[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0E6biU7UjiUfD7OdNWmk7d9lIFzrUQpFuUpb-Oy-dDs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":139,"fingerprints":278},"wp-rc-reply-ajax","WP RecentComments & Reply AJAX(WP RC Reply AJAX)","2.0.14","qiqiboy","https:\u002F\u002Fprofiles.wordpress.org\u002Fqiqiboy\u002F","\u003Cp>*Display recent comments in your blog sidebar.\u003Cbr \u002F>\n*with it, you can reply everyone from widget sidebar by Ajax type.\u003Cbr \u002F>\n*If you have questions, Please contact [imqiqiboy#gmail.com] or leave a message in my blog(http:\u002F\u002Fwww.qiqiboy.com).\u003Cbr \u002F>\n*支持翻页查看的ajax版最新评论\u003Cbr \u002F>\n*可以对一条评论进行回复，这也只需在侧边栏就可完成，而且是ajax方式。（点击一条评论右边的右向双箭头，进入单条评论查看模式，然后点击右边的回复按钮即可进行回复）\u003Cbr \u002F>\n*回复支持嵌套，自动添加@回复，支持无限嵌套，无需担心被回复人的层深问题。\u003Cbr \u002F>\n*支持列表输出回复按钮，回复更方便\u003Cbr \u002F>\n*可设置只允许博主回复\u003Cbr \u002F>\n*支持”ctrl+enter”快捷回复\u003Cbr \u002F>\n*提供技术支持及咨询，联系邮件请发【imqiqiboy#gmail.com】或者在我博客【http:\u002F\u002Fwww.qiqiboy.com】留言\u003C\u002Fp>\n\u003Ch4>plugin update 2.0.3\u003C\u002Fh4>\n\u003Cp>Add public external interface, you can call \u003Ccode>WIDGET.RCCMT()\u003C\u002Fcode> to refresh the list of recent comments\u003Cbr \u002F>\n新增公共外部接口，你可以调用\u003Ccode>WIDGET.RCCMT()\u003C\u002Fcode>来刷新最新评论列表。willin版的ajax评论回复修改版可以到此下载http:\u002F\u002Fu.115.com\u002Ffile\u002Ff46b026a9。此版本可以即时刷新最新评论列表。\u003Cbr \u002F>\n这是一个完全重构后的测试版，如果你在使用中有任何不适，可以换回稳定的1.2.1版（下载地址：https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rc-reply-ajax.1.2.1.zip）。\u003Cbr \u002F>\n2.0版完全重构，速度更快，更节省带宽。使用数据缓存技术，翻看过的评论列表不必重新加载，往回翻页不必重复请求数据，反应更快！\u003Cbr \u002F>\nThis is a beta version completely reconstructed, if you have any discomfort in use, you can exchange for a stable version 1.2.1 (Download: https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rc-reply -ajax.1.2.1.zip). \u003Cbr \u002F>\n2.0 PR, faster, more economical bandwidth. Use of data cache, look over the list without having to reload the comments, do not have to repeat the request back page of data, the reaction faster!\u003C\u002Fp>\n","Display recent comments in your blog sidebar. With it, you can reply everyone from widget sidebar by Ajax type.",10,9481,0,"2011-07-13T06:18:00.000Z","3.2.1","2.7","",[19,20,21,22],"ajax","recentcomments","reply","widget","http:\u002F\u002Fwww.qiqiboy.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rc-reply-ajax.2.0.14.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},4,40,30,84,"2026-04-05T02:49:08.528Z",[36,60,78,102,122],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-tab-widget","WP Tab Widget","1.2.11","MyThemeShop","https:\u002F\u002Fprofiles.wordpress.org\u002Fmythemeshop\u002F","\u003Cp>We know you always loved those tab widgets which have that lazy loading effect in them. We at \u003Ca href=\"http:\u002F\u002Fmythemeshop.com\u002F\" rel=\"nofollow ugc\">MyThemeShop\u003C\u002Fa> understand your need, and have developed a unique, cleanly coded, premium tab plugin. We are now distributing it for FREE to give back to the WordPress community. We have been given so much by the WordPress, it’s the time to pay back.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WP Tab plugin\u003C\u002Fstrong> is the only plugin you need to get the perfect tabs on your blog. We have made it AJAXified, so the content loads only when demanded, and thus it makes the plugin incredibly lightweight. It loads before you could even blink your eye. If you’re a website owner, you always want your visitors to stay longer on your website. With WP Tab plugin, you could do it in a simple way. Install the plugin, configure the widget and let your visitors find the best content on your website in the sidebar without struggling to actually search for it.\u003C\u002Fp>\n\u003Ch4>Live demos:\u003C\u002Fh4>\n\u003Cp>See WP Tab Widget in action on our demo pages:\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fdemo.mythemeshop.com\u002Ftruepixel\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdemo.mythemeshop.com\u002Ftruepixel\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Why WP Tab from \u003Ca href=\"http:\u002F\u002Fmythemeshop.com\u002F\" rel=\"nofollow ugc\">MyThemeShop\u003C\u002Fa>:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It’s the only free plugin which offers so many features\u003C\u002Fli>\n\u003Cli>It loads the content by demand\u003C\u002Fli>\n\u003Cli>Choose between, Popular, Recent, Comments, Tags tab\u003C\u002Fli>\n\u003Cli>In-built Pagination System\u003C\u002Fli>\n\u003Cli>Fully Responsive\u003C\u002Fli>\n\u003Cli>Control the order of the tabs\u003C\u002Fli>\n\u003Cli>Change the number of tabs to show\u003C\u002Fli>\n\u003Cli>Control the number of posts to show\u003C\u002Fli>\n\u003Cli>Super light weight\u003C\u002Fli>\n\u003Cli>In-built cache system, once a tab is loaded, it stays in the memory\u003C\u002Fli>\n\u003Cli>Cool effects\u003C\u002Fli>\n\u003Cli>Easy to modify the CSS to better fit your theme style\u003C\u002Fli>\n\u003Cli>Choose between 3 unique styles of small, big or no thumbnails\u003C\u002Fli>\n\u003Cli>Show\u002FHide post date\u003C\u002Fli>\n\u003Cli>Show\u002FHide number of comments\u003C\u002Fli>\n\u003Cli>Show\u002FHide post excerpt\u003C\u002Fli>\n\u003Cli>Position it anywhere where a widget is configured in your theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>All support for this plugin is provided through our forums. If you have not registered yet, you can do so here for \u003Cstrong>FREE\u003C\u002Fstrong> \u003Cbr \u002F>\n\u003Ca href=\"\u002F\u002Fmythemeshop.com\u002F#signup”\" rel=\"nofollow ugc\">https:\u002F\u002Fmythemeshop.com\u002F#signup\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If after checking our Free WordPress video tutorials here:\u003Cbr \u002F>\n\u003Ca href=\"\u002F\u002Fmythemeshop.com\u002Fwordpress-101\u002F”\" rel=\"nofollow ugc\">https:\u002F\u002Fmythemeshop.com\u002Fwordpress-101\u002F\u003C\u002Fa>\u003Cbr \u002F>\n&\u003Cbr \u002F>\n\u003Ca href=\"\u002F\u002Fcommunity.mythemeshop.com\u002Ftutorials\u002Fcategory\u002F2-free-video-tutorials\u002F“\" rel=\"nofollow ugc\">https:\u002F\u002Fcommunity.mythemeshop.com\u002Ftutorials\u002Fcategory\u002F2-free-video-tutorials\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>you are still stuck, please feel free to open a new thread, and a member of our support team will be happy to help.\u003C\u002Fp>\n\u003Cp>Support link:\u003Cbr \u002F>\n\u003Ca href=\"\u002F\u002Fcommunity.mythemeshop.com\u002Fforum\u002F11-free-plugin-support\u002F”\" rel=\"nofollow ugc\">https:\u002F\u002Fcommunity.mythemeshop.com\u002Fforum\u002F11-free-plugin-support\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Help to make it better\u003C\u002Fh4>\n\u003Cp>MyThemeShop is a premium WordPress theme provider and we develop premium plugins in our free time and distribute them for free to give back to the community. Though we take a lot of care while developing anything, we might have missed something useful\u002Fimportant. Please help us make it better by submitting the bug\u002Fsuggestions\u002Ffeedback on GitHub.\u003C\u002Fp>\n\u003Cp>GitHub link: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FMyThemeShopTeam\u002FWP-Tab-Widget\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FMyThemeShopTeam\u002FWP-Tab-Widget\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then please leave us a good rating and review.\u003Cbr \u002F> Consider following us on \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F+Mythemeshop\u002F\" rel=\"author nofollow ugc\">Google+\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FMyThemeShopTeam\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FMyThemeShop\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n","WP Tab Widget is the AJAXified plugin which loads content by demand, and thus it makes the plugin incredibly lightweight.",10000,1056972,86,33,"2022-01-26T08:12:00.000Z","5.9.13","5.6","7.2",[53,54,55,56,57],"ajax-tabs","recent-posts-tab","tab-widget","tabs","tabs-widget","http:\u002F\u002Fmythemeshop.com\u002Fplugins\u002Fwp-tab-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tab-widget.1.2.11.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":15,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":76,"download_link":77,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"ajax-calendar","AJAX Calendar","2.5.1","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>AJAX Calendar is a plugin that will display an AJAXified WordPress calendar. This enhances the functionality of the standard calendar by:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allowing the asynchronous navigation of months, without updating the page\u003C\u002Fli>\n\u003Cli>Added to blog as a widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation can be found on the \u003Ca href=\"http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fajax-calendar\u002F\" rel=\"nofollow ugc\">AJAX Calendar\u003C\u002Fa> page.\u003C\u002Fp>\n","AJAX Calendar is a plugin that will display an AJAXified WordPress calendar.",400,111356,74,3,"2011-07-17T10:48:00.000Z","2.9",[19,75,22],"calendar","http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fajax-calendar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-calendar.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":33,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":99,"download_link":100,"security_score":101,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"no-cache-ajax-widgets","No Cache AJAX Widgets","1.1","Nirmal Kumar Ram","https:\u002F\u002Fprofiles.wordpress.org\u002Fsagarseth9\u002F","\u003Cp>You want your site to be fast, so you added caching… but now you have a new challenge: you have content that shouldn’t be cached, such as ads, feeds, rotating ads, videos, shopping carts, and more.\u003C\u002Fp>\n\u003Cp>With No Cache AJAX Widgets, you simply drag and drop the new AJAX-powered widgets to any widget area, add your content, and you are done. No more messing with your theme files, functions.php, fragmented caching, mfunc, and others, or excluding an entire page from caching.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No Cache AJAX Widgets\u003C\u002Fstrong> has been tested with all major caching plugins, including W3 Total Cache, WP Super Cache, and Rocket Cache.\u003C\u002Fp>\n\u003Cp>It doesn’t get easier than this.\u003C\u002Fp>\n\u003Ch4>Why Use No Cache AJAX Widgets:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works right out of the box, no configuration required. Upload, activate, and place your widgets.\u003C\u002Fli>\n\u003Cli>Solves dynamic content issues related to caching.\u003C\u002Fli>\n\u003Cli>Serve any content, including shortcodes, via AJAX:\n\u003Cul>\n\u003Cli>HTML content\u003C\u002Fli>\n\u003Cli>Images and banners\u003C\u002Fli>\n\u003Cli>Ads and rotating ads\u003C\u002Fli>\n\u003Cli>AdSense ads\u003C\u002Fli>\n\u003Cli>Social buttons\u003C\u002Fli>\n\u003Cli>Social feeds\u003C\u002Fli>\n\u003Cli>News feeds\u003C\u002Fli>\n\u003Cli>Shopping carts\u003C\u002Fli>\n\u003Cli>Shortcodes\u003C\u002Fli>\n\u003Cli>Location widgets\u003C\u002Fli>\n\u003Cli>And anything else you can think of…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support:\u003C\u002Fh4>\n\u003Cp>We provide support through the WordPress forum and will do our best to answer your questions. If you require additional support with installation or any customization, then log a ticket through our site: \u003Ca href=\"http:\u002F\u002Fmagnigenie.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fmagnigenie.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you have feedback for us or suggestions for improvement, we would love to hear from you too.\u003C\u002Fp>\n","Add AJAX powered widgets to your site. Serve fresh and dynamic content from any widget areas. Resolves common caching related issues.",300,6949,5,"2025-12-13T15:37:00.000Z","6.9.4","3.1","5.4",[94,95,96,97,98],"ajax-widgets","cache","cacheing","caching","no-cache","http:\u002F\u002Fmagnigenie.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-cache-ajax-widgets.1.1.zip",100,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":17,"tags":117,"homepage":17,"download_link":121,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"twitch-status","Twitch Status","1.5.1","Nicolas Bernier","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolasbernier\u002F","\u003Cp>Inserts Twitch.tv stream status tags in your blog. The tags just indicates if the stream is live with a blinking red cirle or offline.\u003C\u002Fp>\n\u003Cp>Supports multiple channels.\u003C\u002Fp>\n\u003Cp>Also implements a simple widget showing the stream status (including the thumbnail, title, game name and number of viewers) + CSS classes to show and hide some elements of the markup accordingly to the channel status.\u003C\u002Fp>\n\u003Cp>The tags and the widget are updated every 30 seconds.\u003C\u002Fp>\n","Inserts Twitch.tv stream player and chatbox in your posts, stream widget and online status tags in your menus. Supports multiple channels.",200,26504,68,9,"2020-06-06T23:39:00.000Z","5.4.19","4.6",[19,118,119,120,22],"status","tag","twitch-tv","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitch-status.1.5.1.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":101,"downloaded":130,"rating":101,"num_ratings":131,"last_updated":132,"tested_up_to":15,"requires_at_least":91,"requires_php":17,"tags":133,"homepage":137,"download_link":138,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"u-more-recent-posts","U More Recent Posts","1.4.1","Taehan Lee","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaehan\u002F","\u003Cp>This plugin make it possible to navigate more recent posts without refreshing screen.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Navigate more recent posts without refreshing screen (AJAX).\u003C\u002Fli>\n\u003Cli>General settings: Title, Number of posts to show, Post title length, List formatting(title, date, author, comment_count, thumbnail), Date formatting, Thumbnail\u003C\u002Fli>\n\u003Cli>Filtering: Post type, Taxonomy\u002FAuthor\u002FTime query.\u003C\u002Fli>\n\u003Cli>Navigation: Label, Position, Text align, Page range, Max page links\u003C\u002Fli>\n\u003Cli>Effect: Appear effect(Fade In, Slide Down, Slide Up), Disappear effect(Fade Out, Slide Up, Slide Out), Auto Pagination.\u003C\u002Fli>\n\u003Cli>Custom CSS, Progress Image, etc\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Demos:\u003Cbr \u002F>\nhttp:\u002F\u002Furlless.com\u002Fu-more-recent-posts-demos\u002F\u003C\u002Fp>\n\u003Cp>If anything does not work please leave a comment at:\u003Cbr \u002F>\nhttp:\u002F\u002Furlless.com\u002Fu-more-recent-posts\u002F\u003C\u002Fp>\n","This plugin make it possible to navigate more recent posts without refreshing screen.",10855,2,"2011-08-25T04:38:00.000Z",[19,134,135,136,22],"paginate","post","recent-posts","http:\u002F\u002Furlless.com\u002Fu-more-recent-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fu-more-recent-posts.1.4.1.zip",{"attackSurface":140,"codeSignals":167,"taintFlows":208,"riskAssessment":269,"analyzedAt":277},{"hooks":141,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":13,"unprotectedCount":13},[142,148,152,156,159],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","init","do_rc_reply","func\\function.php",14,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_menu","wp_rc_reply_add_options",232,{"type":143,"name":153,"callback":154,"file":146,"line":155},"wp_head","addScript",256,{"type":143,"name":157,"callback":154,"file":146,"line":158},"wp_footer",257,{"type":143,"name":160,"callback":161,"file":146,"line":162},"widgets_init","wp_rc_reply_widget_init",286,[],[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":206,"bundledLibraries":207},[],{"prepared":170,"raw":13,"locations":171},6,[],{"escaped":71,"rawEcho":173,"locations":174},16,[175,178,180,182,184,186,187,189,191,193,195,197,199,201,203,204],{"file":146,"line":176,"context":177},26,"raw output",{"file":146,"line":179,"context":177},67,{"file":146,"line":181,"context":177},83,{"file":146,"line":183,"context":177},153,{"file":146,"line":185,"context":177},155,{"file":146,"line":185,"context":177},{"file":146,"line":188,"context":177},248,{"file":146,"line":190,"context":177},253,{"file":146,"line":192,"context":177},267,{"file":146,"line":194,"context":177},277,{"file":146,"line":196,"context":177},278,{"file":146,"line":198,"context":177},280,{"file":200,"line":70,"context":177},"wp-rc-reply.php",{"file":200,"line":202,"context":177},79,{"file":200,"line":33,"context":177},{"file":200,"line":205,"context":177},89,1,[],[209,252],{"entryPoint":210,"graph":211,"unsanitizedCount":13,"severity":251},"do_rc_reply (func\\function.php:15)",{"nodes":212,"edges":245},[213,218,223,227,229,232,237,240],{"id":214,"type":215,"label":216,"file":146,"line":217},"n0","source","$_GET",23,{"id":219,"type":220,"label":221,"file":146,"line":176,"wp_function":222},"n1","sink","echo() [XSS]","echo",{"id":224,"type":215,"label":225,"file":146,"line":226},"n2","$_COOKIE",36,{"id":228,"type":220,"label":221,"file":146,"line":179,"wp_function":222},"n3",{"id":230,"type":215,"label":231,"file":146,"line":202},"n4","$_POST",{"id":233,"type":220,"label":234,"file":146,"line":235,"wp_function":236},"n5","get_row() [SQLi]",80,"get_row",{"id":238,"type":215,"label":231,"file":146,"line":239},"n6",98,{"id":241,"type":220,"label":242,"file":146,"line":243,"wp_function":244},"n7","get_var() [SQLi]",134,"get_var",[246,248,249,250],{"from":214,"to":219,"sanitized":247},true,{"from":224,"to":228,"sanitized":247},{"from":230,"to":233,"sanitized":247},{"from":238,"to":241,"sanitized":247},"low",{"entryPoint":253,"graph":254,"unsanitizedCount":13,"severity":251},"\u003Cfunction> (func\\function.php:0)",{"nodes":255,"edges":264},[256,257,258,259,260,261,262,263],{"id":214,"type":215,"label":216,"file":146,"line":217},{"id":219,"type":220,"label":221,"file":146,"line":176,"wp_function":222},{"id":224,"type":215,"label":225,"file":146,"line":226},{"id":228,"type":220,"label":221,"file":146,"line":179,"wp_function":222},{"id":230,"type":215,"label":231,"file":146,"line":202},{"id":233,"type":220,"label":234,"file":146,"line":235,"wp_function":236},{"id":238,"type":215,"label":231,"file":146,"line":239},{"id":241,"type":220,"label":242,"file":146,"line":243,"wp_function":244},[265,266,267,268],{"from":214,"to":219,"sanitized":247},{"from":224,"to":228,"sanitized":247},{"from":230,"to":233,"sanitized":247},{"from":238,"to":241,"sanitized":247},{"summary":270,"deductions":271},"The \"wp-rc-reply-ajax\" plugin v2.0.14 exhibits a generally good security posture based on the provided static analysis.  The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface.  Furthermore, the fact that all SQL queries utilize prepared statements is a strong indicator of secure database interaction. The plugin also demonstrates some good practices by including capability checks, though the number is low. The taint analysis shows no unsanitized paths, which is a positive sign for preventing common injection vulnerabilities.\n\nHowever, a significant concern is the extremely low percentage of properly escaped output (16%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or dynamic content is likely being rendered without sufficient sanitization. The lack of any nonce checks on the identified entry points (even though there are zero) is also a weakness that would become critical if entry points were introduced without them. The vulnerability history being clear of known issues is a positive, but it cannot offset the identified weakness in output escaping.\n\nIn conclusion, while the plugin has a limited attack surface and uses prepared statements for SQL, the severe lack of output escaping is a critical security flaw that drastically increases the risk of XSS attacks. The plugin's security could be significantly improved by addressing this output sanitation issue.",[272,275],{"reason":273,"points":274},"Low percentage of properly escaped output",15,{"reason":276,"points":88},"No nonce checks on entry points","2026-03-17T01:35:57.628Z",{"wat":279,"direct":288},{"assetPaths":280,"generatorPatterns":283,"scriptPaths":284,"versionParams":285},[281,282],"\u002Fwp-content\u002Fplugins\u002Fwp-rc-reply-ajax\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-rc-reply-ajax\u002Fjs\u002Frc_reply_ajax.js",[],[282],[286,287],"wp-rc-reply-ajax\u002Fcss\u002Fstyle.css?ver=","wp-rc-reply-ajax\u002Fjs\u002Frc_reply_ajax.js?ver=",{"cssClasses":289,"htmlComments":298,"htmlAttributes":299,"restEndpoints":303,"jsGlobals":305,"shortcodeOutput":307},[290,291,292,293,294,295,296,297],"rc_reply_comment","rc_reply_comment_list","rc_reply_content","rc_reply_username","rc_reply_date","rc_reply_text","rc_reply_submit","rc_reply_form",[],[300,301,302],"data-rc-reply-id","data-rc-reply-post-id","data-rc-reply-comment-id",[304],"\u002Fwp-json\u002Fwp-rc-reply-ajax\u002Fv1\u002Freply",[306],"rc_reply_ajax",[308],"\u003Cphp? wp_rc_reply_echo("]