[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQZuLBqiLkUgFdt6W77C7s8XznXQBxxu4Xc9nUJrNJW0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":48,"analysis":161,"fingerprints":296},"wp-likes","WP likes","3.1.1","aakash1911","https:\u002F\u002Fprofiles.wordpress.org\u002Faakash1911\u002F","\u003Cp>WP Likes lets visitors “like” your posts on the fly. No logging in!\u003Cbr \u002F>\nEasily customizable to be used in various other scenarios.\u003Cbr \u002F>\nShows top liked posts in sidebar widget or on a separate page.\u003C\u002Fp>\n","WP Likes lets your blog visitors 'like' your posts on the go.",100,39073,3,"2011-12-20T18:00:00.000Z","3.3.2","2.0","",[19,20,21,22],"feedback","like","likes","voting","http:\u002F\u002Fblog.aakash.org\u002F2011\u002F12\u002Ffew-updates-wp-likes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-likes.zip",63,1,"2025-09-05 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-58848","wp-likes-cross-site-request-forgery-to-cross-site-scripting","WP likes \u003C= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting","The WP likes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=3.1.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-09 22:25:59",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0c18e637-a117-4154-84b8-8afa84ac6feb?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":45,"trust_score":46,"computed_at":47},30,68,"2026-04-04T06:01:16.357Z",[49,74,95,114,138],{"slug":50,"name":51,"version":52,"author":53,"author_profile":54,"description":55,"short_description":56,"active_installs":57,"downloaded":58,"rating":59,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":72,"last_vuln_date":73,"fetched_at":28},"wp-voting-contest","WP Voting Contest Lite","5.8","Matt","https:\u002F\u002Fprofiles.wordpress.org\u002Fmvincik\u002F","\u003Cp>Easy to use voting contest plugin for WordPress. Simply let users vote photos\u002Fimages in your Contests.\u003C\u002Fp>\n\u003Cp>Installing and activating this plugin will place a vote button and a vote count below each photo of all contestants images using the [showcontestants id=’category id’] shortcode.\u003C\u002Fp>\n\u003Cp>Note: Only logged in users can vote in Lite version!\u003C\u002Fp>\n\u003Ch4>PRO VERSION\u003C\u002Fh4>\n\u003Cp>The all-in-one \u003Ca href=\"https:\u002F\u002Fwpvotingcontest.com\u002Fdownloads\u002Fwordpress-voting-photo-contest-plugin\u002F\" rel=\"nofollow ugc\">WordPress Contest plugin\u003C\u002Fa>. Start an Audio Contest, Video Contest, Photo Contest, or Essay Contest using a single plugin.\u003C\u002Fp>\n\u003Ch4>Online Demo\u003C\u002Fh4>\n\u003Cp>You can try out the \u003Ca href=\"https:\u002F\u002Fdemo.wpvotingcontest.com\u002F\" rel=\"nofollow ugc\">Online demonstration\u003C\u002Fa> to see how the plugin works.\u003C\u002Fp>\n\u003Cp>To login, go to the \u003Ca href=\"https:\u002F\u002Fdemo.wpvotingcontest.com\u002Fwp-admin\u002Fadmin.php?page=contestants\" rel=\"nofollow ugc\">Demo dashboard\u003C\u002Fa> and login with \u003Cstrong>demo\u003C\u002Fstrong> \u002F \u003Cstrong>demo4\u003C\u002Fstrong>.\u003C\u002Fp>\n","Let users cast votes on your images\u002Fphotos.",500,31306,62,15,"2025-02-27T12:06:00.000Z","6.7.5","5.0","8.1",[66,67,21,68,22],"contest","gallery","photo","https:\u002F\u002Fwpvotingcontest.com\u002F?download=wordpress-voting-photo-contest-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-voting-contest.5.8.zip",47,2,"2025-08-21 00:00:00",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":90,"download_link":91,"security_score":92,"vuln_count":26,"unpatched_count":93,"last_vuln_date":94,"fetched_at":28},"gallery-voting","Tribulant Gallery Voting","1.5","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>Simply let users (whether logged in or guest users, your choice) vote\u002Flike photos\u002Fimages on your WordPress galleries. Users can also retract their votes, if the Unvoting feature is enabled by the admin.\u003C\u002Fp>\n\u003Cp>Installing and activating this plugin will place a vote\u002Flike link and a vote count below each photo of all WordPress image\u002Fphoto galleries using the \u003Ccode>[gallery]\u003C\u002Fcode> shortcode.\u003C\u002Fp>\n\u003Ch4>Online Demo\u003C\u002Fh4>\n\u003Cp>You can try out the \u003Ca href=\"https:\u002F\u002Ftribulant.net\u002Fgalleryvoting\u002F\" rel=\"nofollow ugc\">online demonstration\u003C\u002Fa> to see how the plugin works.\u003C\u002Fp>\n\u003Cp>To log in, go to the \u003Ca href=\"https:\u002F\u002Ftribulant.net\u002Fgalleryvoting\u002Fwp-admin\u002F\" rel=\"nofollow ugc\">demo dashboard\u003C\u002Fa> and log in with \u003Cstrong>demo\u003C\u002Fstrong> \u002F \u003Cstrong>demo\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Support & Help\u003C\u002Fh4>\n\u003Cp>For support, you can access our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fforums\u002Fcategories\u002Fgallery-voting-plugin\" rel=\"nofollow ugc\">support forums\u003C\u002Fa> to see if your issue was previously resolved there. Otherwise, you can contact us on our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">support website\u003C\u002Fa> or on the WordPress.org support forum.\u003C\u002Fp>\n\u003Cp>View the \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fwordpress-gallery-voting-plugin\u002F9015\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for installation and usage information.\u003C\u002Fp>\n","Let users cast votes\u002Flikes on your WordPress gallery images\u002Fphotos.",300,18457,84,12,"2025-05-01T15:32:00.000Z","6.8.5","3.8",[66,67,21,22],"https:\u002F\u002Ftribulant.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgallery-voting.1.5.zip",99,0,"2025-02-23 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":93,"num_ratings":93,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":111,"download_link":112,"security_score":113,"vuln_count":93,"unpatched_count":93,"last_vuln_date":35,"fetched_at":28},"upvotr","Upvotr","1.0","Liam Gladdy","https:\u002F\u002Fprofiles.wordpress.org\u002Flgladdy\u002F","\u003Cp>A WordPress plugin to allow simple upvoting of post objects by a user.\u003C\u002Fp>\n","A WordPress plugin to allow simple upvoting of post objects by a user.",10,1688,"2016-02-29T11:04:00.000Z","4.4.34","4.0",[109,21,110,22],"downvote","upvote","https:\u002F\u002Fgladdy.uk\u002Fprojects\u002Fupvotr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupvotr.1.0.zip",85,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":63,"requires_php":128,"tags":129,"homepage":133,"download_link":134,"security_score":135,"vuln_count":136,"unpatched_count":93,"last_vuln_date":137,"fetched_at":28},"kk-star-ratings","kk Star Ratings – Rate Post & Collect User Feedbacks","5.4.10.4","properfraction","https:\u002F\u002Fprofiles.wordpress.org\u002Fproperfraction\u002F","\u003Cp>kk Star Ratings is a widely used star rating plugin for wordpress. Here are some highlighted features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>User defined amount of star ratings (5 as default) in your \u003Cstrong>posts\u003C\u002Fstrong>, \u003Cstrong>pages\u003C\u002Fstrong> and publicly accesible \u003Cstrong>custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Structured data supporting \u003Cstrong>google rich snippets\u003C\u002Fstrong> showing the star ratings in search results which has the potential to drive more traffic to your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Widespread coverage of custom hooks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Full control via options page. You can,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Enable or disable globally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Disable star ratings in posts that belong to certain categories.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose where to show the star ratings. It can be on the \u003Cstrong>homepage\u003C\u002Fstrong>, in \u003Cstrong>archives\u003C\u002Fstrong>, in \u003Cstrong>posts\u003C\u002Fstrong>, in \u003Cstrong>pages\u003C\u002Fstrong> and\u002For in \u003Cstrong>custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Control the structured data schema and type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Restrict votings per unique ip.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow voting in archives.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow guests to vote.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Customize position within the post content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Adjust the amount of stars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>And much more…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.",80000,2197646,78,171,"2026-03-04T12:53:00.000Z","6.9.4","7.4",[130,19,131,132,22],"ajax-ratings","rate-post","star-ratings","https:\u002F\u002Ffeedbackwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkk-star-ratings.5.4.10.4.zip",96,4,"2024-12-20 16:25:44",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":146,"downloaded":147,"rating":135,"num_ratings":148,"last_updated":149,"tested_up_to":127,"requires_at_least":150,"requires_php":151,"tags":152,"homepage":156,"download_link":157,"security_score":158,"vuln_count":159,"unpatched_count":26,"last_vuln_date":160,"fetched_at":28},"wp-ulike","WP ULike – Like & Dislike Buttons for Engagement and Feedback","5.0.2","Alimir","https:\u002F\u002Fprofiles.wordpress.org\u002Falimir\u002F","\u003Ch4>#1 Like & Dislike Buttons for WordPress – Get Instant Feedback and Engagement\u003C\u002Fh4>\n\u003Cp>You’re creating great content, but you’re flying blind. Sound familiar? You don’t know which posts hit, which products people love, or what’s actually resonating with your visitors. Comments are great, but most people don’t comment. They just consume and move on.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpulike.com\u002F?utm_source=wp-repo&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">WP ULike\u003C\u002Fa> fixes that. Voting buttons that let your visitors give instant feedback. No registration, no friction, no barriers. Just one click tells you exactly what’s working.\u003C\u002Fp>\n\u003Ch4>Here’s How It Works\u003C\u002Fh4>\n\u003Cp>Activate the plugin, and voting buttons automatically appear on your posts. Zero setup. Zero configuration. It just works.\u003C\u002Fp>\n\u003Cp>Your visitors click to vote. You see what resonates. That’s it.\u003C\u002Fp>\n\u003Cp>Every vote gets tracked so you can see which content your audience loves most. The dashboard shows your top-performing content and voting statistics—simple, actionable insights without the bloat.\u003C\u002Fp>\n\u003Cp>And here’s what we’re proud of: it’s all privacy-safe. GDPR compliant with IP anonymization. We don’t store personal data—just the voting metrics that help you make better decisions.\u003C\u002Fp>\n\u003Ch4>The Three Things That Matter\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>One-Click Voting:\u003C\u002Fstrong> Instant feedback buttons. No barriers, no registration required (though you can restrict to logged-in users if needed). Just pure, simple voting.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Clear Insights:\u003C\u002Fstrong> A dashboard that shows you what’s actually working. Not vanity metrics—real data about what content your audience loves.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy First:\u003C\u002Fstrong> Built with privacy in mind from day one. GDPR compliant, IP anonymization. We respect your visitors because that’s the right thing to do.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FnxQto2Yj_yc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Who Actually Uses This?\u003C\u002Fh4>\n\u003Cp>We’ve been doing this for years, and we’ve seen who gets the most value:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Bloggers and content creators:\u003C\u002Fstrong> Stop writing in the dark. See which posts actually resonate with your audience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Store owners:\u003C\u002Fstrong> Understand what your customers love. See which products get appreciation, not just views.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Community managers:\u003C\u002Fstrong> Track what resonates in your forums and communities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Anyone who wants feedback:\u003C\u002Fstrong> Get instant voting feedback without waiting for comments or running surveys.\u003C\u002Fp>\n\u003Ch4>The Problems We Actually Solve\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Low engagement?\u003C\u002Fstrong> We fix that. Voting buttons with zero friction. No registration required—visitors just click and go.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Flying blind on what works?\u003C\u002Fstrong> Not anymore. See exactly which content performs best. Real statistics, real-time data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy concerns?\u003C\u002Fstrong> We get it. GDPR compliant with IP anonymization. No personal data stored—just the voting metrics you need.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Worried about speed?\u003C\u002Fstrong> Don’t be. Vanilla JavaScript (no jQuery), optimized for performance, compatible with every major caching plugin. Built to be fast, not bloated.\u003C\u002Fp>\n\u003Ch4>What You Get (Free Version)\u003C\u002Fh4>\n\u003Cp>We believe in giving you real value, not a teaser. The free version includes everything you need for instant voting and clear insights:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Voting Buttons:\u003C\u002Fstrong> Auto-display on posts, or drop them anywhere with the \u003Ccode>[wp_ulike]\u003C\u002Fcode> shortcode. Works with WooCommerce, BuddyPress, and bbPress if you use them—but it’s not required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple Dashboard:\u003C\u002Fstrong> See your most popular content and voting statistics. This isn’t fluff—it’s actionable data that helps you understand what resonates.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Easy Customization:\u003C\u002Fstrong> Design your buttons with our built-in customizer. Adjust colors, spacing, and styles with a live preview. Multiple button styles included. No coding required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Built for Speed:\u003C\u002Fstrong> Vanilla JavaScript (no jQuery), optimized for performance, compatible with every major caching plugin. Your site won’t slow down.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Accessibility & RTL Support:\u003C\u002Fstrong> Full RTL support for Arabic, Hebrew, and other right-to-left languages. We built this right.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Gutenberg Block:\u003C\u002Fstrong> Add voting buttons directly in the block editor. Shortcodes available too. It just works.\u003C\u002Fp>\n\u003Ch4>Why 80,000+ Sites Use This\u003C\u002Fh4>\n\u003Cp>We’re not a faceless corporation. We’re a team that actually cares about your success.\u003C\u002Fp>\n\u003Cp>We’ve stayed focused on one thing: making voting easy and insights clear. That focus is why we’ve grown from a simple idea to powering over 80,000 websites.\u003C\u002Fp>\n\u003Cp>We test everything with major caching plugins because your site’s performance matters. We built this to be fast, and we keep it that way. No bloat, no unnecessary features—just what you need.\u003C\u002Fp>\n\u003Cp>Security and privacy aren’t afterthoughts—they’re built into everything we do. We follow WordPress best practices because your site’s security matters.\u003C\u002Fp>\n\u003Cp>And we keep improving. Regular updates, bug fixes, and thoughtful features. We’re in this for the long haul, and we’re committed to keeping WP ULike fast, focused, and reliable.\u003C\u002Fp>\n\u003Ch4>WP ULike Pro: When You Need More\u003C\u002Fh4>\n\u003Cp>The free version gets you started. It’s complete, powerful, and ready to use right now. Pro adds advanced features for when you need deeper insights:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dislike Buttons:\u003C\u002Fstrong> Get the full picture. Sometimes you need to know what doesn’t resonate, not just what does.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>View Tracking & Engagement Rates:\u003C\u002Fstrong> Track views and calculate real engagement rates (Likes + Dislikes \u002F Views * 100). This is the metric that actually matters.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Analytics:\u003C\u002Fstrong> Deep insights with filters, date ranges, world map visualization, device analytics, and exportable reports. Export to CSV, PNG, or SVG for presentations and analysis.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Premium Templates:\u003C\u002Fstrong> 25+ professionally designed button styles that actually stand out.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Profiles:\u003C\u002Fstrong> Instagram-inspired user profiles that turn engaged visitors into community members.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login\u002FRegistration & Social Sharing:\u003C\u002Fstrong> Beautiful AJAX-powered forms with social login integration. Turn engagement into registered users. One-click sharing to amplify your reach.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>REST API & Elementor Widgets:\u003C\u002Fstrong> Full REST API for custom integrations. Drag-and-drop Elementor widgets for visual page building.\u003C\u002Fp>\n\u003Cp>Think of Pro as your growth partner. When you’re ready to scale, we’re here to help you get there.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpulike.com\u002F?utm_source=wp-repo&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">See the full comparison\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpulike.com\u002Ftemplates\u002F?utm_source=wp-repo&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">View Templates\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdocs.wpulike.com\u002F?utm_source=wp-repo&utm_medium=link&utm_campaign=readme\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Voting buttons that let your visitors give instant feedback. See what your audience loves with no registration, no friction, just one click.",70000,2379742,276,"2026-03-05T09:38:00.000Z","6.0","7.2.5",[153,154,19,20,155],"analytics","engagement","marketing","https:\u002F\u002Fwpulike.com\u002F?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ulike.5.0.2.zip",60,17,"2026-03-10 17:08:30",{"attackSurface":162,"codeSignals":202,"taintFlows":260,"riskAssessment":261,"analyzedAt":295},{"hooks":163,"ajaxHandlers":194,"restRoutes":195,"shortcodes":196,"cronEvents":201,"entryPointCount":26,"unprotectedCount":93},[164,170,173,178,182,186,190],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","wp_head","wp_likes_render_CSS","likes.php",37,{"type":165,"name":166,"callback":171,"file":168,"line":172},"wp_likes_render_JS",39,{"type":174,"name":175,"callback":176,"priority":26,"file":168,"line":177},"filter","the_content","wp_likes_render_post",42,{"type":165,"name":179,"callback":180,"file":168,"line":181},"admin_menu","wp_likes_add_pages",49,{"type":165,"name":183,"callback":184,"file":168,"line":185},"wp_dashboard_setup","wp_likes_dashboard",51,{"type":165,"name":187,"callback":188,"file":168,"line":189},"widgets_init","wp_likes_sidebar",53,{"type":174,"name":191,"callback":192,"priority":103,"file":168,"line":193},"plugin_action_links","wp_likes_plugin_actions",55,[],[],[197],{"tag":198,"callback":199,"file":168,"line":200},"wp_likes","wp_likes_shortcode",118,[],{"dangerousFunctions":203,"sqlUsage":208,"outputEscaping":220,"fileOperations":93,"externalRequests":93,"nonceChecks":93,"capabilityChecks":93,"bundledLibraries":259},[204],{"fn":205,"file":168,"line":206,"context":207},"create_function",471,"array_walk($filter_cat_list, create_function('&$val', '$val = trim($val);'));",{"prepared":209,"raw":13,"locations":210},5,[211,215,218],{"file":212,"line":213,"context":214},"api.php",45,"$wpdb->get_results() with variable interpolation",{"file":212,"line":216,"context":217},54,"$wpdb->get_var() with variable interpolation",{"file":212,"line":219,"context":217},139,{"escaped":93,"rawEcho":221,"locations":222},18,[223,227,229,231,233,235,237,239,240,242,244,246,248,250,252,253,255,257],{"file":224,"line":225,"context":226},"endpoint.php",72,"raw output",{"file":168,"line":228,"context":226},167,{"file":168,"line":230,"context":226},170,{"file":168,"line":232,"context":226},194,{"file":168,"line":234,"context":226},195,{"file":168,"line":236,"context":226},223,{"file":168,"line":238,"context":226},232,{"file":168,"line":238,"context":226},{"file":168,"line":241,"context":226},233,{"file":168,"line":243,"context":226},259,{"file":168,"line":245,"context":226},339,{"file":168,"line":247,"context":226},460,{"file":168,"line":249,"context":226},497,{"file":168,"line":251,"context":226},498,{"file":168,"line":57,"context":226},{"file":168,"line":254,"context":226},511,{"file":168,"line":256,"context":226},513,{"file":168,"line":258,"context":226},519,[],[],{"summary":262,"deductions":263},"The 'wp-likes' v3.1.1 plugin exhibits a mixed security posture. While it presents a small attack surface with only one entry point (a shortcode) and no exposed AJAX or REST API endpoints without authorization, there are significant concerns within its code. The presence of `create_function`, a deprecated and often insecure PHP function, is a red flag. Furthermore, a substantial 37% of SQL queries are not using prepared statements, increasing the risk of SQL injection vulnerabilities. Critically, none of the 18 identified output points are properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the lack of nonce and capability checks.",[264,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,286,288,290,293],{"reason":265,"points":266},"1 output points are not properly escaped",8,{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":265,"points":266},{"reason":285,"points":209},"Missing nonce checks",{"reason":287,"points":209},"Missing capability checks",{"reason":289,"points":103},"Use of dangerous function create_function",{"reason":291,"points":292},"SQL queries not using prepared statements (37%)",7,{"reason":294,"points":60},"Unpatched CVE","2026-03-16T20:56:58.457Z",{"wat":297,"direct":308},{"assetPaths":298,"generatorPatterns":301,"scriptPaths":302,"versionParams":304},[299,300],"\u002Fwp-content\u002Fplugins\u002Fwp-likes\u002Fwp_likes_post.css","\u002Fwp-content\u002Fplugins\u002Fwp-likes\u002Fwp_likes_admin.css",[],[303],"\u002Fwp-content\u002Fplugins\u002Fwp-likes\u002Fwp_likes_scripts.js",[305,306,307],"wp-likes\u002Fwp_likes_post.css?ver=","wp-likes\u002Fwp_likes_admin.css?ver=","wp-likes\u002Fwp_likes_scripts.js?ver=",{"cssClasses":309,"htmlComments":310,"htmlAttributes":311,"restEndpoints":323,"jsGlobals":324,"shortcodeOutput":326},[188],[],[312,313,314,315,316,317,318,319,320,321,322],"name=\"wp_likes_post\"","name=\"wp_likes_reset\"","name=\"wp_likes_css\"","name=\"wp_likes_showOnPages\"","name=\"wp_likes_showOnMainPage\"","name=\"wp_likes_WPSuperCache\"","name=\"wp_likes_customRender\"","name=\"wp_likes_catFilterStatus\"","name=\"wp_likes_catFilterList\"","name=\"wp_likes_text-like\"","name=\"wp_likes_likeImageUrl\"",[],[325],"wp_likes_settings",[327],"[wp_likes]"]