[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4t8FLTYvf25W1en_SRRyUm7VpU_-vVy0xMB9bTMliWI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":75,"fingerprints":107},"wp-post-of-the-day","WP Post of the Day","1.0","Micah Wood","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpscholar\u002F","\u003Cp>The \u003Cstrong>WP Post of the Day\u003C\u002Fstrong> plugin allows you to display a new post once a day.\u003C\u002Fp>\n\u003Cp>Using this plugin is simple:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>On the page or post where you want to have a post display, add the \u003Ccode>[wp_post_of_the_day]\u003C\u002Fcode> shortcode where you want your post to appear.\u003C\u002Fli>\n\u003Cli>Save your changes.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works with custom post types\u003C\u002Fli>\n\u003Cli>No settings page, just an easy way for you to show a daily post on your site\u003C\u002Fli>\n\u003Cli>Clean, well written code that won’t bog down your site\u003C\u002Fli>\n\u003C\u002Ful>\n","Shows a new post every day.",60,2119,100,2,"2021-04-28T22:03:00.000Z","5.7.15","4.5","5.3",[20,21,22,23],"daily-post","different-post","post-of-the-day","post-rotation","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-post-of-the-day\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-of-the-day.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"wpscholar",8,11610,91,30,88,"2026-04-04T12:28:38.188Z",[40,57],{"slug":41,"name":42,"version":43,"author":7,"author_profile":8,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"random-post-on-refresh","Random Post on Refresh","1.2.3","\u003Cp>The \u003Cstrong>Random Post on Refresh\u003C\u002Fstrong> plugin allows you to randomly display a different post on every page load.\u003C\u002Fp>\n\u003Cp>Using this plugin is simple:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>On the page or post where you want to have a random post display, add the \u003Ccode>[random_post_on_refresh]\u003C\u002Fcode> shortcode where you want your post to appear.\u003C\u002Fli>\n\u003Cli>Save your changes.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works with custom post types\u003C\u002Fli>\n\u003Cli>No settings page, just an easy way for you to add random posts to your site\u003C\u002Fli>\n\u003Cli>Clean, well written code that won’t bog down your site\u003C\u002Fli>\n\u003C\u002Ful>\n","Show a random post on every page load.",400,7787,6,"2025-05-25T21:19:00.000Z","6.8.5","6.4","7.4",[21,23,54],"random-post","http:\u002F\u002Fwpscholar.com\u002Fwordpress-plugins\u002Frandom-post-on-refresh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-post-on-refresh.1.2.3.zip",{"slug":22,"name":58,"version":6,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":68,"requires_php":67,"tags":69,"homepage":72,"download_link":73,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":74},"Post of the Day","mdavison","https:\u002F\u002Fprofiles.wordpress.org\u002Fmdavison\u002F","\u003Cp>Choose your categories and interval from the settings menu and it will display 1 post from the chosen categories at your set interval, chosen randomly.\u003C\u002Fp>\n","Plugin to display a random post from a particular category.",20,3026,40,1,"","3.2.1",[22,54,70,71],"rotating-posts","testimonials","http:\u002F\u002Fmorgandavison.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-of-the-day.zip","2026-03-15T10:48:56.248Z",{"attackSurface":76,"codeSignals":92,"taintFlows":100,"riskAssessment":101,"analyzedAt":106},{"hooks":77,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":91,"entryPointCount":27,"unprotectedCount":27},[78,84],{"type":79,"name":80,"callback":81,"file":82,"line":83},"filter","widget_text","do_shortcode","wp-post-of-the-day.php",33,{"type":85,"name":86,"callback":86,"file":82,"line":87},"action","wp_enqueue_scripts",34,[],[],[],[],{"dangerousFunctions":93,"sqlUsage":94,"outputEscaping":96,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":66,"bundledLibraries":99},[],{"prepared":27,"raw":27,"locations":95},[],{"escaped":97,"rawEcho":27,"locations":98},11,[],[],[],{"summary":102,"deductions":103},"The static analysis of the 'wp-post-of-the-day' v1.0 plugin reveals a generally strong security posture. The plugin demonstrates good practices by not exposing any AJAX handlers, REST API routes, shortcodes, or cron events without authentication or permission checks.  Furthermore, it avoids dangerous functions, file operations, and external HTTP requests, contributing to a reduced attack surface.  All SQL queries utilize prepared statements, and all identified output is properly escaped, mitigating common vulnerabilities like SQL injection and Cross-Site Scripting (XSS).  The presence of a capability check is a positive indicator of security awareness.\n\nHowever, a significant concern arises from the complete absence of nonce checks. While the plugin has a limited attack surface, the lack of nonces makes it susceptible to Cross-Site Request Forgery (CSRF) attacks. This is particularly important because even actions performed through a capability check can be tricked into execution by an attacker if the user is already logged in.\n\nThe vulnerability history further reinforces the current security state, with zero recorded CVEs. This suggests that, to date, the plugin has not been publicly identified as having exploitable flaws. This pattern, combined with the clean code analysis, indicates a developer who is likely attentive to security, or fortunate. The lack of past vulnerabilities is a positive sign, but the absence of nonce checks presents a new, albeit manageable, risk that should be addressed.",[104],{"reason":105,"points":33},"Missing nonce checks","2026-03-16T21:48:38.935Z",{"wat":108,"direct":115},{"assetPaths":109,"generatorPatterns":111,"scriptPaths":112,"versionParams":113},[110],"\u002Fwp-content\u002Fplugins\u002Fwp-post-of-the-day\u002Fassets\u002Fwp-post-of-the-day.css",[],[],[114],"wp-post-of-the-day.css?ver=",{"cssClasses":116,"htmlComments":122,"htmlAttributes":123,"restEndpoints":125,"jsGlobals":126,"shortcodeOutput":127},[4,117,118,119,120,121],"wp-post-of-the-day__group","wp-post-of-the-day__title","wp-post-of-the-day__image","wp-post-of-the-day__excerpt","wp-post-of-the-day__content",[],[124],"data-shortcode-attribute-name",[],[],[128,129,130,131,132,133],"\u003Cdiv class=\"wp-post-of-the-day","\u003Cspan class=\"wp-post-of-the-day__group\">","\u003Cspan class=\"wp-post-of-the-day__title\">","\u003Cspan class=\"wp-post-of-the-day__image\">","\u003Cspan class=\"wp-post-of-the-day__excerpt\">","\u003Cspan class=\"wp-post-of-the-day__content\">"]