page-class\u002Fadmin-page-class.php",209,{"type":42,"name":67,"callback":68,"file":64,"line":69},"init","add_query_var_vars",210,{"type":57,"name":71,"callback":72,"file":64,"line":73},"admin_menu","AddMenuSubPage",274,{"type":57,"name":71,"callback":75,"file":64,"line":76},"AddMenuTopPage",278,{"type":42,"name":78,"callback":79,"priority":45,"file":64,"line":80},"attribute_escape","edit_insert_to_post_text",305,{"type":57,"name":82,"callback":83,"file":64,"line":84},"admin_print_styles","load_scripts_styles",376,{"type":57,"name":86,"callback":87,"file":64,"line":88},"post_edit_form_tag","add_enctype",1075,{"type":42,"name":90,"callback":91,"file":64,"line":92},"media_upload_gallery","insert_images",1090,{"type":42,"name":94,"callback":91,"file":64,"line":95},"media_upload_library",1091,{"type":42,"name":97,"callback":91,"file":64,"line":98},"media_upload_image",1092,[100,106,110,114,118],{"action":101,"nopriv":102,"callback":103,"hasNonce":104,"hasCapCheck":102,"file":64,"line":105},"apc_delete_mupload",false,"wp_ajax_delete_image",true,308,{"action":107,"nopriv":102,"callback":108,"hasNonce":104,"hasCapCheck":102,"file":64,"line":109},"plupload_action","Handle_plupload_action",314,{"action":111,"nopriv":102,"callback":112,"hasNonce":102,"hasCapCheck":102,"file":64,"line":113},"at_delete_file","delete_file",1095,{"action":115,"nopriv":102,"callback":116,"hasNonce":104,"hasCapCheck":102,"file":64,"line":117},"at_reorder_images","reorder_images",1096,{"action":119,"nopriv":102,"callback":103,"hasNonce":104,"hasCapCheck":102,"file":64,"line":120},"at_delete_mupload",1098,[],[],[],5,{"dangerousFunctions":126,"sqlUsage":131,"outputEscaping":133,"fileOperations":26,"externalRequests":33,"nonceChecks":305,"capabilityChecks":33,"bundledLibraries":306},[127],{"fn":128,"file":64,"line":129,"context":130},"unserialize",3318,"$import_code = unserialize($import_code);",{"prepared":26,"raw":26,"locations":132},[],{"escaped":134,"rawEcho":35,"locations":135},19,[136,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303],{"file":46,"line":137,"context":138},36,"raw output",{"file":64,"line":140,"context":138},415,{"file":64,"line":142,"context":138},510,{"file":64,"line":144,"context":138},525,{"file":64,"line":146,"context":138},667,{"file":64,"line":148,"context":138},670,{"file":64,"line":150,"context":138},671,{"file":64,"line":152,"context":138},687,{"file":64,"line":154,"context":138},722,{"file":64,"line":156,"context":138},724,{"file":64,"line":158,"context":138},738,{"file":64,"line":160,"context":138},744,{"file":64,"line":162,"context":138},748,{"file":64,"line":164,"context":138},751,{"file":64,"line":166,"context":138},754,{"file":64,"line":168,"context":138},771,{"file":64,"line":170,"context":138},1240,{"file":64,"line":172,"context":138},1243,{"file":64,"line":174,"context":138},1391,{"file":64,"line":176,"context":138},1403,{"file":64,"line":178,"context":138},1437,{"file":64,"line":180,"context":138},1441,{"file":64,"line":182,"context":138},1449,{"file":64,"line":184,"context":138},1453,{"file":64,"line":186,"context":138},1481,{"file":64,"line":188,"context":138},1486,{"file":64,"line":190,"context":138},1491,{"file":64,"line":192,"context":138},1492,{"file":64,"line":194,"context":138},1537,{"file":64,"line":196,"context":138},1543,{"file":64,"line":198,"context":138},1556,{"file":64,"line":200,"context":138},1589,{"file":64,"line":202,"context":138},1603,{"file":64,"line":204,"context":138},1638,{"file":64,"line":206,"context":138},1653,{"file":64,"line":208,"context":138},1667,{"file":64,"line":210,"context":138},1678,{"file":64,"line":212,"context":138},1691,{"file":64,"line":214,"context":138},1709,{"file":64,"line":216,"context":138},1711,{"file":64,"line":218,"context":138},1732,{"file":64,"line":220,"context":138},1749,{"file":64,"line":222,"context":138},1768,{"file":64,"line":224,"context":138},1772,{"file":64,"line":226,"context":138},1804,{"file":64,"line":228,"context":138},1828,{"file":64,"line":230,"context":138},1832,{"file":64,"line":232,"context":138},1836,{"file":64,"line":234,"context":138},1843,{"file":64,"line":236,"context":138},1847,{"file":64,"line":238,"context":138},1849,{"file":64,"line":240,"context":138},1876,{"file":64,"line":242,"context":138},1909,{"file":64,"line":244,"context":138},1988,{"file":64,"line":246,"context":138},2007,{"file":64,"line":248,"context":138},2009,{"file":64,"line":250,"context":138},2010,{"file":64,"line":252,"context":138},2011,{"file":64,"line":254,"context":138},2038,{"file":64,"line":256,"context":138},2054,{"file":64,"line":258,"context":138},2068,{"file":64,"line":260,"context":138},2091,{"file":64,"line":262,"context":138},2093,{"file":64,"line":264,"context":138},2098,{"file":64,"line":266,"context":138},2100,{"file":64,"line":268,"context":138},2130,{"file":64,"line":270,"context":138},2132,{"file":64,"line":272,"context":138},2137,{"file":64,"line":274,"context":138},2139,{"file":64,"line":276,"context":138},2171,{"file":64,"line":278,"context":138},2173,{"file":64,"line":280,"context":138},2178,{"file":64,"line":282,"context":138},2180,{"file":64,"line":284,"context":138},3262,{"file":64,"line":286,"context":138},3280,{"file":64,"line":288,"context":138},3292,{"file":64,"line":290,"context":138},3311,{"file":64,"line":292,"context":138},3327,{"file":64,"line":294,"context":138},3356,{"file":64,"line":296,"context":138},3369,{"file":64,"line":298,"context":138},3401,{"file":64,"line":300,"context":138},3457,{"file":64,"line":302,"context":138},3459,{"file":64,"line":304,"context":138},3461,8,[307],{"name":308,"version":309,"knownCves":310},"Select2","3.4.6",[],[312,336,354,364,388],{"entryPoint":313,"graph":314,"unsanitizedCount":26,"severity":335},"import (admin-page-class\u002Fadmin-page-class.php:3306)",{"nodes":315,"edges":332},[316,321,325,327],{"id":317,"type":318,"label":319,"file":64,"line":320},"n0","source","$_POST",3314,{"id":322,"type":323,"label":324,"file":64,"line":129,"wp_function":128},"n1","sink","unserialize() [Object Injection]",{"id":326,"type":318,"label":319,"file":64,"line":320},"n2",{"id":328,"type":323,"label":329,"file":64,"line":330,"wp_function":331},"n3","update_option() [Settings Manipulation]",3320,"update_option",[333,334],{"from":317,"to":322,"sanitized":104},{"from":326,"to":328,"sanitized":104},"low",{"entryPoint":337,"graph":338,"unsanitizedCount":26,"severity":335},"download_file (admin-page-class\u002Fadmin-page-class.php:3333)",{"nodes":339,"edges":351},[340,343,347,348],{"id":317,"type":318,"label":341,"file":64,"line":342},"$_REQUEST",3338,{"id":322,"type":323,"label":344,"file":64,"line":345,"wp_function":346},"header() [Header Injection]",3353,"header",{"id":326,"type":318,"label":341,"file":64,"line":342},{"id":328,"type":323,"label":349,"file":64,"line":294,"wp_function":350},"echo() [XSS]","echo",[352,353],{"from":317,"to":322,"sanitized":104},{"from":326,"to":328,"sanitized":104},{"entryPoint":355,"graph":356,"unsanitizedCount":26,"severity":335},"Handle_plupload_action (admin-page-class\u002Fadmin-page-class.php:3392)",{"nodes":357,"edges":362},[358,361],{"id":317,"type":318,"label":359,"file":64,"line":360},"$_FILES",3398,{"id":322,"type":323,"label":349,"file":64,"line":298,"wp_function":350},[363],{"from":317,"to":322,"sanitized":104},{"entryPoint":365,"graph":366,"unsanitizedCount":33,"severity":387},"save (admin-page-class\u002Fadmin-page-class.php:2195)",{"nodes":367,"edges":383},[368,371,375,377,380],{"id":317,"type":318,"label":369,"file":64,"line":370},"$_POST (x2)",2215,{"id":322,"type":323,"label":372,"file":64,"line":373,"wp_function":374},"call_user_func() [RCE]",2222,"call_user_func",{"id":326,"type":318,"label":319,"file":64,"line":376},2227,{"id":328,"type":378,"label":379,"file":64,"line":376},"transform","→ validate_field()",{"id":381,"type":323,"label":372,"file":64,"line":382,"wp_function":374},"n4",3436,[384,385,386],{"from":317,"to":322,"sanitized":104},{"from":326,"to":328,"sanitized":102},{"from":328,"to":381,"sanitized":102},"high",{"entryPoint":389,"graph":390,"unsanitizedCount":33,"severity":387},"\u003Cadmin-page-class> (admin-page-class\u002Fadmin-page-class.php:0)",{"nodes":391,"edges":429},[392,395,397,399,400,401,403,405,407,409,411,413,415,417,419,421,423,425,427],{"id":317,"type":318,"label":393,"file":64,"line":394},"$_GET (x3)",1188,{"id":322,"type":323,"label":372,"file":64,"line":396,"wp_function":374},1426,{"id":326,"type":318,"label":398,"file":64,"line":394},"$_GET (x5)",{"id":328,"type":323,"label":349,"file":64,"line":204,"wp_function":350},{"id":381,"type":318,"label":369,"file":64,"line":370},{"id":402,"type":323,"label":372,"file":64,"line":373,"wp_function":374},"n5",{"id":404,"type":318,"label":319,"file":64,"line":320},"n6",{"id":406,"type":323,"label":324,"file":64,"line":129,"wp_function":128},"n7",{"id":408,"type":318,"label":319,"file":64,"line":320},"n8",{"id":410,"type":323,"label":329,"file":64,"line":330,"wp_function":331},"n9",{"id":412,"type":318,"label":341,"file":64,"line":342},"n10",{"id":414,"type":323,"label":344,"file":64,"line":345,"wp_function":346},"n11",{"id":416,"type":318,"label":341,"file":64,"line":342},"n12",{"id":418,"type":323,"label":349,"file":64,"line":294,"wp_function":350},"n13",{"id":420,"type":318,"label":359,"file":64,"line":360},"n14",{"id":422,"type":323,"label":349,"file":64,"line":298,"wp_function":350},"n15",{"id":424,"type":318,"label":319,"file":64,"line":376},"n16",{"id":426,"type":378,"label":379,"file":64,"line":376},"n17",{"id":428,"type":323,"label":372,"file":64,"line":382,"wp_function":374},"n18",[430,431,432,433,434,435,436,437,438,439],{"from":317,"to":322,"sanitized":104},{"from":326,"to":328,"sanitized":104},{"from":381,"to":402,"sanitized":104},{"from":404,"to":406,"sanitized":104},{"from":408,"to":410,"sanitized":104},{"from":412,"to":414,"sanitized":104},{"from":416,"to":418,"sanitized":104},{"from":420,"to":422,"sanitized":104},{"from":424,"to":426,"sanitized":102},{"from":426,"to":428,"sanitized":102},{"summary":441,"deductions":442},"The \"wp-auto-reload-widgets\" plugin v10.0.5 exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and having a clean vulnerability history with no recorded CVEs, several concerning elements were identified during static analysis. The presence of a dangerous `unserialize` function, coupled with two taint flows with unsanitized paths and a significant percentage of improperly escaped output (82%), suggests potential weaknesses that could be exploited. Furthermore, one of its five AJAX handlers lacks authentication checks, creating a direct entry point for attackers. The outdated bundled Select2 library (v3.4.6) also represents a potential vulnerability vector if it contains known exploits.\n\nDespite the absence of historical vulnerabilities, the identified code signals and taint analysis results warrant caution. The direct, unprotected AJAX handler is a critical concern, as is the use of `unserialize` without apparent sanitization, which can lead to remote code execution if exploited with malicious serialized data. The low percentage of properly escaped output also increases the risk of cross-site scripting (XSS) attacks. While the plugin has no recorded CVEs, indicating it hasn't been publicly exploited thus far, the current static analysis reveals potential entry points for attackers that should be addressed to maintain a strong security posture.",[443,445,448,450,453,454],{"reason":444,"points":45},"AJAX handler without authentication check",{"reason":446,"points":447},"Dangerous function: unserialize",7,{"reason":449,"points":124},"High percentage of improperly escaped output",{"reason":451,"points":452},"Taint flow with unsanitized path (High severity)",12,{"reason":451,"points":452},{"reason":455,"points":456},"Bundled outdated library: Select2 v3.4.6",3,"2026-04-16T11:03:36.708Z",{"wat":459,"direct":466},{"assetPaths":460,"generatorPatterns":462,"scriptPaths":463,"versionParams":464},[461],"\u002Fwp-content\u002Fplugins\u002Fwp-auto-reload-widgets\u002Fjs\u002Fauto_reload.min.js",[],[461],[465],"wp-auto-reload-widgets\u002Fjs\u002Fauto_reload.min.js?ver=1.1",{"cssClasses":467,"htmlComments":468,"htmlAttributes":469,"restEndpoints":471,"jsGlobals":472,"shortcodeOutput":474},[],[],[470],"id='widget-{$widget->id_base}-{$widget->number}-classes'",[],[473],"ab_reload",[],{"error":104,"url":476,"statusCode":477,"statusMessage":478,"message":478},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-auto-reload-widgets\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":26,"versions":480},[]]