[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQQEozxSPy-VWP8DoyZ7IH2uUZbnGUSnPLMbhk9AVDZo":3,"$fSAmrIUQ8_NaUpKxTICSiCGsmfHQTfVSqUVQZeAPc8V8":190,"$fPVe7xu-PTwrM9q5N9snHpjMkL4_CM6R6LsC7Vsqx7oM":195},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":115,"fingerprints":160},"wp-local-storage","WP Local Storage","1.0","xhtmlweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fxhtmlweaver\u002F","\u003Cp>This plugin can greatly improve the user experience for your blog, by automatically and periodically saving the “just typed comment” for your visitors (the content textarea input box in comment section). The just typed comment is saved into browser’s local storage system to prevent loss of any unsubmitted comment from your visitors and doesn’t require any backend support.\u003C\u002Fp>\n\u003Cp>This is similar like WordPress can remember your Name, Email, Website in comment area for the next visit, but WP Local Storage plugin extends this into next level, it can remember the actual unsaved comment (i.e. before hit submit button) so even the browser is crashed before the user hit save, it is okay! When the user  came back, all “just type comment” will be still in there.\u003C\u002Fp>\n\u003Cp>Full Support is available at http:\u002F\u002Fwww.xhtmlweaver.com or wp-support@xhtmlweaver.com\u003C\u002Fp>\n","This plugin automatically and periodically saves the \"just typed comment\" for visitors so no data will be lost even the browser crashed.",10,1771,0,"2011-06-08T13:07:00.000Z","3.1.4","2.7","",[19,20,21,22,23],"blog","client-side-storage","comments","local-storage","user-input","http:\u002F\u002Fwww.xhtmlweaver.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-local-storage.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},2,20,30,84,"2026-05-20T08:02:51.440Z",[38,52,69,82,98],{"slug":39,"name":40,"version":41,"author":17,"author_profile":42,"description":17,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":17,"tags":48,"homepage":50,"download_link":51,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"blogfollow","BlogFollow","1.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattc78\u002F","BlogFollow is a WordPress pluggin that shows a snippet from a commenter's blog at the bottom on their comment.",2267,"2008-10-28T14:08:00.000Z","2.6","2.0.2",[19,21,49],"snippet","http:\u002F\u002Fwww.pseudocoder.com\u002Fblogfollow-show-a-snippet-from-a-commenters-blog-in-the-comment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblogfollow.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":11,"downloaded":60,"rating":33,"num_ratings":61,"last_updated":62,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":63,"homepage":67,"download_link":68,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp-import-blog-activity","BP Import Blog Activity","0.2","Boone Gorges","https:\u002F\u002Fprofiles.wordpress.org\u002Fboonebgorges\u002F","\u003Cp>If you install BuddyPress on an already thriving WordPress installation, you’ll notice that existing blog comments and posts are not inserted into the activity stream. This plugin fixes that.\u003C\u002Fp>\n\u003Cp>Requires WordPress Multisite\u003C\u002Fp>\n","Updates BuddyPress activity streams with missing blog comments and posts",4696,1,"2012-09-17T01:07:00.000Z",[64,19,65,21,66],"activity","buddypress","import","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-import-blog-activity","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-import-blog-activity.0.2.zip",{"slug":70,"name":71,"version":72,"author":56,"author_profile":57,"description":73,"short_description":74,"active_installs":11,"downloaded":75,"rating":13,"num_ratings":13,"last_updated":76,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":77,"homepage":80,"download_link":81,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp-include-non-member-comments","BP Include Non-member Comments","1.3","\u003Cp>By default, BuddyPress does not include comments from non-members (or non-logged-in users more generally) in the sitewide activity stream. This plugin records activity items for those comments.\u003C\u002Fp>\n\u003Cp>Please note: the latest version of this plugin (1.2) will NOT work with versions of BuddyPress between 1.2RC and 1.2.1. BP versions 1.2.2+ are supported. Please download an earlier version of this plugin for compatibility with older versions of BuddyPress\u003C\u002Fp>\n","Inserts blog comments from non-logged-in users into the activity stream",4833,"2013-03-26T16:03:00.000Z",[64,78,65,21,79],"blogs","non-members","http:\u002F\u002Fteleogistic.net\u002Fcode\u002Fbuddypress\u002Fbp-include-non-member-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-include-non-member-comments.1.3.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":11,"downloaded":90,"rating":91,"num_ratings":61,"last_updated":92,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":93,"homepage":96,"download_link":97,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"buddypress-activity-as-blog-comments","BuddyPress Activity Stream as Blog Comments","0.1.1","rich! @ etiviti","https:\u002F\u002Fprofiles.wordpress.org\u002Fnuprn1\u002F","\u003Cp>This plugin will replace the main BuddyPress blog (for what BP is activated on) comments section with the activity stream reply system (threaded) and the (reply | favorite) links\u003C\u002Fp>\n\u003Cp>This will remove the WP Comments reply section – only the site admin will have access to make traditional comment replies (you may adjust this in the theme file)\u003C\u002Fp>\n\u003Cp>I consider this an experimental plugin showing how the activity stream can be more a main component across WordPress.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Activity stream enabled\u003C\u002Fli>\n\u003Cli>blog and forum activity stream enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Notes\u003C\u002Fh4>\n\u003Cp>Please see the FAQ – if you have an existing BP install with blog postings and comments you MUST run an additional plugin to import blog postings and comments into the activity stream (this is untested)\u003C\u002Fp>\n\u003Cp>Currently no WPMU subblog support – looking for any brave souls to configure it properly. 🙂\u003C\u002Fp>\n\u003Ch4>Related Links:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.etiviti.com\u002F2010\u002F04\u002Fbuddypress-activity-stream-as-blog-comments\u002F\" title=\"BuddyPress Activity Stream as Blog Comments - Blog About Page\" rel=\"nofollow ugc\">About Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fetivite.com\u002F2010\u002F04\u002Fwhat-does-it-mean\u002F\" title=\"Plugin Demo Site\" rel=\"nofollow ugc\">See it in action\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please report any bugs, ideas, concerns, etc – detailed.\u003C\u002Fp>\n\u003Ch3>Extra Configuration\u003C\u002Fh3>\n\u003Ch4>Allow other members to use traditional blog comment reply\u003C\u002Fh4>\n\u003Cp>Edit the theme file theme\u002Factivitycomments\u002Fblogactivity-commments.php (you may want to copy this activitycomments\u002Ffile to your default theme to prevent future updates from overwriting)\u003C\u002Fp>\n\u003Cp>change the line\n    \u003C\u002Fp>\n\u003Cp>Where is_site_admin can be \u003Ccode>current_user_can()\u003C\u002Fcode> with the wp_cap level (lets say you want editors or authors to reply to comments in the traditional sense). Then additional blog_comments will show activity replies underneath as well. (a neat nested effect)\u003C\u002Fp>\n","This plugin will replace the blog comments section with the activity stream reply system",7387,100,"2011-01-24T16:50:00.000Z",[94,95,65],"activity-stream","blog-comments","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-as-blog-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-as-blog-comments.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":11,"downloaded":106,"rating":33,"num_ratings":61,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":112,"download_link":113,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":114},"in-context-comments","In-Context Comment","0.8.2","InContext","https:\u002F\u002Fprofiles.wordpress.org\u002Fincontext\u002F","\u003Cp>Comments are extremely critical for the success of a blog. All existing blog platform and commenting plugins only let readers add comments all the way at the bottom of a post, out of the context of the content in the post. When you write a long blog post with, say, 10 paragraphs, and readers are commenting on a particular statement or expression in paragraph 3, they have to scroll back and forth to read the context to figure out what the comments are about. The “In-Context Comment” plugin changes that: Now you can add an “In-Context Comment” icon using \u003Cin-context-comment:here:tag> (where “tag” is any word or words connected by hyphen ) at any place you want readers to comment on and they will be able to click and open a window to add comments right there, next to the context so other readers can see both the context and the comments in one glance. The comment window automatically closes when a reader clicks the cursor anywhere outside the comment window so it does not interfere with the reading.\u003C\u002Fp>\n\u003Cp>This plugin can also help you grow your readership by posting the comments to the commenters’ Facebook and Twitter status updates to bring in new readers to your blog.\u003Cbr \u002F>\nYou can also configure the “In-Context Comment” plugin to automatically add a comment icon at the end of each paragraph that is longer than a certain number of characters. This auto feature is enabled by default with a minimum character count of 360. Please go to the plugin’s Settings page to change.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Visit http:\u002F\u002Fwizag.com\u002Fincontext.php for example and documentation\u003C\u002Fp>\n","\"In-Context Comment\" lets readers leave comments right next to the content being commented, instead of only at the bottom of the blog post",3727,"2011-12-23T06:33:00.000Z","3.2.1","2.8",[19,21,111],"context","http:\u002F\u002Fwizag.com\u002Fincontext.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fin-context-comments.zip","2026-04-06T09:54:40.288Z",{"attackSurface":116,"codeSignals":136,"taintFlows":147,"riskAssessment":148,"analyzedAt":159},{"hooks":117,"ajaxHandlers":132,"restRoutes":133,"shortcodes":134,"cronEvents":135,"entryPointCount":13,"unprotectedCount":13},[118,124,128],{"type":119,"name":120,"callback":121,"file":122,"line":123},"action","admin_menu","WPLS_add_options","func\u002Ffunction.php",3,{"type":119,"name":125,"callback":126,"file":122,"line":127},"wp_head","WPLS_addScript",25,{"type":119,"name":129,"callback":130,"file":122,"line":131},"admin_head","WPLS_addScript_admin",28,[],[],[],[],{"dangerousFunctions":137,"sqlUsage":138,"outputEscaping":140,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":146},[],{"prepared":13,"raw":13,"locations":139},[],{"escaped":13,"rawEcho":32,"locations":141},[142,144],{"file":122,"line":11,"context":143},"raw output",{"file":122,"line":145,"context":143},21,[],[],{"summary":149,"deductions":150},"The wp-local-storage plugin version 1.0 exhibits a seemingly strong security posture based on the static analysis provided. The absence of identified dangerous functions, SQL queries (all using prepared statements), file operations, external HTTP requests, and critical taint flows suggests a well-written codebase with limited potential for common vulnerabilities.  Furthermore, the plugin has no recorded vulnerability history, which is a positive indicator.\n\nHowever, a significant concern arises from the complete lack of output escaping and the absence of nonce and capability checks across all entry points. While the attack surface is reported as zero, this is likely due to the fact that no AJAX handlers, REST API routes, shortcodes, or cron events were detected in the analysis. If any of these entry points were present but not detected, the lack of security checks would be critical. The 100% unescaped output is a serious weakness, as it opens the door to potential cross-site scripting (XSS) vulnerabilities, especially if any user-supplied data were to be outputted without sanitization. The lack of any detected flows in the taint analysis might be a limitation of the tool or the analysis itself, and does not negate the risk posed by unescaped output.\n\nIn conclusion, while the plugin's code does not appear to contain deeply embedded vulnerabilities like raw SQL or dangerous functions, the complete omission of output escaping and any form of authorization checks (nonces, capabilities) represents a notable security risk. The strength lies in the lack of known historical vulnerabilities and the use of prepared statements. The weakness lies in the fundamental security hygiene of output sanitization and the reliance on the absence of discoverable entry points for security.",[151,154,157],{"reason":152,"points":153},"All outputs are unescaped",8,{"reason":155,"points":156},"No nonce checks",5,{"reason":158,"points":156},"No capability checks","2026-04-16T12:52:33.054Z",{"wat":161,"direct":170},{"assetPaths":162,"generatorPatterns":167,"scriptPaths":168,"versionParams":169},[163,164,165,166],"\u002Fwp-content\u002Fplugins\u002Fwp-localstorage\u002Fjs\u002Fwp-localstorage.js","\u002Fwp-content\u002Fplugins\u002Fwp-localstorage\u002Fjs\u002Fwp-localstorage-posts.js","\u002Fwp-content\u002Fplugins\u002Fwp-localstorage\u002Fcss\u002Fwp-localstorage.css","\u002Fwp-content\u002Fplugins\u002Fwp-localstorage\u002Fimg\u002Fstore.png",[],[163,164],[],{"cssClasses":171,"htmlComments":174,"htmlAttributes":175,"restEndpoints":186,"jsGlobals":187,"shortcodeOutput":189},[172,173],"icon32","wrap",[],[176,177,178,179,180,181,182,183,184,185],"name=\"WPLS_storecomment\"","name=\"WPLS_storepost\"","value=\"checkbox\"","name=\"action\"","value=\"update\"","name=\"page_options\"","value=\"WPLS_storecomment,WPLS_storepost\"","name=\"Submit\"","class=\"button-primary\"","value=\"Save Change\"",[],[188],"window.WPLS_opt",[],{"error":191,"url":192,"statusCode":193,"statusMessage":194,"message":194},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-local-storage\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":196},[]]