[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7uhUyWmZUfUPg8WUPYFz4x8CLXESloXx50Ctd8hEHps":3,"$fzaq9Sjwm2zMT0Q_xDhU3EXqBB3aIwziuTA4AHJ0N0qQ":294,"$fst6VQbIQvNvvMd0_ieQyJBwzLIDr3YrEX6y1M4kF3X0":298},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":37,"analysis":129,"fingerprints":271},"wp-custom-voting","WP Custom Voting","1.0","dmitritechs","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmitritechs\u002F","\u003Cp>This plugin is meant for admin to bring the feature of VOTING to their posts or pages. Admin can set the button label before and after voting both for pages and posts. All votes are IP tracked, so same user can’t vote twice for the same post or page buttons.\u003C\u002Fp>\n\u003Cp>The admin can choose the postion of the votting buttons on top , bottom or both of the page or post. The site visitor can also view the total votes along with the button same as in facebook.\u003C\u002Fp>\n\u003Cp>WP Custom Voting Plugin allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Write your own text\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose font color\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose button position\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please visit http:\u002F\u002Fwww.dmitritech.com to download the plugin.\u003C\u002Fp>\n","This plugin is meant for admin to bring the feature of VOTING to their posts or pages, like facebook post like.",10,5226,70,2,"2013-02-04T05:18:00.000Z","3.5.2","3.2","",[20,21,22,23,4],"ip-track-voting","post-like","post-vote","voting","http:\u002F\u002Fdmitritech.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-voting.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-05-19T20:49:41.140Z",[38,54,74,87,104],{"slug":39,"name":40,"version":6,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":17,"requires_php":18,"tags":50,"homepage":18,"download_link":53,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"gp-post-like","Gp post Like","Ganesh Paygude","https:\u002F\u002Fprofiles.wordpress.org\u002Fganeshpaygude\u002F","\u003Cp>Allow user add post like button above or below post content\u003C\u002Fp>\n\u003Cp>Major features in Gp post Like include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setting option checkbox  Allow user add post like button above or below post content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n","Allow user add post like button above or below post content.",2243,100,3,"2018-02-06T06:37:00.000Z","4.9.29",[51,21,52,23],"like","post-voting","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-post-like.1.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":63,"num_ratings":14,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":71,"download_link":72,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":73},"kento-like-post","Kento Like Post","1.1","PluginsPoint","https:\u002F\u002Fprofiles.wordpress.org\u002Fkentothemes\u002F","\u003Cp>Post Like Button for wordPress Site like Facebook\u003C\u002Fp>\n\u003Cp>Live Preview: http:\u002F\u002Fkentothemes.com\u002Fdemo\u002Fkento-like-post\u002Fkento-like-post\u002F\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Like\u002FUnlike.\u003C\u002Fli>\n\u003Cli>Like Count.\u003C\u002Fli>\n\u003Cli>Display Thumbnail who like post.\u003C\u002Fli>\n\u003Cli>Popup Login Box if user not logged. \u003C\u002Fli>\n\u003Cli>Current like Marker for logged in user Like\u002FUnlike.\u003C\u002Fli>\n\u003Cli>Unique Like Count, if user Liked will not able to Like again on same post.\u003C\u002Fli>\n\u003C\u002Ful>\n","Facebook Style like button for WordPress with like count and user thumbnails.",3064,20,"2015-06-09T06:18:00.000Z","4.2.39","3.5",[68,21,22,69,70],"like-button","wordpress-vote","wp-like","http:\u002F\u002Fkentothemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkento-like-post.1.1.zip","2026-04-16T10:56:18.058Z",{"slug":75,"name":76,"version":77,"author":58,"author_profile":59,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":83,"homepage":71,"download_link":86,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"kento-vote","Kento Vote","1.2","\u003Cp>Kento Vote Plugin is count your vote and display voter thumbnail under vote button who voted on your post.\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Up\u002FDown Vote.\u003C\u002Fli>\n\u003Cli>Up\u002FDown vote Count.\u003C\u002Fli>\n\u003Cli>Display Thumbnail who voted on post.\u003C\u002Fli>\n\u003Cli>Popup Login Box if user not logged. \u003C\u002Fli>\n\u003Cli>Current Vote Marker for logged in user Up\u002FDown vote.\u003C\u002Fli>\n\u003Cli>Unique Vote Count, if user voted will not able to vote again on same post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Live Preview: http:\u002F\u002Fkentothemes.com\u002Fdemos\u002Fkento-vote\u002Fkento-vote-plugin\u002F\u003C\u002Fp>\n","Vote on Post and Display Who Voted via gravatar thumbnail.",3407,66,4,[84,22,85,23,69],"polls","vote-it-up","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkento-vote.1.2.zip",{"slug":88,"name":89,"version":77,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":11,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":102,"download_link":103,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-postvoting","WP PostVoting","Realwebcare","https:\u002F\u002Fprofiles.wordpress.org\u002Frealwebcare\u002F","\u003Cp>“WP PostVoting” plugin will make your wordpress blog a content voting site and also create a widget to display the most voted posts. Using the power of the ajax, users will be able to vote any posts instantly. From the admin panel you can decide whether you would like to allow or disallow unregistered users to vote.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>View the \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fwww.tips4blog.com\u002Fwordpress\u002Ftips-id\u002F519#electme-519\" rel=\"nofollow ugc\">DEMO\u003C\u002Fa>\u003C\u002Fstrong> of the plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Control voting system via PostVoting Active\u002FInactive option.\u003C\u002Fli>\n\u003Cli>Allowing only Registered users to vote.\u003C\u002Fli>\n\u003Cli>Customise PostVoting text.\u003C\u002Fli>\n\u003Cli>Sort posts by vote count.\u003C\u002Fli>\n\u003Cli>Display PostVoting statistics.\u003C\u002Fli>\n\u003Cli>Display most voted widget in sidebar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Go to your Dashboard and navigate to “Settings >> WP PostVoting”.\u003C\u002Fli>\n\u003Cli>Activate PostVoting and also mark where you would like to show PostVoting count.\u003C\u002Fli>\n\u003Cli>Allow or disallow unregistered visitors to vote.\u003C\u002Fli>\n\u003Cli>Drag and drop ‘WPPV Most Voted Posts’ widget in your sidebar to display most voted posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Website: \u003Ca href=\"https:\u002F\u002Fwww.realwebcare.com\" rel=\"nofollow ugc\">Realwebcare\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Frealwebcare\" rel=\"nofollow ugc\">Facebook Page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Please rate this plugin and leave comment or suggestion.\u003C\u002Fli>\n\u003Cli>It will help me to review and improve the quality of this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>References\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.sitepoint.com\u002Fcreate-a-voting-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Sitepoint\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>This program is free software; you can redistribute it and\u002For modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation; either version 2 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\n\u003C\u002Fcode>\u003C\u002Fpre>\n","\"WP PostVoting\" plugin allows visitors to vote on your blog's content with a widget of the most voted posts.",5347,88,7,"2023-11-15T00:02:00.000Z","6.4.8","3.0",[22,85,23,69,101],"wp-post-voting","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-postvoting\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postvoting.1.2.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":125,"download_link":126,"security_score":127,"vuln_count":82,"unpatched_count":27,"last_vuln_date":128,"fetched_at":73},"kk-star-ratings","kk Star Ratings – Rate Post & Collect User Feedbacks","5.4.10.4","properfraction","https:\u002F\u002Fprofiles.wordpress.org\u002Fproperfraction\u002F","\u003Cp>kk Star Ratings is a widely used star rating plugin for wordpress. Here are some highlighted features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>User defined amount of star ratings (5 as default) in your \u003Cstrong>posts\u003C\u002Fstrong>, \u003Cstrong>pages\u003C\u002Fstrong> and publicly accesible \u003Cstrong>custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Structured data supporting \u003Cstrong>google rich snippets\u003C\u002Fstrong> showing the star ratings in search results which has the potential to drive more traffic to your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Widespread coverage of custom hooks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Full control via options page. You can,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Enable or disable globally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Disable star ratings in posts that belong to certain categories.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose where to show the star ratings. It can be on the \u003Cstrong>homepage\u003C\u002Fstrong>, in \u003Cstrong>archives\u003C\u002Fstrong>, in \u003Cstrong>posts\u003C\u002Fstrong>, in \u003Cstrong>pages\u003C\u002Fstrong> and\u002For in \u003Cstrong>custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Control the structured data schema and type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Restrict votings per unique ip.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow voting in archives.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow guests to vote.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Customize position within the post content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Adjust the amount of stars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>And much more…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.",80000,2207729,78,171,"2026-03-04T12:53:00.000Z","6.9.4","5.0","7.4",[121,122,123,124,23],"ajax-ratings","feedback","rate-post","star-ratings","https:\u002F\u002Ffeedbackwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkk-star-ratings.5.4.10.4.zip",96,"2024-12-20 16:25:44",{"attackSurface":130,"codeSignals":174,"taintFlows":195,"riskAssessment":255,"analyzedAt":270},{"hooks":131,"ajaxHandlers":163,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":14,"unprotectedCount":14},[132,138,142,146,150,154,158],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_menu","wpcv_admin_menu","wp_customvote.php",17,{"type":133,"name":139,"callback":140,"file":136,"line":141},"wp_print_scripts","wpcv_admin_script",178,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_print_styles","wpcv_admin_css",189,{"type":133,"name":147,"callback":148,"file":136,"line":149},"wp_head","wpcv_script",198,{"type":133,"name":151,"callback":152,"file":136,"line":153},"wp_footer","wpcv_script_footer",209,{"type":133,"name":155,"callback":156,"file":136,"line":157},"wp_enqueue_scripts","wpcv_styles",241,{"type":159,"name":160,"callback":161,"file":136,"line":162},"filter","the_content","wpcv_content_formatting",248,[164,169],{"action":165,"nopriv":166,"callback":165,"hasNonce":167,"hasCapCheck":167,"file":136,"line":168},"ProcessWPCV",true,false,321,{"action":165,"nopriv":167,"callback":165,"hasNonce":167,"hasCapCheck":167,"file":136,"line":170},322,[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":194},[],{"prepared":27,"raw":27,"locations":177},[],{"escaped":27,"rawEcho":96,"locations":179},[180,183,185,187,188,190,192],{"file":136,"line":181,"context":182},51,"raw output",{"file":136,"line":184,"context":182},56,{"file":136,"line":186,"context":182},61,{"file":136,"line":81,"context":182},{"file":136,"line":189,"context":182},231,{"file":136,"line":191,"context":182},234,{"file":136,"line":193,"context":182},337,[],[196],{"entryPoint":197,"graph":198,"unsanitizedCount":96,"severity":254},"\u003Cwp_customvote> (wp_customvote.php:0)",{"nodes":199,"edges":246},[200,205,210,214,216,220,222,226,228,232,234,238,240,244],{"id":201,"type":202,"label":203,"file":136,"line":204},"n0","source","$_REQUEST['wpcv_label']",142,{"id":206,"type":207,"label":208,"file":136,"line":204,"wp_function":209},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":211,"type":202,"label":212,"file":136,"line":213},"n2","$_REQUEST['wpcv_label_voted']",146,{"id":215,"type":207,"label":208,"file":136,"line":213,"wp_function":209},"n3",{"id":217,"type":202,"label":218,"file":136,"line":219},"n4","$_REQUEST['wpcv_label_color']",150,{"id":221,"type":207,"label":208,"file":136,"line":219,"wp_function":209},"n5",{"id":223,"type":202,"label":224,"file":136,"line":225},"n6","$_REQUEST['wpcv_label_color_voted']",153,{"id":227,"type":207,"label":208,"file":136,"line":225,"wp_function":209},"n7",{"id":229,"type":202,"label":230,"file":136,"line":231},"n8","$_REQUEST['wpcv_pagetop']",157,{"id":233,"type":207,"label":208,"file":136,"line":231,"wp_function":209},"n9",{"id":235,"type":202,"label":236,"file":136,"line":237},"n10","$_REQUEST['wpcv_pagebottom']",163,{"id":239,"type":207,"label":208,"file":136,"line":237,"wp_function":209},"n11",{"id":241,"type":202,"label":242,"file":136,"line":243},"n12","$_REQUEST['wpcv_postonly']",169,{"id":245,"type":207,"label":208,"file":136,"line":243,"wp_function":209},"n13",[247,248,249,250,251,252,253],{"from":201,"to":206,"sanitized":167},{"from":211,"to":215,"sanitized":167},{"from":217,"to":221,"sanitized":167},{"from":223,"to":227,"sanitized":167},{"from":229,"to":233,"sanitized":167},{"from":235,"to":239,"sanitized":167},{"from":241,"to":245,"sanitized":167},"low",{"summary":256,"deductions":257},"The \"wp-custom-voting\" v1.0 plugin exhibits a concerning security posture despite having no recorded vulnerabilities. The static analysis reveals two AJAX handlers, both lacking any form of authentication or capability checks. This represents a significant attack surface, as any unauthenticated user could potentially trigger these handlers. While the plugin uses prepared statements for SQL queries, the complete lack of output escaping on all seven identified output points is a critical flaw. This can lead to cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. The taint analysis shows a single flow with an unsanitized path, which, while not classified as critical or high severity in this analysis, warrants attention due to the overall lack of sanitization and escaping. The absence of any vulnerability history might suggest a lack of widespread exploitation or a relatively new plugin, but it does not negate the inherent risks identified in the code. The plugin's strengths lie in its use of prepared statements for database interactions and the absence of dangerous functions or file operations. However, the critical issues of unprotected AJAX endpoints and pervasive unescaped output create substantial security risks that need immediate attention.",[258,260,263,266,268],{"reason":259,"points":11},"Unprotected AJAX handlers",{"reason":261,"points":262},"All outputs unescaped",8,{"reason":264,"points":265},"Flow with unsanitized path",5,{"reason":267,"points":96},"Missing nonce checks on AJAX",{"reason":269,"points":96},"Missing capability checks on AJAX","2026-03-17T00:30:38.832Z",{"wat":272,"direct":282},{"assetPaths":273,"generatorPatterns":279,"scriptPaths":280,"versionParams":281},[274,275,276,277,278],"\u002Fwp-content\u002Fplugins\u002Fwp-custom-voting\u002Fimages\u002Ficon.png","\u002Fwp-content\u002Fplugins\u002Fwp-custom-voting\u002Fimages\u002Fdmitri-logo.png","\u002Fwp-content\u002Fplugins\u002Fwp-custom-voting\u002Fimages\u002Fhire-wordpress-guru.jpg","\u002Fwp-content\u002Fplugins\u002Fwp-custom-voting\u002Fjs\u002Fadmin-script.js","\u002Fwp-content\u002Fplugins\u002Fwp-custom-voting\u002Fcss\u002Fadmin-style.css",[],[277],[],{"cssClasses":283,"htmlComments":289,"htmlAttributes":290,"restEndpoints":291,"jsGlobals":292,"shortcodeOutput":293},[284,285,286,287,288],"wpcv-icon","wpcv-left","wpcv-right","wpcv-textarea","wpcv-textarea-right",[],[],[],[],[],{"error":166,"url":295,"statusCode":296,"statusMessage":297,"message":297},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-custom-voting\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":299},[]]