[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYSvgSLumo1fwstj4yAqE1RBN9zlGA2Tp-ttsoovSb_s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":130,"fingerprints":238},"wp-monsterid","WP_MonsterID","3.0","scottsm","https:\u002F\u002Fprofiles.wordpress.org\u002Fscottsm\u002F","\u003Cp>This plugin provides a small randomly assembled monster avatar for each user based on their email address. Think gravatar only without requiring any external site and with monsters. Now with monsters consistent across servers. Based on idea and images by \u003Ca href=\"http:\u002F\u002Fwww.splitbrain.org\u002Fblog\u002F2007-01\u002F20_monsterid_as_gravatar_fallback\" rel=\"nofollow ugc\">Andreas Gohr\u003C\u002Fa> and artwork by \u003Ca href=\"http:\u002F\u002Frocketworm.com\u002F\" rel=\"nofollow ugc\">Lemm\u003C\u002Fa>. See the plugin website if you need any help or for an example of the plugin in action.\u003C\u002Fp>\n","Creates a unique, persistent monster avatar for each commenter based on email address.",10,8629,100,2,"2014-12-10T12:40:00.000Z","4.0.38","1.5","",[20,21,22,23,24],"avatar","comments","gravatar","monster","monsterid","http:\u002F\u002Fscott.sherrillmix.com\u002Fblog\u002Fblogger\u002FWP_MonsterID","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-monsterid.3.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},5,60,30,84,"2026-04-04T11:46:56.222Z",[39,55,74,91,114],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":11,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":53,"download_link":54,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"dramatars","Dramatar","0.4.2","darkwolf74","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarkwolf74\u002F","\u003Cp>Use \u003Ca href=\"http:\u002F\u002Fdramatar.com\" rel=\"nofollow ugc\">Dramatar\u003C\u002Fa> generated avatars as your Default Avatar and get dramatic!\u003C\u002Fp>\n\u003Cp>Dramatars are a new style of Avatars that come in several flavors. From Spirographs to the Abstract, plus fun avatars like Ragdolls.\u003C\u002Fp>\n\u003Cp>This plugin adds a new default Avatar style for your blog discussions and works right along side of Gravatar for those who wish to display those idea for users who have Gravatar accounts. But, you can also just display our avatars. it’s up to you! There’s no coding or theme changes required, just activate and configure and you’re done.\u003C\u002Fp>\n\u003Cp>For more information visit \u003Ca href=\"http:\u002F\u002Fdramatar.com\" rel=\"nofollow ugc\">http:\u002F\u002Fdramatar.com\u003C\u002Fa>\u003C\u002Fp>\n","Use Dramatars as your default avatar!",2592,"2013-08-07T14:17:00.000Z","3.6.1","2.8",[20,52,22,24],"dramatar","http:\u002F\u002Fdramatar.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdramatars.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":72,"download_link":73,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"easygravatars","Easy Gravatars","1.3","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>This plugin allows you to automatically add Gravatars for commenters to your\u003Cbr \u002F>\ntheme, if your theme does not already support them.\u003C\u002Fp>\n\u003Cp>According to the Gravatar.com website, Gravatars are Globally Recognized\u003Cbr \u002F>\nAvatars, or an “avatar image that follows you from weblog to weblog\u003Cbr \u002F>\nappearing beside your name when you comment on gravatar enabled sites.”\u003Cbr \u002F>\nYou register with the Gravatar server, and upload an image which you will\u003Cbr \u002F>\nuse as your avatar. The gravatar image is keyed to your email address, so\u003Cbr \u002F>\nthat it is unique to you.\u003C\u002Fp>\n\u003Cp>This plugin will display gravatars for the people who comment on your posts.\u003Cbr \u002F>\nYou do not need to modify any of your template files — just activate the\u003Cbr \u002F>\nplugin, and it will add gravatars to your comments template automatically.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Based on a code snippet from Matt Mullenweg:\u003Cbr \u002F>\n  http:\u002F\u002Fphotomatt.net\u002F2007\u002F10\u002F20\u002Fgravatar-enabled\u002F\u003Cbr \u002F>\n  http:\u002F\u002Fpastebin.ca\u002F743979\u003C\u002Fp>\n\u003Cp>Props to David Potter for pointing out that Gravatar normalizes email\u003Cbr \u002F>\naddresses to lowercase before hashing with MD5:\u003Cbr \u002F>\n  http:\u002F\u002Fdpotter.net\u002FTechnical\u002Findex.php\u002F2007\u002F10\u002F22\u002Fintegrating-gravatar-support\u002F\u003C\u002Fp>\n","Add Gravatars to your comments without modifying any template files. Just activate, and you're done!",200,64590,1,"2010-01-14T15:36:00.000Z","3.0.5","2.0.4",[20,70,21,22,71],"avatars","gravatars","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Feasy-gravatars","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasygravatars.1.3.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":63,"downloaded":82,"rating":13,"num_ratings":14,"last_updated":83,"tested_up_to":84,"requires_at_least":50,"requires_php":18,"tags":85,"homepage":89,"download_link":90,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"top-commentators-widget","Top Commentators Widget","1.7","Lorna Timbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebgrrrl\u002F","\u003Cp>This plugin creates a widget to show the top commentators in your WP site. Always go back to the Widget settings after each version update to Save your settings. Demo can be found at http:\u002F\u002Fdemo.webgrrrl.net\u003C\u002Fp>\n\u003Cp>The Top Commentators Widget plugin is adapted from Show Top Commentators plugin at Personal Financial Advice, this widget is easier to manage via the control form (no need to edit the PHP file); additional options are also available to make it more flexible. Read the FAQ section on how to customize the widget. Read the Changelog as well as http:\u002F\u002Fwebgrrrl.net\u002Ftags\u002Ftcw for the latest news on this widget.\u003C\u002Fp>\n\u003Cp>This widget is extensively tested with the following settings: Google Chrome 13.0.782.215 m, PHP 5.2.13, Apache 2.2.15 (Win32), MySQL 5.0.51a, WordPress 3.2.1. Further testing and bug report on this widget is greatly welcomed and appreciated.\u003C\u002Fp>\n","Adds a sidebar widget to show the top commentators in your WP site. Demo: http:\u002F\u002Fdemo.webgrrrl.net",156008,"2025-12-20T13:00:00.000Z","6.6.5",[21,22,86,87,88],"seo","sidebar","widget","http:\u002F\u002Fwebgrrrl.net\u002Farchives\u002Fmy-top-commentators-widget-quick-dirty.htm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-commentators-widget.1.7.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":13,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":111,"download_link":112,"security_score":113,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"polygon-recent-comments-with-avatar","Polygon Recent Comments With Avatar","1.0.4","polyxgo","https:\u002F\u002Fprofiles.wordpress.org\u002Fsanddesert88\u002F","\u003Cp>Display recent comments in the sidebar with user avatar\u002FGravatar support, styles, information, and an active scrollbar for handling numerous comments.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpolygon-recent-comments-with-avatar\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwikipoly.com\u002Fen\u002Fpoly-comments\u002F\" rel=\"nofollow ugc\">Support and request additional features as needed\u003C\u002Fa>\u003C\u002Fp>\n","Polygon Recent Comments With Avatar: Recent comments with avatar support, including Gravatar, date, username, user link, and scrollbar.",5262,94,6,"2024-05-24T22:52:00.000Z","6.5.8","4.1",[106,107,108,109,110],"display-recent-comments","recent-comment-with-author-gravatar","recent-comments","recent-comments-information","recent-comments-with-avatar","https:\u002F\u002Fpolyxgo.vn","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpolygon-recent-comments-with-avatar.1.0.4.zip",92,{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":13,"num_ratings":14,"last_updated":124,"tested_up_to":125,"requires_at_least":6,"requires_php":18,"tags":126,"homepage":128,"download_link":129,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"default-gravatar-sans","Default Gravatar Sans","1.1.2","raohmaru","https:\u002F\u002Fprofiles.wordpress.org\u002Fraohmaru\u002F","\u003Cp>Disables default Gravatar.com avatar and redirection to gravatar.com servers, and allows to define a local default avatar image for users without avatar in his profile.\u003C\u002Fp>\n\u003Ch3>1.1.2\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bug fixes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.1\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Compatible with WordPress 4.8.\u003C\u002Fli>\n\u003Cli>Support for high resolution avatar images\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Initial release.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disables Gravatar.com avatar, and allows one local default avatar image for users without avatar in his profile.",50,4197,"2017-10-03T12:01:00.000Z","4.8.28",[20,21,22,127],"users","http:\u002F\u002Fraohmaru.com\u002Fblog\u002Fwordpress\u002Fdefault-gravatar-sans\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdefault-gravatar-sans.1.1.2.zip",{"attackSurface":131,"codeSignals":170,"taintFlows":224,"riskAssessment":225,"analyzedAt":237},{"hooks":132,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":28,"unprotectedCount":28},[133,139,144,148,152,155,159,162],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_menu","monsterid_menu","wp_monsterid.php",576,{"type":140,"name":141,"callback":142,"file":137,"line":143},"filter","get_comment_author","monsterid_comment_author",577,{"type":134,"name":145,"callback":146,"file":137,"line":147},"wp_head","monsterid_style",578,{"type":140,"name":149,"callback":150,"priority":33,"file":137,"line":151},"get_avatar","monsterid_get_avatar",580,{"type":134,"name":145,"callback":153,"file":137,"line":154},"monsterid_recent_comments_style",888,{"type":134,"name":156,"callback":157,"file":137,"line":158},"comment_post","wp_delete_monsterid_recent_comments_cache",889,{"type":134,"name":160,"callback":157,"file":137,"line":161},"wp_set_comment_status",890,{"type":134,"name":163,"callback":164,"file":137,"line":165},"widgets_init","monsterid_recent_comments_widget_init",893,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":177,"fileOperations":65,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":223},[],{"prepared":28,"raw":65,"locations":173},[174],{"file":137,"line":175,"context":176},819,"$wpdb->get_results() with variable interpolation",{"escaped":33,"rawEcho":178,"locations":179},22,[180,183,185,187,189,190,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221],{"file":137,"line":181,"context":182},449,"raw output",{"file":137,"line":184,"context":182},453,{"file":137,"line":186,"context":182},459,{"file":137,"line":188,"context":182},462,{"file":137,"line":188,"context":182},{"file":137,"line":188,"context":182},{"file":137,"line":192,"context":182},483,{"file":137,"line":194,"context":182},484,{"file":137,"line":196,"context":182},487,{"file":137,"line":198,"context":182},488,{"file":137,"line":200,"context":182},492,{"file":137,"line":202,"context":182},569,{"file":137,"line":204,"context":182},824,{"file":137,"line":206,"context":182},825,{"file":137,"line":208,"context":182},830,{"file":137,"line":210,"context":182},831,{"file":137,"line":212,"context":182},833,{"file":137,"line":214,"context":182},864,{"file":137,"line":216,"context":182},865,{"file":137,"line":218,"context":182},866,{"file":137,"line":220,"context":182},867,{"file":137,"line":222,"context":182},879,[],[],{"summary":226,"deductions":227},"The wp-monsterid plugin v3.0 exhibits a generally good security posture based on the static analysis.  A significant strength is the absence of any identified attack surface points, meaning there are no exposed AJAX handlers, REST API routes, shortcodes, or cron events.  This drastically reduces the potential for external manipulation. Furthermore, the analysis found no dangerous functions or critical taint flows, indicating a lack of obvious code-level vulnerabilities that could be exploited.\n\nHowever, there are notable areas for concern. The presence of SQL queries that do not utilize prepared statements is a significant risk, as this is a common vector for SQL injection attacks. Coupled with this, a low percentage of output escaping (19%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities. The complete lack of nonce checks and capability checks on any potential entry points, although currently zero, means that if any were to be introduced in future versions, they would be vulnerable by default. The plugin's history of zero known vulnerabilities is positive but should be viewed cautiously, as it might reflect a lack of thorough historical auditing rather than inherent security.\n\nIn conclusion, while the plugin's minimal attack surface is a strong positive, the lack of secure coding practices in SQL query handling and output escaping presents immediate and significant risks. The absence of vulnerabilities in its history is encouraging but doesn't guarantee future security, especially given the identified code weaknesses. Prioritizing the remediation of SQL and XSS vulnerabilities is crucial.",[228,231,233,235],{"reason":229,"points":230},"SQL queries not using prepared statements",7,{"reason":232,"points":101},"Low percentage of output escaping",{"reason":234,"points":33},"No nonce checks detected",{"reason":236,"points":33},"No capability checks detected","2026-03-16T23:53:46.949Z",{"wat":239,"direct":246},{"assetPaths":240,"generatorPatterns":243,"scriptPaths":244,"versionParams":245},[241,242],"\u002Fwp-content\u002Fplugins\u002Fwp-monsterid\u002Fmonsterid.php","\u002Fwp-content\u002Fplugins\u002Fwp-monsterid\u002Fmonsterid\u002Fparts\u002F",[],[],[],{"cssClasses":247,"htmlComments":248,"htmlAttributes":249,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":252},[24],[],[],[],[],[]]