[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMx7kHGPuaRlpTs1GgDklEvrin7QsGIqDdKKvUDu6aWE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":133,"fingerprints":278},"wp-recent-tags","WP Recent Tags","0.1.1","AndrewZhang","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewzhang\u002F","\u003Cp>Provide a widget to show the hot tags of your recent posts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.mashget.com\u002F2008\u002F09\u002F18\u002Fwp-recent-tags-changelog\u002F\" rel=\"nofollow ugc\">ChangeLog\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Tag?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Tag is simply a word you can use to describe something, with WordPress, ‘something’ will be your posts or pages. It’s very easy to use, think this way, if you want to google your post, what keywords should you use, that’s it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why ‘Recent Tags’?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Giving an example:\u003C\u002Fp>\n\u003Cp>Olympics were very hot about a month ago, and we might write many posts about this topic, then ‘Olympics’ was a very hot tag. But Olympics would not always the hot spot, right? It’s gone, and we might talk Elections now, so how to let the visitors get this, get what you’re talking about now?\u003C\u002Fp>\n\u003Cp>Recent Tags! That’s the simplest way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to define ‘Recent’ and something you should know?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>‘Recent’ is a problem? Yep, actually it is.  Recent tags might be tags used in some recent posts, or it might be the tags used in some recent days, strictly speaking, they’re different, but most of the time, the difference can be very small. The point is when you see the tags, you do tell it is the ‘recent’ ones.\u003C\u002Fp>\n\u003Cp>For performance considerations, this plugin will log your tags by days, that means it can tell you what and how many times a tag be used for a specific day, and what the hot tags in some recent days.\u003C\u002Fp>\n\u003Cp>But for most of us, we don’t write posts very day, right?  So there’s a problem here, if you ask hot tags in recent 2 days, you might get a empty box, as you didn’t publish anything. To solve this problem, this plugin will still ask to show the hot tags in some recent posts, but the calculation method will be:\u003C\u002Fp>\n\u003Cp>Giving an example, to show the hot tags in recent 20 posts, it will get the date of the 20th post first, and calculate the hot tags since that day.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Worry about performance?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>It’s possible to calculate the tag stat directly through wordpress tables, but the server usage  will be extremely high, so this plugin creates a table in your database to track your tags by day. You can treat these data as some pre-calculation, if you’re not publishing posts every minute and every post gets lots of tags, I don’t think you should worry about this table.\u003C\u002Fp>\n\u003Cp>Also, I think you may use the \u003Ca href=\"http:\u002F\u002Fwww.mashget.com\u002F2008\u002F09\u002F01\u002Fwp-widget-cache-for-wordpress\u002F\" rel=\"nofollow ugc\">WP Widget Cache\u003C\u002Fa> to cache the widget output\u003C\u002Fp>\n","Provide a widget to show the hot tags of your recent posts.",10,3258,0,"2008-10-12T03:26:00.000Z","2.6.2","2.5","",[19,20,21],"post","tags","widget","http:\u002F\u002Fwww.mashget.com\u002F2008\u002F09\u002F18\u002Fwp-recent-tags-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-recent-tags.0.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"andrewzhang",2,20,30,84,"2026-04-04T17:00:48.887Z",[36,59,77,97,114],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":30,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":55,"download_link":56,"security_score":57,"vuln_count":30,"unpatched_count":13,"last_vuln_date":58,"fetched_at":26},"essential-widgets","Essential Widgets","3.0.1","Catch Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatchthemes\u002F","\u003Cp>Essential Widgets – a free WordPress plugin for widgets allows you to create and add interesting widgets on your website to make it more attractive and welcoming. Essential Widgets stays true to the essence of its name and offers exactly what you expect from a widgets plugin—all the “essential” widgets for your website. The plugin has been crafted beautifully to draw the extra attention to the important parts of your website. Essential Widgets provides you with the ability to have more control over the widgets with the various customization options. This free WordPress plugin for widgets allows you to create 7 different interesting widgets on your website. All the 7 widgets provided to you comes with so many customization options and are very easy to use. So, with Essential Widgets plugin, customize the interesting widgets your way and display them anywhere you want on your website to make it more dynamic.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>EW: Archives\u003Cbr \u002F>\nThe Archives widget comes with various customization options. Choose a title, limit the number of posts, select the archive type, post type, order and more with the Archives widget.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Authors\u003Cbr \u002F>\nDisplaying the author’s information is kind of a must-have feature if your website has multiple authors. Our new WordPress widgets plugin allows you to add Authors widget. With this widget, you can show the list of the authors on your website, the number of posts, select feed type, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Categories\u003Cbr \u002F>\nEssential Widgets Pro supports Categories widget. The widget provides you with various customizable options such as the title of the widget, taxonomy option, order option, number of categories to show, display as a list or none, number of posts to display, sort by option, select feed type ton display and display as text or image.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Menus\u003Cbr \u002F>\nBored with the same default menu? Our new WordPress plugin for widgets, Essential Widgets Pro supports Menus widget. With the Menus widget filled with various customization options, you can display your menus elegantly anywhere you want on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Pages\u003Cbr \u002F>\nDisplay a list of pages with the Pages widget. With various customization options being provided to you, you can showcase the pages that are more important on your website wherever you want with Essential Widgets Pro.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Posts\u003Cbr \u002F>\nEssential Widgets Pro supports Posts widget. With the widget and its customizable options, you can easily display a list of posts on your website. You can add a title, select the post type, number of items to display, order, sort by, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>EW: Tags\u003Cbr \u002F>\nAnd last, but definitely not the least, the Tags widget. You can display a list of tags as cloud or list, select the order of the tags, sort by option and the number of items to be displayed. The widget also provides you with more customization options including the unit, separator, search, text type, and more.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>To translate the plugin, use translate.wordpress.org (GlotPress). You only need your WordPress.org account to join the collaborative translation project.\u003C\u002Fp>\n\u003Cp>You can translate Essential Widgets on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fessential-widgets\u002F\" rel=\"nofollow ugc\">translate.wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Essential Widgets is a WordPress plugin for widgets that allows you to create and add amazing widgets with high customization option",10000,488631,70,"2026-01-26T17:59:00.000Z","6.9.4","5.9",[51,52,53,20,54],"categories","pages","posts","widgets","https:\u002F\u002Fcatchplugins.com\u002Fplugins\u002Fessential-widgets\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fessential-widgets.3.0.1.zip",98,"2026-02-04 18:41:50",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":75,"download_link":76,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"flexible-posts-widget","Flexible Posts Widget","3.5.0","DaveE","https:\u002F\u002Fprofiles.wordpress.org\u002Fdpe415\u002F","\u003Cp>The default Recent Posts widget is exceptionally basic. I always find myself in need of a way to easily display a selection of posts from any combination post type or taxonomy. Hence, Flexible Posts Widget.\u003C\u002Fp>\n\u003Cp>Flexible Posts Widget (FPW) is more than just a simple alternative to the default Recent Posts widget.  With many per-instance options it is highly customizable and allows advanced users to display the resulting posts virtually any way imaginable.\u003C\u002Fp>\n\u003Ch4>Features & options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable widget title\u003C\u002Fli>\n\u003Cli>Get posts by post type(s) and\u002For taxonomy & term(s) or directly by a list of post IDs.\u003C\u002Fli>\n\u003Cli>Control the number of posts displayed and the number of posts to offset.\u003C\u002Fli>\n\u003Cli>Option to display the post feature image.\u003C\u002Fli>\n\u003Cli>Select the post feature image size to display from existing image sizes: thumbnail, medium, large, post-thumbnail or any size defined by the current theme.\u003C\u002Fli>\n\u003Cli>Order posts by: date, modified date, ID, title, menu order, random, Post ID Order; and sort posts: ascending or descending.\u003C\u002Fli>\n\u003Cli>Each widget’s output can be customized by user-defined templates added to the current theme folder.\u003C\u002Fli>\n\u003Cli>Multi Language support. Compatible with \u003Ca href=\"http:\u002F\u002Fwpml.org\u002F\" rel=\"nofollow ugc\">WPML\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpolylang\u002F\" rel=\"ugc\">PolyLang\u003C\u002Fa> for sure. Not tested with other multi-language plugins, but it should work.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Hooks\u003C\u002Fh4>\n\u003Cp>Flexible posts widget currently has two public hooks:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Filter: \u003Ca href=\"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fflexible-posts-widget\u002Ftrunk\u002Fincludes\u002Fclass-fpw-widget.php#L191\" rel=\"nofollow ugc\">\u003Ccode>dpe_fpw_args\u003C\u002Fcode>\u003C\u002Fa> allows filtering the query vars before submitting the widget posts query.\u003C\u002Fli>\n\u003Cli>Filter: \u003Ca href=\"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fflexible-posts-widget\u002Ftrunk\u002Fincludes\u002Fclass-fpw-widget.php#L354\" rel=\"nofollow ugc\">\u003Ccode>dpe_fpw_template_{$template_name}\u003C\u002Fcode>\u003C\u002Fa> filters the template file path used to display the widget output.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Future updates & feature requests list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use search box instead of ID text field for post id’s\u003C\u002Fli>\n\u003Cli>Shortcode functionality.\u003C\u002Fli>\n\u003Cli>Get posts by Author.\u003C\u002Fli>\n\u003Cli>Filter out the post currently being viewed.\u003C\u002Fli>\n\u003Cli>Get posts from the same archive (term\u002Fpost type\u002Fetc).\u003C\u002Fli>\n\u003Cli>Limit results by a time period.\u003C\u002Fli>\n\u003C\u002Ful>\n","An advanced posts display widget with many options. Display posts in your sidebars any way you'd like!",8000,214074,92,57,"2017-11-28T09:10:00.000Z","4.7.32","3.2",[51,53,20,21,54],"http:\u002F\u002Fflexiblepostswidget.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflexible-posts-widget.3.5.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":95,"download_link":96,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"ff-tab-widget","FF Tab Widget","1.1","Kharis Sulistiyono","https:\u002F\u002Fprofiles.wordpress.org\u002Fkharisblank\u002F","\u003Cp>FF Tab Widget is a great solution for you to display different contents in a single widget. You can display popular posts, recent posts, recent commets, and tags in an animated tabs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to install, just drag the widget into your widgetized sidebar.\u003C\u002Fli>\n\u003Cli>Has widget options: Label name, limit tab content and show\u002Fhide tab item.\u003C\u002Fli>\n\u003Cli>Uses jQuery Tabs \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FamazingSurge\u002Fjquery-tabs\" rel=\"nofollow ugc\">script\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’d like to contribute to the plugin you can find it on \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fkharissulistiyo\u002FFF-Tab-Widget\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>FF doesn’t stand for anything.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.kharissulistiyono.com\u002Fff-tab-widget-pro\u002F\" rel=\"nofollow ugc\">PRO version\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Simply go to Appearance > Widgets and drag “FF Tab Widget” instance to the sidebar of your choice. Within the widget are several options where you can show\u002Fhide tab item and specifify the content limit. See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fff-tab-widget\u002Fscreenshots\" rel=\"ugc\">screenshots\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Ch4>Tabs Widget Style\u003C\u002Fh4>\n\u003Cp>The tab widget style tested on “Twenty Twelve” theme (see the plugin screenshot). It may look different on other themes. You can adjust its style by modifying CSS file (fftw.css) inside the plugin folder. To make developers easy to make modification I also profide the LESS file (fftw.less).\u003C\u002Fp>\n\u003Cp>If you do not have time to make your tabs widget looks beautiful on your theme, you can \u003Ca href=\"mailto:kharisblank@gmail.com\" rel=\"nofollow ugc\">contact me\u003C\u002Fa> for plugin customization service.\u003C\u002Fp>\n\u003Cp>Contact this \u003Ca href=\"http:\u002F\u002Fkharissulistiyo.com\" rel=\"nofollow ugc\">plugin author\u003C\u002Fa>.\u003C\u002Fp>\n","Display popular posts, recent posts, recent commets, and tags in an animated tabs in a single widget.",80,7765,46,3,"2014-01-09T17:16:00.000Z","3.7.41","3.0",[93,53,94,20,21],"comments","sidebar","https:\u002F\u002Fgithub.com\u002Fkharissulistiyo\u002FFF-Tab-Widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fff-tab-widget.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":85,"downloaded":105,"rating":13,"num_ratings":13,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":112,"download_link":113,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"post-tags-widget","Post Tags Widget","1.0","Jeff Farthing","https:\u002F\u002Fprofiles.wordpress.org\u002Fjfarthing84\u002F","\u003Cp>Have you ever needed to display the tags for the current post somewhere other than below the post, as is standard in many themes? Now, with Post Tags Widget, you can place them anywhere you have a widget area! And it will only display when viewing a single post that actually has tags!\u003C\u002Fp>\n","Display tags for the current post in a widget.",1934,"2019-01-31T23:22:00.000Z","5.0.25","2.8.0","5.2.4",[111,20,21],"post-tags","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpost-tags-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-tags-widget.1.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":13,"num_ratings":13,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":17,"tags":127,"homepage":128,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":131,"last_vuln_date":132,"fetched_at":26},"sensitive-tag-cloud","SensitiveTagCloud","1.4.1","reneade","https:\u002F\u002Fprofiles.wordpress.org\u002Freneade\u002F","\u003Cp>This wordpress plugin provides a configurable tagcloud that shows tags depending of the current context only. For example the tagcloud shows only tags that really occur in the current category, or within the current date-, author-, tag- archive or even only the tags that occur in the search results.\u003Cbr \u002F>\nIt is also possible to restrict the links of the tag cloud to the current viewing tag archive or category: If you click on the tag “test1” within the tag cloud of the tag archive of “test2” the target page will only contain posts that have both tags, like a drill down navigation. It is possible to exclude the tag of the tag-archive itself from the tagcloud.\u003Cbr \u002F>\nFor the single post pages you can configure the tagcloud to show also related tags of the current posts, not only the direct tags of the post. And you can configure the tagcloud to exclude the tag of the current post, to show only the related tags.\u003Cbr \u002F>\nThe style and sizes of the tagcloud can be configured, and the widget can be configured to be only visible if viewing a tag archive, category, a sinlge post or even only if viewing the searchresults for example. It is also possible to configure the number of tags that should be displayed in the different conditions.\u003C\u002Fp>\n\u003Cp>Plugin Website: http:\u002F\u002Fwww.rene-ade.de\u002Finhalte\u002Fwordpress-plugin-sensitivetagcloud.html\u003Cbr \u002F>\nDonations: http:\u002F\u002Fwww.rene-ade.de\u002Fstichwoerter\u002Fspenden\u003C\u002Fp>\n\u003Ch3>Update\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate the Plugin\u003C\u002Fli>\n\u003Cli>Remove the existing folder ‘sensitive-tag-cloud’ with all files from the ‘wp-content\u002Fplugins’ folder on your webserver\u003C\u002Fli>\n\u003Cli>Upload the new folder ‘sensitive-tag-cloud’ with all files to ‘\u002Fwp-content\u002Fplugins’ on your webserver\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","This wordpress plugin provides a tagcloud that shows tags depending of the current context (e.g. Category, Author, Tag, Post) only.",50,15079,"2009-06-25T01:17:00.000Z","2.99999","2.3",[51,53,94,20,21],"http:\u002F\u002Fwww.rene-ade.de\u002Finhalte\u002Fwordpress-plugin-sensitivetagcloud.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsensitive-tag-cloud.zip",63,1,"2025-12-31 00:00:00",{"attackSurface":134,"codeSignals":162,"taintFlows":214,"riskAssessment":263,"analyzedAt":277},{"hooks":135,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":13,"unprotectedCount":13},[136,142,146,150,154],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","wp_insert_post","check_tagcount_update_log","recent-tags.php",36,{"type":137,"name":143,"callback":144,"file":140,"line":145},"wp_head","generate_rtstyle",40,{"type":137,"name":147,"callback":148,"file":140,"line":149},"delete_term","deletetagstat",43,{"type":137,"name":151,"callback":152,"file":140,"line":153},"widgets_init","register_wrt_widget",44,{"type":137,"name":155,"callback":156,"file":140,"line":157},"admin_menu","add_options_page",45,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":213},[],{"prepared":165,"raw":131,"locations":166},13,[167],{"file":140,"line":168,"context":169},365,"$wpdb->get_var() with variable interpolation",{"escaped":165,"rawEcho":171,"locations":172},22,[173,176,178,180,182,184,186,188,190,192,194,196,198,200,202,203,204,205,207,208,209,211],{"file":140,"line":174,"context":175},106,"raw output",{"file":140,"line":177,"context":175},107,{"file":140,"line":179,"context":175},117,{"file":140,"line":181,"context":175},123,{"file":140,"line":183,"context":175},182,{"file":140,"line":185,"context":175},187,{"file":140,"line":187,"context":175},192,{"file":140,"line":189,"context":175},209,{"file":140,"line":191,"context":175},211,{"file":140,"line":193,"context":175},213,{"file":140,"line":195,"context":175},228,{"file":140,"line":197,"context":175},229,{"file":140,"line":199,"context":175},230,{"file":140,"line":201,"context":175},241,{"file":140,"line":201,"context":175},{"file":140,"line":201,"context":175},{"file":140,"line":201,"context":175},{"file":140,"line":206,"context":175},253,{"file":140,"line":206,"context":175},{"file":140,"line":206,"context":175},{"file":140,"line":210,"context":175},258,{"file":140,"line":212,"context":175},259,[],[215,248],{"entryPoint":216,"graph":217,"unsanitizedCount":246,"severity":247},"wp_recent_tags_options_subpanel (recent-tags.php:76)",{"nodes":218,"edges":241},[219,224,230,233,237,239],{"id":220,"type":221,"label":222,"file":140,"line":223},"n0","source","$_POST (x2)",83,{"id":225,"type":226,"label":227,"file":140,"line":228,"wp_function":229},"n1","sink","update_option() [Settings Manipulation]",86,"update_option",{"id":231,"type":221,"label":232,"file":140,"line":174},"n2","$_SERVER['PHP_SELF']",{"id":234,"type":226,"label":235,"file":140,"line":174,"wp_function":236},"n3","echo() [XSS]","echo",{"id":238,"type":221,"label":222,"file":140,"line":223},"n4",{"id":240,"type":226,"label":235,"file":140,"line":179,"wp_function":236},"n5",[242,244,245],{"from":220,"to":225,"sanitized":243},false,{"from":231,"to":234,"sanitized":243},{"from":238,"to":240,"sanitized":243},5,"medium",{"entryPoint":249,"graph":250,"unsanitizedCount":246,"severity":262},"\u003Crecent-tags> (recent-tags.php:0)",{"nodes":251,"edges":258},[252,253,254,255,256,257],{"id":220,"type":221,"label":222,"file":140,"line":223},{"id":225,"type":226,"label":227,"file":140,"line":228,"wp_function":229},{"id":231,"type":221,"label":232,"file":140,"line":174},{"id":234,"type":226,"label":235,"file":140,"line":174,"wp_function":236},{"id":238,"type":221,"label":222,"file":140,"line":223},{"id":240,"type":226,"label":235,"file":140,"line":179,"wp_function":236},[259,260,261],{"from":220,"to":225,"sanitized":243},{"from":231,"to":234,"sanitized":243},{"from":238,"to":240,"sanitized":243},"low",{"summary":264,"deductions":265},"The wp-recent-tags plugin version 0.1.1 presents a mixed security posture. On the positive side, it exhibits an extremely small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. The plugin also avoids dangerous functions, file operations, and external HTTP requests, which are common vectors for compromise. Furthermore, the vulnerability history is clean, with no known CVEs, suggesting a potentially stable codebase in terms of publicly disclosed flaws.\n\nHowever, there are significant areas of concern. A substantial percentage of SQL queries (7%) are not using prepared statements, which could lead to SQL injection vulnerabilities if the inputs are not properly sanitized. More critically, 37% of output escaping is not properly implemented, presenting a risk of Cross-Site Scripting (XSS) vulnerabilities, especially since no nonce or capability checks are present for any entry points. The taint analysis, while limited in scope with only two flows analyzed, revealed two flows with unsanitized paths. This, combined with the lack of proper output escaping and capability checks, indicates potential vectors for malicious code execution or data manipulation.\n\nIn conclusion, while the plugin's limited attack surface and lack of historical vulnerabilities are strengths, the presence of unsanitized flows, raw SQL queries, and inadequate output escaping are serious weaknesses. The absence of any nonce or capability checks further exacerbates these risks, as there are no built-in protections against unauthorized access or manipulation. These issues suggest that while the plugin may not have been historically targeted, it contains exploitable flaws that could be leveraged by an attacker.",[266,268,271,273,275],{"reason":267,"points":246},"SQL queries not using prepared statements",{"reason":269,"points":270},"Low percentage of properly escaped output",8,{"reason":272,"points":11},"Taint flows with unsanitized paths",{"reason":274,"points":246},"No nonce checks",{"reason":276,"points":246},"No capability checks","2026-03-17T01:02:44.415Z",{"wat":279,"direct":286},{"assetPaths":280,"generatorPatterns":282,"scriptPaths":283,"versionParams":284},[281],"\u002Fwp-content\u002Fplugins\u002Fwp-recent-tags\u002Fwp_recent_tags.css",[],[],[285],"wp-recent-tags\u002Fwp_recent_tags.css?ver=",{"cssClasses":287,"htmlComments":289,"htmlAttributes":292,"restEndpoints":298,"jsGlobals":299,"shortcodeOutput":300},[288],"recent-tags",[290,291],"WP Recent Tags 0.1.1 (http:\u002F\u002Fwww.mashget.com) Begin","WP Recent Tags End",[293,294,295,296,297],"name=\"recent-tags-title\"","name=\"recent-tags-rcposts-num\"","name=\"recent-tags-maxtags-num\"","name=\"recent-tags-style-cloud\"","name=\"recent-tags-style-list\"",[],[],[]]