[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJGwJ4XxKolN9yqRv2L5UeWkZqNx9yUDwlkTj9UgYZ4M":3,"$fRLjVZOOant3NnbhiTnXFk-dMvcwHJzIFbf0smH8eXZQ":197,"$f_bKXh8q7Oz4nUiCVje8ozyTe0eiCgRw61UWYdoV1tYw":202},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":140,"fingerprints":178},"wp-calculator","WP Calculator","0.1","levani01","https:\u002F\u002Fprofiles.wordpress.org\u002Flevani01\u002F","\u003Cp>WP Calculator is a free simple calculator for your blog. Originaly developed from http:\u002F\u002Fwww.bmgadg.com\u002Fcalculator.php script.\u003C\u002Fp>\n\u003Cp>Version Change log:\u003C\u002Fp>\n\u003Cp>v0.1\u003Cbr \u002F>\nInitial release\u003C\u002Fp>\n","WP Calculator is a free simple calculator for your blog. Originaly developed from http:\u002F\u002Fwww.bmgadg.com\u002Fcalculator.php script.",10,2978,0,"2009-05-29T19:17:00.000Z","2.7","2.5","",[19,20,21,22],"calculator","math","mathematics","widget","http:\u002F\u002Fwp123.info\u002Fplugins\u002Fwp-calculator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-calculator.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,20,30,84,"2026-05-20T08:03:08.440Z",[37,59,75,100,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":45,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":58},"elemental-calculator","Elemental Calculator","1.2.2","Amaury RAMBAUD","https:\u002F\u002Fprofiles.wordpress.org\u002Fklushep\u002F","\u003Cp>Insert a simple calculator in your WordPress website with a widget or the shortcode [elemental_calculator].\u003Cbr \u002F>\nThe Elemental Calculator plugin is responsive and support numeric keyboard.\u003C\u002Fp>\n","Insert a simple calculator in your WordPress website with a widget or the shortcode [elemental_calculator].",100,3581,3,"2025-04-25T15:25:00.000Z","6.8.5","3.8","5.2.4",[53,19,20,54,22],"basic","simple","https:\u002F\u002Fwww.amauryrambaud.fr\u002Felemental-calculator-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Felemental-calculator.zip",92,"2026-04-16T10:56:18.058Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":69,"requires_at_least":16,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":58},"math-calculator","Math Calculator","1.2","genpichong","https:\u002F\u002Fprofiles.wordpress.org\u002Fgenpichong\u002F","\u003Cp>This calculator can be used for quick on site calculations. Check http:\u002F\u002Fwww.calculator.net\u002Fmath-calculator.html for a demo of this calculator.\u003C\u002Fp>\n","This calculator can be used for quick on site calculations.",3599,"2017-07-11T15:29:00.000Z","4.8.28",[19,60,71,22,72],"sidebar","widgets","http:\u002F\u002Fwww.calculator.net\u002Fprojects\u002Fmath-calculator-widget.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmath-calculator.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":17,"download_link":96,"security_score":97,"vuln_count":98,"unpatched_count":13,"last_vuln_date":99,"fetched_at":58},"mathjax-latex","MathJax-LaTeX","1.3.13","knowledgeblog","https:\u002F\u002Fprofiles.wordpress.org\u002Fknowledgeblog\u002F","\u003Cp>MathJax enables enables rendering of embedded LaTeX or MathML in HTML pages. This plugin adds this functionality to WordPress. The MathJax JavaScript is inject on-demand only to those pages which require it. This ensures that MathJax is not loaded for all pages, which will otherwise slow loading down.\u003C\u002Fp>\n\u003Cp>The MathJax JavaScript can be delivered from your own server, or you can use the Cloudflare Content Distribution Network (CDN), which is the preferred mechanism as it offers increased speed and stability over hosting the JavaScript and configuring the library yourself.\u003C\u002Fp>\n\u003Cp>You may embed latex using a variety of different syntaxes. The shortcode (https:\u002F\u002Fcodex.wordpress.org\u002FShortcode_API) syntax is preferred. So \u003Ccode>[latex]E=mc^2[\u002Flatex]\u003C\u002Fcode> will work out of the box. This also forces loading of MathJax.\u003C\u002Fp>\n\u003Cp>Additionally, you can use native MathJax syntax — \u003Ccode>$$E=mc^2$$\u003C\u002Fcode> or \u003Ccode>\\(E=mc^2\\)\u003C\u002Fcode>. However, if this is the only syntax used, the plugin must be explicitly told to load MathJax for the current page. This can be achieved by adding a \u003Ccode>[mathjax]\u003C\u002Fcode> shortcode anywhere in the post. For posts with both \u003Ccode>[latex]\u003C\u002Fcode>x\u003Ccode>[\u002Flatex]\u003C\u002Fcode> and \u003Ccode>$$x$$\u003C\u002Fcode> syntaxes this is unnecessary.\u003C\u002Fp>\n\u003Cp>You can use wp-latex syntax, \u003Ccode>$latex E=mc^2$\u003C\u002Fcode>. Parameters can be specified as with wp-latex but will be ignored. This means that MathJax-LaTeX should be a drop-in replacement for wp-latex. Because this conflicts with wp-latex, this behaviour is blocked when wp-latex is present, and must be explicitly enabled in the settings.\u003C\u002Fp>\n\u003Cp>You can also specify \u003Ccode>[nomathjax]\u003C\u002Fcode> — this will block mathjax on the current page, regardless of other tags.\u003C\u002Fp>\n\u003Cp>MathJax-LaTeX is developed on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fphillord\u002Fmathjax-latex\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>This plugin is copyright Phillip Lord, Newcastle University and is licensed under GPLv2.\u003C\u002Fp>\n","This plugin enables MathJax (http:\u002F\u002Fwww.mathjax.org) functionality for WordPress (http:\u002F\u002Fwww.wordpress.org).",10000,171785,88,11,"2025-01-14T16:50:00.000Z","6.7.5","3.0","7.0.0",[92,21,93,94,95],"latex","mathjax","mathml","science","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmathjax-latex.1.3.13.zip",91,1,"2013-03-25 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":49,"requires_at_least":89,"requires_php":17,"tags":113,"homepage":116,"download_link":117,"security_score":118,"vuln_count":31,"unpatched_count":13,"last_vuln_date":119,"fetched_at":58},"cc-bmi-calculator","CC BMI Calculator","2.1.1","CC","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalculatorscanadaca\u002F","\u003Cp>This is basic \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator\u003C\u002Fa> for Body Mass Index calculation.\u003Cbr \u002F>\nCalculation can be done in imperial or metric units. Here is \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-chart-men-women-metric\u002F\" rel=\"nofollow ugc\">metric BMI chart\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-chart-men-women-imperial\u002F\" rel=\"nofollow ugc\">imperial BMI chart\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Body Mass Index calculator is for adults only. For kids and youths check these calculators: \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fgirls-bmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator for 5-19 age girls\u003C\u002Fa> or\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fboys-bmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator for 5-19 age boys\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Calculator is very easy customizable: you can change color of background, borders and text to match your web site’s theme and change widget title, make prefered default unit (imperial or metric).\u003Cbr \u002F>\nIt can be placed on sidebar as widget or incorporated into post or page using shortcode.\u003C\u002Fp>\n","Add a free simple customizable BMI Calculator to your web site.",800,17573,66,4,"2025-11-14T10:48:00.000Z",[114,19,115,71,22],"bmi-calculator","shortcode","https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-calculator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-bmi-calculator.2.1.1.zip",99,"2025-05-07 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":34,"num_ratings":130,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":138,"download_link":139,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wpmathpub","WPMathPub","3.0.3","Ron Fredericks","https:\u002F\u002Fprofiles.wordpress.org\u002Fronf\u002F","\u003Cp>WPMathPub renders mathematical equations in WordPress using the \u003Cstrong>mathpublisher rendering engine\u003C\u002Fstrong>, supporting both \u003Cstrong>pmath native syntax and LaTeX-style input\u003C\u002Fstrong> and generating high-quality PNG images with transparent backgrounds.\u003C\u002Fp>\n\u003Cp>Unlike MathJax-based plugins, WPMathPub performs \u003Cstrong>server-side rendering\u003C\u002Fstrong>, producing static equation images that display consistently across browsers and devices without requiring client-side JavaScript.\u003C\u002Fp>\n\u003Cp>This approach provides reliable rendering for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress posts and pages\u003C\u002Fli>\n\u003Cli>RSS feeds\u003C\u002Fli>\n\u003Cli>Cached pages\u003C\u002Fli>\n\u003Cli>Environments where JavaScript rendering is not desirable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WPMathPub extends the classic mathpublisher engine with modern WordPress integration including shortcode support, LaTeX translation, image caching, and configurable rendering options.\u003C\u002Fp>\n\u003Ch3>Mathematical Equation Rendering\u003C\u002Fh3>\n\u003Cp>Mathematical expressions can be embedded directly into WordPress content using the pmath shortcode.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[pmath]x^2 + y^2 = z^2[\u002Fpmath]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Custom size and color:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[pmath size=18 color=\"blue\"]E = mc^2[\u002Fpmath]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>LaTeX input:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[pmath latex=1]\\frac{a}{b}[\u002Fpmath]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Expressions are rendered as PNG images using the GD and FreeType libraries and cached for efficient reuse.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>pmath expression rendering\u003C\u002Fli>\n\u003Cli>LaTeX command translation (PHPMathPublisher subset)\u003C\u002Fli>\n\u003Cli>Server-side PNG equation generation\u003C\u002Fli>\n\u003Cli>Gutenberg WPMathPub math block with PMath and LaTeX mode switching\u003C\u002Fli>\n\u003Cli>Halo-free color rendering with alpha transparency\u003C\u002Fli>\n\u003Cli>Transparent background support for dark themes\u003C\u002Fli>\n\u003Cli>Minimal WordPress database footprint\u003C\u002Fli>\n\u003Cli>Efficient PNG image caching\u003C\u002Fli>\n\u003Cli>WordPress admin tools panel\n\u003Cul>\n\u003Cli>Configurable default equation size\u003C\u002Fli>\n\u003Cli>Configurable default equation color with color picker\u003C\u002Fli>\n\u003Cli>Installation status display\u003C\u002Fli>\n\u003Cli>PNG image cache status and control\u003C\u002Fli>\n\u003Cli>Policy control for cleanup on plugin delete\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Render mathematical equations in WordPress as PNG images using pmath native syntax or LaTeX input with server-side rendering.",300,25012,5,"2026-04-06T07:40:00.000Z","6.9.4","5.2.3","7.2",[136,137,92,20,21],"equations","formula","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpmathpub\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpmathpub.3.0.3.zip",{"attackSurface":141,"codeSignals":156,"taintFlows":170,"riskAssessment":171,"analyzedAt":177},{"hooks":142,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":13,"unprotectedCount":13},[143,148],{"type":144,"name":145,"callback":146,"file":147,"line":34},"action","init","anonymous","wp_calculator.php",{"type":144,"name":149,"callback":150,"file":147,"line":151},"wp_head","cp_header",93,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":169},[],{"prepared":13,"raw":13,"locations":159},[],{"escaped":13,"rawEcho":47,"locations":161},[162,165,167],{"file":147,"line":163,"context":164},75,"raw output",{"file":147,"line":166,"context":164},76,{"file":147,"line":168,"context":164},80,[],[],{"summary":172,"deductions":173},"The \"wp-calculator\" plugin v0.1 exhibits a concerning security posture primarily due to a complete lack of output escaping. While the static analysis reveals a limited attack surface with no direct entry points identified for AJAX, REST API, shortcodes, or cron events, and the absence of dangerous functions, SQL injection, or file operations, the critical flaw lies in how it handles its output. The fact that 100% of the identified output is not properly escaped presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities.  Even with a clean vulnerability history and no identified taint flows, the lack of output sanitization is a serious oversight that could be exploited by attackers to inject malicious scripts into the site, impacting users and potentially the integrity of the website.\n\nDespite the positive aspects like the absence of known CVEs and a low attack surface with no unprotected entry points, the unescaped output is a glaring weakness. This indicates a potential lack of developer diligence in following fundamental WordPress security best practices.  While there are no immediate critical vulnerabilities like RCE or SQL injection evident from the static analysis, the potential for XSS is high and directly stems from the provided code signals.  The plugin's vulnerability history being clean is a good sign, but it could also be attributed to its limited use or exposure, or the fact that the lack of output escaping hasn't been widely discovered or exploited yet.\n\nIn conclusion, the \"wp-calculator\" plugin v0.1 has a seemingly small attack surface and a clean history, which are positive indicators. However, the complete failure to escape output is a critical security flaw that overshadows these strengths. Developers must address this immediately to prevent potential XSS attacks.  Until this is resolved, the plugin should be considered a significant risk. The absence of nonce and capability checks on potential (though currently non-existent) entry points also warrants attention for future development.",[174],{"reason":175,"points":176},"Unescaped output found",18,"2026-03-17T01:06:23.726Z",{"wat":179,"direct":186},{"assetPaths":180,"generatorPatterns":182,"scriptPaths":183,"versionParams":185},[181],"\u002Fwp-content\u002Fplugins\u002Fwp-calculator\u002Fbackground.jpg",[],[184],"\u002Fwp-content\u002Fplugins\u002Fwp-calculator\u002Fcalculate.js",[],{"cssClasses":187,"htmlComments":188,"htmlAttributes":189,"restEndpoints":192,"jsGlobals":193,"shortcodeOutput":195},[],[],[190,191],"name=\"calculator\"","name=\"win\"",[],[194],"calc",[196],"\u003Cform name=\"calculator\">\n\u003Ctable border=\"0\" cellpadding=\"2\" cellspacing=\"0\" background=\"wp-content\u002Fplugins\u002Fwp calculator\u002Fbackground.jpg\" width=\"150\" height=\"259\">\n\u003Ctr>\u003Ctd align=\"center\" style=\"padding-bottom:0px;padding-top:15px\">\u003Cinput type=\"text\" name=\"win\" value=\"0\" style=\"height:30px;width:190px;text-align:right;font-size:20px;font-weight:bold;border:1px solid #000;padding-right:2px;\" maxlength='15'>\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\n\u003Ctable border=\"0\" cellpadding=\"5\" cellspacing=\"1\" align=\"center\">\n\n\u003Ctr>\u003Ctd style=\"padding-top:0px\">\u003Cinput type=\"button\" value=\"CE\" style=\"width:40px\" onClick=\"calc('CE')\">\u003C\u002Ftd>\n\u003Ctd style=\"padding-top:0px\">\u003Cinput type=\"button\" value=\"C\" style=\"width:40px\" onClick=\"calc('C')\">\u003C\u002Ftd>\n\u003Ctd style=\"padding-top:0px\">\u003Cinput type=\"button\" value=\"+\u002F-\" style=\"width:40px\" onClick=\"calc('+\u002F-')\">\u003C\u002Ftd>\n\u003Ctd style=\"padding-top:0px\">\u003Cinput type=\"button\" value=\"%\" style=\"width:40px\" onClick=\"calc('%')\">\u003C\u002Ftd>\u003C\u002Ftr>\n\n\u003Ctr>\u003Ctd>\u003Cinput type=\"button\" value=\"7\" style=\"width:40px\" onClick=\"calc('7')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"8\" style=\"width:40px\" onClick=\"calc('8')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"9\" style=\"width:40px\" onClick=\"calc('9')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"\u002F\" style=\"width:40px\" onClick=\"calc('\u002F')\">\u003C\u002Ftd>\u003C\u002Ftr>\n\n\u003Ctr>\u003Ctd>\u003Cinput type=\"button\" value=\"4\" style=\"width:40px\" onClick=\"calc('4')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"5\" style=\"width:40px\" onClick=\"calc('5')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"6\" style=\"width:40px\" onClick=\"calc('6')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"x\" style=\"width:40px\" onClick=\"calc('*')\">\u003C\u002Ftd>\u003C\u002Ftr>\n\n\u003Ctr>\u003Ctd>\u003Cinput type=\"button\" value=\"1\" style=\"width:40px\" onClick=\"calc('1')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"2\" style=\"width:40px\" onClick=\"calc('2')\">\u003C\u002Ftd>\n\n\u003Ctd>\u003Cinput type=\"button\" value=\"3\" style=\"width:40px\" onClick=\"calc('3')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"-\" style=\"width:40px\" onClick=\"calc('-')\">\u003C\u002Ftd>\u003C\u002Ftr>\n\n\u003Ctr>\u003Ctd>\u003Cinput type=\"button\" value=\"0\" style=\"width:40px\" onClick=\"calc('0')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\".\" style=\"width:40px\" onClick=\"calc('.')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"=\" style=\"width:40px\" onClick=\"calc('=')\">\u003C\u002Ftd>\n\u003Ctd>\u003Cinput type=\"button\" value=\"+\" style=\"width:40px\" onClick=\"calc('+')\">\u003C\u002Ftd>\u003C\u002Ftr>\n\u003C\u002Ftable>\n\u003C\u002Ftd>\u003C\u002Ftr>\n\u003C\u002Ftable>\n\u003C\u002Fform>",{"error":198,"url":199,"statusCode":200,"statusMessage":201,"message":201},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-calculator\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":203},[]]