[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYGzXrqzuE-4Zc8Odt-MHN0fLgRqEo3um4gEVMcbYuaQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":129,"fingerprints":274},"wp-contributions","WP Contributions","1.3.1","Michael Beckwith","https:\u002F\u002Fprofiles.wordpress.org\u002Ftw2113\u002F","\u003Cp>Provides an easy way to display your WordPress.org Themes, Plugins, Core tickets, and Codex contributions with handy widgets and template tags.\u003C\u002Fp>\n\u003Cp>WordPress wouldn’t be as amazing as it is without all of the contributors to the project. The community is proud of each and every contributor. Display some of your contributions to the project using handy widgets or template tags in your custom theme.  Currently, you can display your contributions to WordPress core, the WordPress Codex, your WordPress Plugins, or your WordPress themes.\u003C\u002Fp>\n\u003Cp>There are four handy widgets available for you that are easily configured and added to your sidebar.  You just need to add your theme or plugin slug to display a theme or plugin or enter your WordPress.org username to display core or codex contributions.\u003C\u002Fp>\n\u003Cp>There are two shortcodes available, and some handy template tags if you desire to add them in your custom theme.  More info on shortcodes and template tags are available under the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-contributions\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>We want to give a big thanks to the great plugin, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-core-contributions-widget\u002F\" rel=\"ugc\">Core Contributions Widget\u003C\u002Fa> by Eric Mann, Michael Fields, John P. Bloch, Mike Bijon, and Konstantin Obenland. We forked part of this plugin to include Core and Codex Contributions. If you would just like widgets to display Core and Codex Contributions, we recommend downloading their plugin.\u003C\u002Fp>\n\u003Ch3>Available shortcodes\u003C\u002Fh3>\n\u003Ch3>Show a Plugin Card\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>[wp_contributions_plugin_card slug=\"your-plugin-slug\"]\u003Ch3>Show a Theme Card\u003C\u002Fh3>\n[wp_contributions_theme_card slug=\"your-theme-slug\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Not sure what shortcodes are? \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FShortcode\" rel=\"nofollow ugc\">Learn more here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>How do I add a widget?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Visit Appearance -> Widgets in your WordPress Admin.\u003C\u002Fli>\n\u003Cli>Drag any of the WP Contributions widgets to the sidebar where you want them to appear.\u003C\u002Fli>\n\u003Cli>For the plugin and them widgets, enter a widget title and enter the slug of the plugin you would like to display. The slug of a plugin can be found by looking at the URL of the plugin page.  For instance, Jetpack is found at \u003Ccode>https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack\u002F\u003C\u002Fcode> which makes the plugin slug \u003Ccode>jetpack\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>For Core and Codex contributions, enter a title, your WordPress.org username, and the number of contributions you would like to display. It will display the most recent contributions. There will be a link to display more contributions so people can view any after the number you input.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>What template tags are available?\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php wp_contributions_plugin_card( $plugin_slug ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays a the plugin information for a plugin. Just pass the slug of the plugin as \u003Ccode>$plugin_slug\u003C\u002Fcode> to display the plugin information card.  This function will echo your results to your template.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_contributions_theme_card( $theme_slug ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays a the theme information for a theme. Just pass the slug of the theme as \u003Ccode>$theme_slug\u003C\u002Fcode> to display the theme information card.  This function will echo your results to your template.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_contributions_author_plugin_cards( $username ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays all plugins for a plugin author.  Just pass the WordPress.org username as \u003Ccode>$username\u003C\u002Fcode> to display all plugin cards for that user.  This function will echo your results to your template.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_contributions_author_theme_cards( $username ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays all plugins for a theme author.  Just pass the WordPress.org username as \u003Ccode>$username\u003C\u002Fcode> to display all theme cards for that user.  This function will echo your results to your template.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_contributions_core_contributions_card( $username, $count ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays Core contributions for a WordPress.org user.  Just pass the WordPress.org username as \u003Ccode>$username\u003C\u002Fcode> to display the contributions for that user. Optionally, you can also pass in \u003Ccode>$count\u003C\u002Fcode> to control the number of contributions to display. Default count is set at 5. This function will echo your results to your template.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php wp_contributions_codex_contributions_card( $username, $count ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Displays Codex contributions for a WordPress.org user.  Just pass the WordPress.org username as \u003Ccode>$username\u003C\u002Fcode> to display the contributions for that user. Optionally, you can also pass in \u003Ccode>$count\u003C\u002Fcode> to control the number of contributions to display. Default count is set at 5. This function will echo your results to your template.\u003C\u002Fp>\n\u003Ch4>How do I integrate directly in a theme?\u003C\u002Fh4>\n\u003Cp>Copy either the individual template file: e.g. \u003Ccode>\u002Fwp-content\u002Fwp-contributions-theme-card-template.php\u003C\u002Fcode>, or the plugin’s entire template folder into your theme’s folder (\u003Ccode>\u002Fwp-content\u002Fplugins\u002Fwp-contributions\u002Ftemplates\u002F\u003C\u002Fcode>), and override anything you desire.\u003C\u002Fp>\n","Provides an easy way to display your WordPress.org Themes, Plugins, Core tickets, and Codex contributions with handy widgets and template tags.",10,2928,100,1,"2024-09-06T14:42:00.000Z","6.6.5","3.8.0","7.4",[20,21,22,23,24],"codex","contributions","core","plugins","themes","https:\u002F\u002Fmichaelbox.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-contributions.1.3.1.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":14,"trust_score":37,"computed_at":38},"tw2113",9,370,91,94,"2026-04-04T22:00:34.336Z",[40,61,78,94,111],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":37,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255107,61,"2021-06-04T00:46:00.000Z","5.0.25","3.7","",[22,23,56,24,57],"stable","updates","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":28,"num_ratings":28,"last_updated":71,"tested_up_to":72,"requires_at_least":54,"requires_php":73,"tags":74,"homepage":76,"download_link":77,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"site-update-notification","Site Update Notification","1.0","Rakib Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwprakibhossain\u002F","\u003Cp>Site Update Notification is a simple WordPress plugin that sends email notifications to administrators when plugins, themes, or WordPress need updates.\u003C\u002Fp>\n\u003Cp>This plugin checks for available updates for plugins, themes, and WordPress core every day and sends an email notification with the list of updates that need to be installed.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Sends email notifications for plugin updates\u003C\u002Fli>\n\u003Cli>Sends email notifications for theme updates\u003C\u002Fli>\n\u003Cli>Sends email notifications for WordPress core updates\u003C\u002Fli>\n\u003Cli>Customizable email address\u003C\u002Fli>\n\u003Cli>Easy-to-use and lightweight\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that sends email notifications when plugins, themes, or WordPress need updates.",50,548,"2025-01-06T14:15:00.000Z","8.1.30","5.6",[22,75,23,24,57],"notifications","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsite-update-notification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-update-notification.1.0.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":13,"num_ratings":14,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":54,"tags":90,"homepage":92,"download_link":93,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"l7-automatic-updates","L7 Automatic Updates","2.0.0","Jeff","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeffreysmattson\u002F","\u003Cp>A simple plugin that gives you the flexibility to set whether you want individual plugins to update or not.  This is something I find very useful on many of my sites.  Some plugins have been edited by previous Developers and they cannot be updated.  Other plugins on the same site still need to be updated.  You can set this to update the ones that can be updated automatically and don’t need specific attention.\u003C\u002Fp>\n\u003Cp>Choose whether you want the updater to update even though you are using a version control system such as SVN or git.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Users can set automatic updates:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For Major WordPress Releases\u003C\u002Fli>\n\u003Cli>For Minor WordPress Releases\u003C\u002Fli>\n\u003Cli>For Themes\u003C\u002Fli>\n\u003Cli>For All Plugins\u003C\u002Fli>\n\u003Cli>For Individual Plugins\u003C\u002Fli>\n\u003Cli>Change notification email address.\u003C\u002Fli>\n\u003C\u002Ful>\n","Set individual plugins, major and minor WordPress releases, themes and all plugins to automatically update.",1885,"2017-09-02T03:51:00.000Z","4.8.28","3.8.2",[91,22,23,24,57],"automatic","http:\u002F\u002Flayer7web.com\u002Fprojects\u002Fl7-automatic-updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fl7-automatic-updates.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":13,"num_ratings":14,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":109,"download_link":110,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"update-intervals","Update Intervals","1.05","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Cp>Change the intervals of automatic updates.\u003C\u002Fp>\n\u003Ch4>Changeable\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Core and their translations\u003C\u002Fli>\n\u003Cli>Plugins and their translations\u003C\u002Fli>\n\u003Cli>Themes and their translations\u003C\u002Fli>\n\u003C\u002Ful>\n","Change the intervals of automatic updates.",2757,"2025-11-25T22:08:00.000Z","6.9.4","4.7","8.0",[22,23,24,108],"update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdate-intervals\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-intervals.1.05.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":11,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":54,"tested_up_to":122,"requires_at_least":123,"requires_php":54,"tags":124,"homepage":126,"download_link":127,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":128},"wpalerts","WPAlerts","1.5.3","webstylemedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fscherbakovwebstylestudio\u002F","\u003Cp>WPAlerts is a web-based software (http:\u002F\u002Fwp-alerts.com\u002F) that allows one person to update multiple WordPress web sites from one dashboard. The WPAlerts plugin connects a WordPress web site to our web site for easy updating.\u003Cbr \u002F>\nTo use the software you need this free plugin to be installed on you WordPress site. It allows you to easily update WordPress websites, plugins and themes. Also you can make backups of your WordPress sites.\u003C\u002Fp>\n\u003Ch4>Many WordPress Blogs – One Dashboard\u003C\u002Fh4>\n\u003Cp>The WPAlerts software allows you to make updates on your WordPress sites easily. You have one dashboard where you can see and manage all your blogs at one place.\u003C\u002Fp>\n\u003Ch4>Assign Categories to Your Blogs\u003C\u002Fh4>\n\u003Cp>The WPAlerts website (http:\u002F\u002Fwp-alerts.com\u002F) dashboard allows you to assign categories for your blogs for easily manage any amount of the website you want.\u003C\u002Fp>\n\u003Ch4>Make Updates in Just One-Click\u003C\u002Fh4>\n\u003Cp>To make updates on your website you may want to select which plugins or themes on which blogs to update or even use one button to make updates on all your blogs instantly.\u003C\u002Fp>\n\u003Ch4>Weekly or Montly Reports\u003C\u002Fh4>\n\u003Cp>You may setup the weekly or monthly email notifications about the updates needed.\u003C\u002Fp>\n\u003Ch4>Multi-users\u003C\u002Fh4>\n\u003Cp>You may have multiple users in your account and easily manage blogs with the user accounts.\u003C\u002Fp>\n\u003Ch4>Something Else?\u003C\u002Fh4>\n\u003Cp>We constantly working on adding new features to our system to be ahead of our competitors providing the best service on the market for our customers!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check available updates on your sites – WordPress cores, plugins, themes\u003C\u002Fli>\n\u003Cli>Make your WordPress site backups\u003C\u002Fli>\n\u003Cli>Back Ups to Amazon S3\u003C\u002Fli>\n\u003Cli>Assign categories to your blogs so you can keep your dashboard clean and easily manage your blogs\u003C\u002Fli>\n\u003Cli>Multiple Blogs in one dashboard\u003C\u002Fli>\n\u003Cli>Multiple Users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Setup\u003C\u002Fh4>\n\u003Cp>To start with the WPAlerts software go to http:\u002F\u002Fwp-alerts.com\u002F and register free account here https:\u002F\u002Fwp-alerts.com\u002Fsite\u002Fregister.\u003Cbr \u002F>\nOnce you registered and\u002For login (https:\u002F\u002Fwp-alerts.com\u002Fsite\u002Flogin) you’ll see the dashboard where you can easily add categories or website groups.\u003Cbr \u002F>\nTo add the WordPress blog to your dashboard press ‘Add Website’ button and input ‘Title’ and ‘Url’ of your Website in the popup window.\u003Cbr \u002F>\nAfter adding your website you’ll see the instructions of plugin setup. You will need to copy your website API Key and install WPAlert plugin on your website, activate the plugin and enter the API Key in the WPAlert plugin settings.\u003Cbr \u002F>\nThe final step is press ‘Refresh Website’ button to sync your WordPress website with the dashboard.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>You can email us at wpalerts@webstylemedia.com for support.\u003C\u002Fp>\n","WPAlerts is a web-based software (http:\u002F\u002Fwp-alerts.com\u002F) that allows one person to update multiple WordPress web sites from one dashboard.",1910,60,2,"4.7.32","3.0",[23,24,57,125,112],"wordpress-cores","http:\u002F\u002Fwp-alerts.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpalerts.zip","2026-03-15T10:48:56.248Z",{"attackSurface":130,"codeSignals":188,"taintFlows":258,"riskAssessment":259,"analyzedAt":273},{"hooks":131,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":187,"entryPointCount":121,"unprotectedCount":28},[132,137,139,142,144,145,146,149,151,152,154,155,156,161,165,169,173],{"type":133,"name":134,"callback":135,"file":136,"line":120},"action","save_post","flush_widget_cache","inc\\class-wds-wp-contributions-codex-widget.php",{"type":133,"name":138,"callback":135,"file":136,"line":50},"deleted_post",{"type":133,"name":140,"callback":135,"file":136,"line":141},"switch_theme",62,{"type":133,"name":134,"callback":135,"file":143,"line":120},"inc\\class-wds-wp-contributions-core-widget.php",{"type":133,"name":138,"callback":135,"file":143,"line":50},{"type":133,"name":140,"callback":135,"file":143,"line":141},{"type":133,"name":134,"callback":135,"file":147,"line":148},"inc\\class-wds-wp-contributions-plugin-widget.php",58,{"type":133,"name":138,"callback":135,"file":147,"line":150},59,{"type":133,"name":140,"callback":135,"file":147,"line":120},{"type":133,"name":134,"callback":135,"file":153,"line":148},"inc\\class-wds-wp-contributions-theme-widget.php",{"type":133,"name":138,"callback":135,"file":153,"line":150},{"type":133,"name":140,"callback":135,"file":153,"line":120},{"type":133,"name":157,"callback":158,"file":159,"line":160},"widgets_init","register_widgets","wp-contributions.php",77,{"type":133,"name":162,"callback":163,"file":159,"line":164},"wp_enqueue_scripts","enqueue",80,{"type":133,"name":166,"callback":167,"file":159,"line":168},"init","wp_contributions_block_init",83,{"type":133,"name":170,"callback":171,"file":159,"line":172},"plugins_loaded","load_wp_contributions",257,{"type":133,"name":166,"callback":174,"file":159,"line":175},"closure",261,[],[],[179,184],{"tag":180,"callback":181,"file":182,"line":183},"wp_contributions_plugin_card","wp_contributions_plugin_card_shortcode","inc\\shortcodes.php",35,{"tag":185,"callback":186,"file":182,"line":148},"wp_contributions_theme_card","wp_contributions_theme_card_shortcode",[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":192,"fileOperations":28,"externalRequests":256,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":257},[],{"prepared":28,"raw":28,"locations":191},[],{"escaped":193,"rawEcho":194,"locations":195},180,33,[196,199,201,203,205,207,209,211,213,214,216,218,219,220,221,224,225,226,228,230,232,235,237,239,241,242,243,245,247,249,250,252,254],{"file":136,"line":197,"context":198},137,"raw output",{"file":136,"line":200,"context":198},140,{"file":136,"line":202,"context":198},148,{"file":136,"line":204,"context":198},150,{"file":143,"line":206,"context":198},144,{"file":143,"line":208,"context":198},147,{"file":143,"line":210,"context":198},155,{"file":143,"line":212,"context":198},157,{"file":147,"line":13,"context":198},{"file":147,"line":215,"context":198},111,{"file":147,"line":217,"context":198},114,{"file":153,"line":13,"context":198},{"file":153,"line":215,"context":198},{"file":153,"line":217,"context":198},{"file":222,"line":223,"context":198},"inc\\helper-functions.php",56,{"file":222,"line":168,"context":198},{"file":222,"line":215,"context":198},{"file":222,"line":227,"context":198},135,{"file":182,"line":229,"context":198},22,{"file":182,"line":231,"context":198},45,{"file":233,"line":234,"context":198},"templates\\wp-contributions-plugin-card-template.php",28,{"file":233,"line":236,"context":198},32,{"file":233,"line":238,"context":198},36,{"file":233,"line":240,"context":198},52,{"file":233,"line":148,"context":198},{"file":233,"line":141,"context":198},{"file":244,"line":238,"context":198},"templates\\wp-contributions-theme-card-template.php",{"file":244,"line":246,"context":198},42,{"file":244,"line":248,"context":198},46,{"file":244,"line":69,"context":198},{"file":244,"line":251,"context":198},54,{"file":159,"line":253,"context":198},232,{"file":159,"line":255,"context":198},243,6,[],[],{"summary":260,"deductions":261},"The 'wp-contributions' plugin version 1.3.1 exhibits a generally positive security posture based on the static analysis.  The absence of dangerous functions, raw SQL queries, file operations, and the adherence to prepared statements for all SQL interactions are commendable.  The high percentage of properly escaped output also suggests good development practices to prevent cross-site scripting vulnerabilities.  Furthermore, the lack of any recorded vulnerabilities, including CVEs, indicates a history of relatively secure development or diligent patching by users if vulnerabilities did exist in past versions.\n\nHowever, several areas present potential concerns. The plugin has two entry points via shortcodes, and the static analysis indicates that these do not have explicit capability checks. While the total entry points are low, the lack of authorization checks on shortcode execution could potentially lead to unauthorized actions if the shortcode performs sensitive operations. The absence of nonce checks on any entry points, including the shortcodes, is a significant omission that leaves the plugin vulnerable to cross-site request forgery (CSRF) attacks.  Additionally, the plugin makes six external HTTP requests, and the analysis does not provide information on whether these requests are properly validated or escaped before use, potentially introducing risks if external data is not handled securely.\n\nIn conclusion, 'wp-contributions' v1.3.1 demonstrates strengths in its handling of database interactions and output sanitization. However, the lack of capability checks on shortcodes and the absence of nonce checks across all entry points represent notable security weaknesses that should be addressed. The clean vulnerability history is a positive indicator, but it doesn't fully mitigate the risks identified in the code analysis, particularly regarding CSRF vulnerabilities.",[262,265,267,270],{"reason":263,"points":264},"Shortcodes lack capability checks",8,{"reason":266,"points":11},"Missing nonce checks on entry points",{"reason":268,"points":269},"External HTTP requests without auth context",4,{"reason":271,"points":272},"Output escaping not 100%",5,"2026-03-17T00:38:00.920Z",{"wat":275,"direct":282},{"assetPaths":276,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[277],"\u002Fwp-content\u002Fplugins\u002Fwp-contributions\u002Fassets\u002Fcss\u002Fstyle.css",[],[],[281],"wp-contributions\u002Fassets\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":283,"htmlComments":286,"htmlAttributes":287,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":297},[284,285],"wp-contributions-message","alert",[],[288,289,290,291,292,293],"data-block","data-align","data-type","data-preferred-username","data-theme","data-contribution-type",[],[296],"wp_contributions",[298,299,300,301,302],"[wp_contributions_plugin_card slug='{slug}']","[wp_contributions_theme_card slug='{slug}']","[wp_contributions_core_card slug='{slug}']","[wp_contributions_codex_card slug='{slug}']","[wp_contributions_block slug='{slug}']"]