[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZ0R5YPQhcszAoLGMxyKD9cbNvSjCQCOvD7HUZyxcBfs":3,"$fQChF2lweWIe6pkOfgyCKItbG55O830R2O3DHuA9iSgA":458,"$fwWptTFjqMbZFub1yoe4R6DXbWKbvolFe6hcU616CAWk":462},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":40,"analysis":133,"fingerprints":424},"wp-postvoting","WP PostVoting","1.2","Realwebcare","https:\u002F\u002Fprofiles.wordpress.org\u002Frealwebcare\u002F","\u003Cp>“WP PostVoting” plugin will make your wordpress blog a content voting site and also create a widget to display the most voted posts. Using the power of the ajax, users will be able to vote any posts instantly. From the admin panel you can decide whether you would like to allow or disallow unregistered users to vote.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>View the \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fwww.tips4blog.com\u002Fwordpress\u002Ftips-id\u002F519#electme-519\" rel=\"nofollow ugc\">DEMO\u003C\u002Fa>\u003C\u002Fstrong> of the plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Control voting system via PostVoting Active\u002FInactive option.\u003C\u002Fli>\n\u003Cli>Allowing only Registered users to vote.\u003C\u002Fli>\n\u003Cli>Customise PostVoting text.\u003C\u002Fli>\n\u003Cli>Sort posts by vote count.\u003C\u002Fli>\n\u003Cli>Display PostVoting statistics.\u003C\u002Fli>\n\u003Cli>Display most voted widget in sidebar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Install and activate the plugin.\u003C\u002Fli>\n\u003Cli>Go to your Dashboard and navigate to “Settings >> WP PostVoting”.\u003C\u002Fli>\n\u003Cli>Activate PostVoting and also mark where you would like to show PostVoting count.\u003C\u002Fli>\n\u003Cli>Allow or disallow unregistered visitors to vote.\u003C\u002Fli>\n\u003Cli>Drag and drop ‘WPPV Most Voted Posts’ widget in your sidebar to display most voted posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Website: \u003Ca href=\"https:\u002F\u002Fwww.realwebcare.com\" rel=\"nofollow ugc\">Realwebcare\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Frealwebcare\" rel=\"nofollow ugc\">Facebook Page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Note\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Please rate this plugin and leave comment or suggestion.\u003C\u002Fli>\n\u003Cli>It will help me to review and improve the quality of this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>References\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.sitepoint.com\u002Fcreate-a-voting-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Sitepoint\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>This program is free software; you can redistribute it and\u002For modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation; either version 2 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\n\u003C\u002Fcode>\u003C\u002Fpre>\n","\"WP PostVoting\" plugin allows visitors to vote on your blog's content with a widget of the most voted posts.",10,5347,88,7,"2023-11-15T00:02:00.000Z","6.4.8","3.0","",[20,21,22,23,24],"post-vote","vote-it-up","voting","wordpress-vote","wp-post-voting","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-postvoting\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postvoting.1.2.zip",85,0,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"realwebcare",9480,93,119,74,"2026-05-19T20:23:29.958Z",[41,58,73,91,108],{"slug":42,"name":43,"version":6,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":11,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"kento-vote","Kento Vote","PluginsPoint","https:\u002F\u002Fprofiles.wordpress.org\u002Fkentothemes\u002F","\u003Cp>Kento Vote Plugin is count your vote and display voter thumbnail under vote button who voted on your post.\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Up\u002FDown Vote.\u003C\u002Fli>\n\u003Cli>Up\u002FDown vote Count.\u003C\u002Fli>\n\u003Cli>Display Thumbnail who voted on post.\u003C\u002Fli>\n\u003Cli>Popup Login Box if user not logged. \u003C\u002Fli>\n\u003Cli>Current Vote Marker for logged in user Up\u002FDown vote.\u003C\u002Fli>\n\u003Cli>Unique Vote Count, if user voted will not able to vote again on same post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Live Preview: http:\u002F\u002Fkentothemes.com\u002Fdemos\u002Fkento-vote\u002Fkento-vote-plugin\u002F\u003C\u002Fp>\n","Vote on Post and Display Who Voted via gravatar thumbnail.",3407,66,4,"2015-06-09T06:18:00.000Z","4.2.39","3.5",[55,20,21,22,23],"polls","http:\u002F\u002Fkentothemes.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkento-vote.1.2.zip",{"slug":59,"name":60,"version":61,"author":44,"author_profile":45,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":67,"homepage":56,"download_link":71,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":72},"kento-like-post","Kento Like Post","1.1","\u003Cp>Post Like Button for wordPress Site like Facebook\u003C\u002Fp>\n\u003Cp>Live Preview: http:\u002F\u002Fkentothemes.com\u002Fdemo\u002Fkento-like-post\u002Fkento-like-post\u002F\u003C\u002Fp>\n\u003Cp>Plugin Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Like\u002FUnlike.\u003C\u002Fli>\n\u003Cli>Like Count.\u003C\u002Fli>\n\u003Cli>Display Thumbnail who like post.\u003C\u002Fli>\n\u003Cli>Popup Login Box if user not logged. \u003C\u002Fli>\n\u003Cli>Current like Marker for logged in user Like\u002FUnlike.\u003C\u002Fli>\n\u003Cli>Unique Like Count, if user Liked will not able to Like again on same post.\u003C\u002Fli>\n\u003C\u002Ful>\n","Facebook Style like button for WordPress with like count and user thumbnails.",3064,20,2,[68,69,20,23,70],"like-button","post-like","wp-like","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkento-like-post.1.1.zip","2026-04-16T10:56:18.058Z",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":28,"num_ratings":28,"last_updated":82,"tested_up_to":83,"requires_at_least":17,"requires_php":84,"tags":85,"homepage":18,"download_link":90,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":72},"vote-updown","Vote Up\u002FDown","1.0.0","webaddict","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebaddict\u002F","\u003Cp>Vote Up\u002FDown\u003Cbr \u002F>\nAdd voting system to your single post using [show_votes] shortcode.\u003C\u002Fp>\n","Vote Up\u002FDown Add voting system to your single post using [show_votes] shortcode.",2872,"2018-10-08T05:43:00.000Z","4.9.29","5.2.4",[86,87,88,22,89],"single-post-voting","vote-plugin","vote-up-down","wordpress-vote-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvote-updown.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":100,"num_ratings":66,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":18,"tags":104,"homepage":106,"download_link":107,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-custom-voting","WP Custom Voting","1.0","dmitritechs","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmitritechs\u002F","\u003Cp>This plugin is meant for admin to bring the feature of VOTING to their posts or pages. Admin can set the button label before and after voting both for pages and posts. All votes are IP tracked, so same user can’t vote twice for the same post or page buttons.\u003C\u002Fp>\n\u003Cp>The admin can choose the postion of the votting buttons on top , bottom or both of the page or post. The site visitor can also view the total votes along with the button same as in facebook.\u003C\u002Fp>\n\u003Cp>WP Custom Voting Plugin allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Write your own text\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose font color\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose button position\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please visit http:\u002F\u002Fwww.dmitritech.com to download the plugin.\u003C\u002Fp>\n","This plugin is meant for admin to bring the feature of VOTING to their posts or pages, like facebook post like.",5226,70,"2013-02-04T05:18:00.000Z","3.5.2","3.2",[105,69,20,22,92],"ip-track-voting","http:\u002F\u002Fdmitritech.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-voting.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":131,"vuln_count":50,"unpatched_count":28,"last_vuln_date":132,"fetched_at":72},"kk-star-ratings","kk Star Ratings – Rate Post & Collect User Feedbacks","5.4.10.4","properfraction","https:\u002F\u002Fprofiles.wordpress.org\u002Fproperfraction\u002F","\u003Cp>kk Star Ratings is a widely used star rating plugin for wordpress. Here are some highlighted features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>User defined amount of star ratings (5 as default) in your \u003Cstrong>posts\u003C\u002Fstrong>, \u003Cstrong>pages\u003C\u002Fstrong> and publicly accesible \u003Cstrong>custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Structured data supporting \u003Cstrong>google rich snippets\u003C\u002Fstrong> showing the star ratings in search results which has the potential to drive more traffic to your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Widespread coverage of custom hooks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Full control via options page. You can,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Enable or disable globally.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Disable star ratings in posts that belong to certain categories.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Choose where to show the star ratings. It can be on the \u003Cstrong>homepage\u003C\u002Fstrong>, in \u003Cstrong>archives\u003C\u002Fstrong>, in \u003Cstrong>posts\u003C\u002Fstrong>, in \u003Cstrong>pages\u003C\u002Fstrong> and\u002For in \u003Cstrong>custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Control the structured data schema and type.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Restrict votings per unique ip.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow voting in archives.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Allow guests to vote.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Customize position within the post content.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Adjust the amount of stars.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>And much more…\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.",80000,2207729,78,171,"2026-03-04T12:53:00.000Z","6.9.4","5.0","7.4",[125,126,127,128,22],"ajax-ratings","feedback","rate-post","star-ratings","https:\u002F\u002Ffeedbackwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkk-star-ratings.5.4.10.4.zip",96,"2024-12-20 16:25:44",{"attackSurface":134,"codeSignals":192,"taintFlows":273,"riskAssessment":408,"analyzedAt":423},{"hooks":135,"ajaxHandlers":181,"restRoutes":189,"shortcodes":190,"cronEvents":191,"entryPointCount":66,"unprotectedCount":66},[136,141,143,148,152,157,161,165,169,173,177],{"type":137,"name":138,"callback":139,"file":140,"line":66},"action","admin_menu","wppv_setup_menu","admin-setup.php",{"type":137,"name":138,"callback":139,"file":142,"line":66},"admin_setup.php",{"type":137,"name":144,"callback":145,"file":146,"line":147},"admin_init","wppv_admin_enqueue_scripts","wp_postvoting.php",32,{"type":137,"name":149,"callback":150,"file":146,"line":151},"wp_enqueue_scripts","wppv_enqueue_scripts",47,{"type":153,"name":154,"callback":155,"file":146,"line":156},"filter","the_content","print_wp_postvoting",167,{"type":153,"name":158,"callback":159,"file":146,"line":160},"manage_edit-post_columns","wppv_add_post_columns",204,{"type":137,"name":162,"callback":163,"priority":11,"file":146,"line":164},"manage_posts_custom_column","wppv_post_column_row",219,{"type":153,"name":166,"callback":167,"file":146,"line":168},"manage_edit-post_sortable_columns","wppv_post_sort_columns",221,{"type":137,"name":170,"callback":171,"file":146,"line":172},"load-edit.php","wppv_post_edit",227,{"type":153,"name":174,"callback":175,"file":146,"line":176},"request","wppv_sort_posts",229,{"type":137,"name":178,"callback":179,"file":146,"line":180},"widgets_init","wppv_widget_init",305,[182,187],{"action":183,"nopriv":184,"callback":183,"hasNonce":185,"hasCapCheck":185,"file":146,"line":186},"wppv_count_vote",true,false,201,{"action":183,"nopriv":185,"callback":183,"hasNonce":185,"hasCapCheck":185,"file":146,"line":188},202,[],[],[],{"dangerousFunctions":193,"sqlUsage":194,"outputEscaping":196,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":272},[],{"prepared":28,"raw":28,"locations":195},[],{"escaped":66,"rawEcho":197,"locations":198},40,[199,202,204,206,208,210,211,213,215,217,219,221,223,225,227,229,231,232,234,236,238,240,242,243,244,246,248,250,252,254,255,256,258,260,261,262,264,266,268,270],{"file":140,"line":200,"context":201},45,"raw output",{"file":140,"line":203,"context":201},50,{"file":140,"line":205,"context":201},55,{"file":140,"line":207,"context":201},60,{"file":140,"line":209,"context":201},65,{"file":140,"line":36,"context":201},{"file":140,"line":212,"context":201},132,{"file":140,"line":214,"context":201},135,{"file":140,"line":216,"context":201},154,{"file":140,"line":218,"context":201},155,{"file":140,"line":220,"context":201},156,{"file":140,"line":222,"context":201},157,{"file":142,"line":224,"context":201},28,{"file":142,"line":226,"context":201},42,{"file":142,"line":228,"context":201},43,{"file":142,"line":230,"context":201},44,{"file":142,"line":200,"context":201},{"file":142,"line":233,"context":201},71,{"file":142,"line":235,"context":201},76,{"file":142,"line":237,"context":201},81,{"file":142,"line":239,"context":201},86,{"file":142,"line":241,"context":201},91,{"file":142,"line":212,"context":201},{"file":142,"line":214,"context":201},{"file":142,"line":245,"context":201},149,{"file":146,"line":247,"context":201},217,{"file":146,"line":249,"context":201},255,{"file":146,"line":251,"context":201},270,{"file":146,"line":253,"context":201},271,{"file":146,"line":253,"context":201},{"file":146,"line":253,"context":201},{"file":146,"line":257,"context":201},274,{"file":146,"line":259,"context":201},275,{"file":146,"line":259,"context":201},{"file":146,"line":259,"context":201},{"file":146,"line":263,"context":201},288,{"file":146,"line":265,"context":201},290,{"file":146,"line":267,"context":201},293,{"file":146,"line":269,"context":201},295,{"file":146,"line":271,"context":201},339,[],[274,361],{"entryPoint":275,"graph":276,"unsanitizedCount":359,"severity":360},"\u003Cadmin-setup> (admin-setup.php:0)",{"nodes":277,"edges":347},[278,283,288,292,294,298,300,304,306,310,312,316,318,322,324,328,330,334,336,339,341,345],{"id":279,"type":280,"label":281,"file":140,"line":282},"n0","source","$_POST['wppv_onoff']",169,{"id":284,"type":285,"label":286,"file":140,"line":282,"wp_function":287},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":289,"type":280,"label":290,"file":140,"line":291},"n2","$_POST['wppv_label']",172,{"id":293,"type":285,"label":286,"file":140,"line":291,"wp_function":287},"n3",{"id":295,"type":280,"label":296,"file":140,"line":297},"n4","$_POST['wppv_mouse_over']",175,{"id":299,"type":285,"label":286,"file":140,"line":297,"wp_function":287},"n5",{"id":301,"type":280,"label":302,"file":140,"line":303},"n6","$_POST['wppv_voted']",178,{"id":305,"type":285,"label":286,"file":140,"line":303,"wp_function":287},"n7",{"id":307,"type":280,"label":308,"file":140,"line":309},"n8","$_POST['wppv_thanks']",181,{"id":311,"type":285,"label":286,"file":140,"line":309,"wp_function":287},"n9",{"id":313,"type":280,"label":314,"file":140,"line":315},"n10","$_POST['wppv_refusal']",184,{"id":317,"type":285,"label":286,"file":140,"line":315,"wp_function":287},"n11",{"id":319,"type":280,"label":320,"file":140,"line":321},"n12","$_POST['wppv_top']",187,{"id":323,"type":285,"label":286,"file":140,"line":321,"wp_function":287},"n13",{"id":325,"type":280,"label":326,"file":140,"line":327},"n14","$_POST['wppv_bottom']",192,{"id":329,"type":285,"label":286,"file":140,"line":327,"wp_function":287},"n15",{"id":331,"type":280,"label":332,"file":140,"line":333},"n16","$_POST['wppv_postonly']",197,{"id":335,"type":285,"label":286,"file":140,"line":333,"wp_function":287},"n17",{"id":337,"type":280,"label":338,"file":140,"line":160},"n18","$_POST['wppv_login']",{"id":340,"type":285,"label":286,"file":140,"line":160,"wp_function":287},"n19",{"id":342,"type":280,"label":343,"file":140,"line":344},"n20","$_POST['wppv_postnum']",207,{"id":346,"type":285,"label":286,"file":140,"line":344,"wp_function":287},"n21",[348,349,350,351,352,353,354,355,356,357,358],{"from":279,"to":284,"sanitized":185},{"from":289,"to":293,"sanitized":185},{"from":295,"to":299,"sanitized":185},{"from":301,"to":305,"sanitized":185},{"from":307,"to":311,"sanitized":185},{"from":313,"to":317,"sanitized":185},{"from":319,"to":323,"sanitized":185},{"from":325,"to":329,"sanitized":185},{"from":331,"to":335,"sanitized":185},{"from":337,"to":340,"sanitized":185},{"from":342,"to":346,"sanitized":185},11,"low",{"entryPoint":362,"graph":363,"unsanitizedCount":359,"severity":360},"\u003Cadmin_setup> (admin_setup.php:0)",{"nodes":364,"edges":396},[365,367,368,370,371,373,374,376,377,378,379,381,382,384,385,387,388,390,391,393,394,395],{"id":279,"type":280,"label":281,"file":142,"line":366},180,{"id":284,"type":285,"label":286,"file":142,"line":366,"wp_function":287},{"id":289,"type":280,"label":290,"file":142,"line":369},183,{"id":293,"type":285,"label":286,"file":142,"line":369,"wp_function":287},{"id":295,"type":280,"label":296,"file":142,"line":372},186,{"id":299,"type":285,"label":286,"file":142,"line":372,"wp_function":287},{"id":301,"type":280,"label":302,"file":142,"line":375},189,{"id":305,"type":285,"label":286,"file":142,"line":375,"wp_function":287},{"id":307,"type":280,"label":308,"file":142,"line":327},{"id":311,"type":285,"label":286,"file":142,"line":327,"wp_function":287},{"id":313,"type":280,"label":314,"file":142,"line":380},195,{"id":317,"type":285,"label":286,"file":142,"line":380,"wp_function":287},{"id":319,"type":280,"label":320,"file":142,"line":383},198,{"id":323,"type":285,"label":286,"file":142,"line":383,"wp_function":287},{"id":325,"type":280,"label":326,"file":142,"line":386},203,{"id":329,"type":285,"label":286,"file":142,"line":386,"wp_function":287},{"id":331,"type":280,"label":332,"file":142,"line":389},208,{"id":335,"type":285,"label":286,"file":142,"line":389,"wp_function":287},{"id":337,"type":280,"label":338,"file":142,"line":392},215,{"id":340,"type":285,"label":286,"file":142,"line":392,"wp_function":287},{"id":342,"type":280,"label":343,"file":142,"line":168},{"id":346,"type":285,"label":286,"file":142,"line":168,"wp_function":287},[397,398,399,400,401,402,403,404,405,406,407],{"from":279,"to":284,"sanitized":185},{"from":289,"to":293,"sanitized":185},{"from":295,"to":299,"sanitized":185},{"from":301,"to":305,"sanitized":185},{"from":307,"to":311,"sanitized":185},{"from":313,"to":317,"sanitized":185},{"from":319,"to":323,"sanitized":185},{"from":325,"to":329,"sanitized":185},{"from":331,"to":335,"sanitized":185},{"from":337,"to":340,"sanitized":185},{"from":342,"to":346,"sanitized":185},{"summary":409,"deductions":410},"The wp-postvoting v1.0 plugin exhibits a concerning security posture primarily due to its unprotected entry points.  While the plugin avoids dangerous functions and SQL injection vulnerabilities by using prepared statements, its static analysis reveals a significant weakness: two AJAX handlers that lack any authentication or authorization checks. This exposes the plugin to potential unauthorized actions. The taint analysis further highlights this concern, with two flows identified as having unsanitized paths, indicating a risk of data being processed without proper validation or sanitization, although no critical or high severity issues were flagged here.\n\nThe vulnerability history is clean, with no recorded CVEs, which is a positive sign. However, this lack of historical issues does not negate the current identified risks in the code. The plugin's strengths lie in its use of prepared statements for SQL queries and the absence of bundled libraries, which can sometimes introduce vulnerabilities.  Nonetheless, the critical need for authentication on its AJAX handlers and the presence of unsanitized data flows are significant security concerns that must be addressed.",[411,413,416,419,421],{"reason":412,"points":11},"Unprotected AJAX handlers",{"reason":414,"points":415},"Unsanitized paths in taint flows",6,{"reason":417,"points":418},"Low output escaping percentage",5,{"reason":420,"points":418},"Missing nonce checks on AJAX",{"reason":422,"points":418},"Missing capability checks","2026-03-17T00:45:42.584Z",{"wat":425,"direct":436},{"assetPaths":426,"generatorPatterns":430,"scriptPaths":431,"versionParams":432},[427,428,429],"\u002Fwp-content\u002Fplugins\u002Fwp-postvoting\u002Fcss\u002Fwppv_admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-postvoting\u002Fjs\u002Fwp_postvoting.js","\u002Fwp-content\u002Fplugins\u002Fwp-postvoting\u002Fcss\u002Fwp_postvoting.css",[],[428],[433,434,435],"wp-postvoting\u002Fcss\u002Fwppv_admin.css?v=","wp-postvoting\u002Fjs\u002Fwp_postvoting.js?v=","wp-postvoting\u002Fcss\u002Fwp_postvoting.css?v=",{"cssClasses":437,"htmlComments":442,"htmlAttributes":443,"restEndpoints":447,"jsGlobals":448,"shortcodeOutput":451},[438,439,440,441],"wp_postvote","wp_voted_icon","wp_votecount","wp_vote_icon",[],[444,445,446],"id=\"wppv-","id=\"votetext\"","id=\"onlyreg\"",[],[449,450],"wppvajax","wppv_text",[452,453,454,455,456,457],"\u003Cdiv class=\"wp_postvote\">","\u003Ch4 id=\"votetext\">","\u003Cdiv class=\"wp_vote_icon\">\u003C\u002Fdiv>","\u003Cspan class=\"wp_votecount\">","\u003Cdiv class=\"wp_voted_icon\">\u003C\u002Fdiv>","\u003Ch4 id=\"onlyreg\">",{"error":184,"url":459,"statusCode":460,"statusMessage":461,"message":461},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-postvoting\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":50,"versions":463},[464,469,476,483],{"version":6,"download_url":26,"svn_tag_url":465,"released_at":29,"has_diff":185,"diff_files_changed":466,"diff_lines":29,"trac_diff_url":467,"vulnerabilities":468,"is_current":184},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-postvoting\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-postvoting%2Ftags%2F1.0.2&new_path=%2Fwp-postvoting%2Ftags%2F1.2",[],{"version":470,"download_url":471,"svn_tag_url":472,"released_at":29,"has_diff":185,"diff_files_changed":473,"diff_lines":29,"trac_diff_url":474,"vulnerabilities":475,"is_current":185},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postvoting.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-postvoting\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-postvoting%2Ftags%2F1.0.1&new_path=%2Fwp-postvoting%2Ftags%2F1.0.2",[],{"version":477,"download_url":478,"svn_tag_url":479,"released_at":29,"has_diff":185,"diff_files_changed":480,"diff_lines":29,"trac_diff_url":481,"vulnerabilities":482,"is_current":185},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postvoting.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-postvoting\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-postvoting%2Ftags%2F1.0&new_path=%2Fwp-postvoting%2Ftags%2F1.0.1",[],{"version":94,"download_url":484,"svn_tag_url":485,"released_at":29,"has_diff":185,"diff_files_changed":486,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":487,"is_current":185},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-postvoting.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-postvoting\u002Ftags\u002F1.0\u002F",[],[]]