[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDE_Dbm4DXihO6REvnX7_9QhCnP89JBj_0DlheVGW-Lk":3,"$fFcp8irqrEKiCw6WkdObhY8nHouyoMQ4XwJNz_OhP8bk":272,"$f3ou2fUY4v_a-Xzet7jdNqUXL7jEmT8W_3FjqQCwuy0w":276},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":39,"analysis":132,"fingerprints":244},"wp-side-comments","WP Side Comments","1.0.5","Pierre Sylvestre","https:\u002F\u002Fprofiles.wordpress.org\u002Fstrategio\u002F","\u003Cp>WP Side Comments create a new way to display comments like in medium.com network.\u003C\u002Fp>\n\u003Cp>It’s based on \u003Ca href=\"http:\u002F\u002Faroc.github.io\u002Fside-comments-demo\u002F\" title=\"See project\" rel=\"nofollow ugc\">SideComment.js\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp> \u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwww.strategio.fr\u002Fprojet\u002Fwp-side-comments\u002F\" title=\"See project page\" rel=\"nofollow ugc\">strategio.fr\u002Fprojet\u002Fwp-side-comments\u003C\u002Fa> for a live demo \u003C\u002Fp>\n","WP Side Comments create a new way to display comments like in medium.com network. It's based on SideComment.js",10,2953,54,3,"2014-07-03T14:44:00.000Z","3.9.40","3.5.1","",[20,21,22,23],"comment","comments","medium","side","http:\u002F\u002Fwww.strategio.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-side-comments.1.0.5.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":26,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"strategio",2,20,30,84,"2026-05-20T00:14:16.211Z",[40,60,80,97,114],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":18,"tags":55,"homepage":58,"download_link":59,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"comment-validation","Comment Validation","0.4","joern.zaefferer","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoernzaefferer\u002F","\u003Cp>Ever got annoyed when submitting a comment on a wordpress blog and just getting a blank page with a error message like “please fill out required fields” and nothing else? This plugin aims to help by adding validation to the comment form. When a user submits the form and something is missing, an appropiate message is displayed and individual fields are highlighted. When the email or url is in an incorrect format, a message is displayed accordingly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why should you install it?\u003C\u002Fstrong> Because you care for comments and want to help users reduce mistakes that hold them off from commenting at all.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Whats the technology used?\u003C\u002Fstrong> \u003Ca href=\"http:\u002F\u002Fjquery.com\" rel=\"nofollow ugc\">jQuery\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Fbassistance.de\u002Fjquery-plugins\u002Fjquery-plugin-validation\u002F\" rel=\"nofollow ugc\">jQuery Validation plugin\u003C\u002Fa> with a few customizations to make it fit into the standard WordPress theme.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Is it compatible with other plugins?\u003C\u002Fstrong> The plugin is tested with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdraw-comments\u002F\" rel=\"ugc\">Draw Comments\u003C\u002Fa> plugin and works, though the performance is slightly degraded. Other plugins haven’t yet been tested.\u003C\u002Fp>\n","This plugin adds client-side validation to the Wordpress comment form, using the jQuery validation plugin.",700,22597,100,1,"2010-04-25T19:52:00.000Z","2.9.2","2.0.0",[56,21,57],"client-side","validation","http:\u002F\u002Fbassistance.de\u002Fwordpress-plugin-comment-validation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-validation.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":51,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":78,"download_link":79,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"most-popular-posts","Most Popular Posts","1.6.2","wesg","https:\u002F\u002Fprofiles.wordpress.org\u002Fwesg\u002F","\u003Cp>Most Popular Posts is a basic widget for your sidebar that creates a list of links to the top posts on your blog according to the number of comments on the post. You can customize many aspects of the plugin to fit in your blog.\u003C\u002Fp>\n\u003Cp>Updates include including and excluding categories, reverse the order of comments and incorporation of WordPress widget standards.\u003C\u002Fp>\n\u003Cp>For a complete list of the changes from each version, please visit \u003Ca href=\"http:\u002F\u002Fwww.wesg.ca\u002F2008\u002F08\u002Fwordpress-widget-most-popular\u002F#changelog\" rel=\"nofollow ugc\">the plugin homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For examples and tips on using the plugin, please check \u003Ca href=\"http:\u002F\u002Fwww.wesg.ca\u002F2008\u002F08\u002Fwordpress-widget-most-popular\u002F#examples\" rel=\"nofollow ugc\">the examples\u003C\u002Fa> on the plugin homepage.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Used exclusively as a widget at the current time.\u003C\u002Fp>\n","This is a very simple widget that displays a link to the top commented posts on your blog.",300,51171,40,"2013-02-14T04:23:00.000Z","3.5.2","2.8",[21,75,76,77],"most-popular","sidebar","widget","http:\u002F\u002Fwww.wesg.ca\u002F2008\u002F08\u002Fwordpress-widget-most-popular\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmost-popular-posts.1.6.2.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":50,"num_ratings":34,"last_updated":90,"tested_up_to":91,"requires_at_least":73,"requires_php":18,"tags":92,"homepage":95,"download_link":96,"security_score":50,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"top-commentators-widget","Top Commentators Widget","1.7","Lorna Timbah","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebgrrrl\u002F","\u003Cp>This plugin creates a widget to show the top commentators in your WP site. Always go back to the Widget settings after each version update to Save your settings. Demo can be found at http:\u002F\u002Fdemo.webgrrrl.net\u003C\u002Fp>\n\u003Cp>The Top Commentators Widget plugin is adapted from Show Top Commentators plugin at Personal Financial Advice, this widget is easier to manage via the control form (no need to edit the PHP file); additional options are also available to make it more flexible. Read the FAQ section on how to customize the widget. Read the Changelog as well as http:\u002F\u002Fwebgrrrl.net\u002Ftags\u002Ftcw for the latest news on this widget.\u003C\u002Fp>\n\u003Cp>This widget is extensively tested with the following settings: Google Chrome 13.0.782.215 m, PHP 5.2.13, Apache 2.2.15 (Win32), MySQL 5.0.51a, WordPress 3.2.1. Further testing and bug report on this widget is greatly welcomed and appreciated.\u003C\u002Fp>\n","Adds a sidebar widget to show the top commentators in your WP site. Demo: http:\u002F\u002Fdemo.webgrrrl.net",200,156118,"2025-12-20T13:00:00.000Z","6.6.5",[21,93,94,76,77],"gravatar","seo","http:\u002F\u002Fwebgrrrl.net\u002Farchives\u002Fmy-top-commentators-widget-quick-dirty.htm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-commentators-widget.1.7.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":50,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":18,"download_link":113,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"disqus-recent-comments-widget","Disqus Recent Comments Widget","1.2","Andrew Bartel","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrew-bartel\u002F","\u003Cp>The Disqus Recent Comments Widget plugin will create a configurable widget that will allow you to display comments in any widgetized area of your theme like sidebars and footers.\u003C\u002Fp>\n\u003Cp>You can customize the comment length and date format, filter users and choose from three different markup templates, among other things.  The plugin has full support for custom markup defined with register_sidebars() and should integrate smoothly with most themes in the wp.org repository.\u003C\u002Fp>\n\u003Cp>We try to be very proactive and responsive with support.  So, if you have any issues, please post in the support forums and we’ll do our best to resolve your issue promptly.\u003C\u002Fp>\n\u003Cp>You can follow development here: https:\u002F\u002Fgithub.com\u002Fandrewbartel\u002FDisqus_Recent_Comments\u003C\u002Fp>\n","Disqus has dropped support for their recent comments widget.  This plugin creates a configurable widget that will display your latest Disqus comments.",25244,86,7,"2014-09-22T01:54:00.000Z","4.0.38","3.4.1",[21,112,76,77],"disqus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisqus-recent-comments-widget.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":50,"downloaded":122,"rating":123,"num_ratings":14,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":18,"tags":127,"homepage":130,"download_link":131,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"os-emi-calculator","EMI Calculator","1.0","vkt005","https:\u002F\u002Fprofiles.wordpress.org\u002Fvkt005\u002F","\u003Cp>Use EMI calculator as shortcode in post content or widget area without editing your theme files\u003C\u002Fp>\n\u003Cp>USAGE:\u003Cbr \u002F>\nUse [emicalc format=”full”][\u002Femicalc] OR [emicalc format=”sidebar”][\u002Femicalc] shortcode in your post content to show the EMI calculator without editing your theme files\u003Cbr \u002F>\nEXAMPLE:\u003Cbr \u002F>\n[emicalc format=”full”][\u002Femicalc] OR\u003Cbr \u002F>\nOR\u003Cbr \u002F>\n[emicalc format=”sidebar”][\u002Femicalc]\u003C\u002Fp>\n","Use EMI calculator as shortcode in post content or widget area without editing your theme files",7357,74,"2014-02-28T06:05:00.000Z","3.7.41","2.0.5",[128,21,129,76,77],"calculator","match","http:\u002F\u002Fopensum.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fos-emi-calculator.zip",{"attackSurface":133,"codeSignals":190,"taintFlows":204,"riskAssessment":230,"analyzedAt":243},{"hooks":134,"ajaxHandlers":171,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":189,"unprotectedCount":34},[135,141,144,148,153,157,161,164,169],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_enqueue_scripts","enqueue_admin_styles","admin\\class-wp-side-comments-admin.php",48,{"type":136,"name":137,"callback":142,"file":139,"line":143},"enqueue_admin_scripts",49,{"type":136,"name":145,"callback":146,"file":139,"line":147},"admin_menu","add_plugin_admin_menu",52,{"type":136,"name":149,"callback":150,"file":151,"line":152},"init","load_plugin_textdomain","public\\class-wp-side-comments.php",55,{"type":136,"name":154,"callback":155,"file":151,"line":156},"wpmu_new_blog","activate_new_site",58,{"type":136,"name":158,"callback":159,"file":151,"line":160},"wp_enqueue_scripts","enqueue_styles",61,{"type":136,"name":158,"callback":162,"file":151,"line":163},"enqueue_scripts",62,{"type":136,"name":165,"callback":166,"file":167,"line":168},"plugins_loaded","get_instance","wp-side-comments.php",43,{"type":136,"name":165,"callback":166,"file":167,"line":170},51,[172,178,180,184],{"action":173,"nopriv":174,"callback":175,"hasNonce":176,"hasCapCheck":174,"file":151,"line":177},"addWPSideComment",false,"add_comment",true,67,{"action":173,"nopriv":176,"callback":175,"hasNonce":176,"hasCapCheck":174,"file":151,"line":179},68,{"action":181,"nopriv":174,"callback":182,"hasNonce":174,"hasCapCheck":174,"file":151,"line":183},"removeWPSideComment","remove_comment",69,{"action":181,"nopriv":176,"callback":182,"hasNonce":174,"hasCapCheck":174,"file":151,"line":185},70,[],[],[],4,{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":198,"fileOperations":27,"externalRequests":27,"nonceChecks":34,"capabilityChecks":27,"bundledLibraries":203},[],{"prepared":14,"raw":51,"locations":193},[194],{"file":195,"line":196,"context":197},"uninstall.php",21,"$wpdb->get_results() with variable interpolation",{"escaped":34,"rawEcho":51,"locations":199},[200],{"file":151,"line":201,"context":202},342,"raw output",[],[205,222],{"entryPoint":206,"graph":207,"unsanitizedCount":27,"severity":221},"add_comment (public\\class-wp-side-comments.php:310)",{"nodes":208,"edges":219},[209,214],{"id":210,"type":211,"label":212,"file":151,"line":213},"n0","source","$_SERVER",333,{"id":215,"type":216,"label":217,"file":151,"line":201,"wp_function":218},"n1","sink","echo() [XSS]","echo",[220],{"from":210,"to":215,"sanitized":176},"low",{"entryPoint":223,"graph":224,"unsanitizedCount":27,"severity":221},"\u003Cclass-wp-side-comments> (public\\class-wp-side-comments.php:0)",{"nodes":225,"edges":228},[226,227],{"id":210,"type":211,"label":212,"file":151,"line":213},{"id":215,"type":216,"label":217,"file":151,"line":201,"wp_function":218},[229],{"from":210,"to":215,"sanitized":176},{"summary":231,"deductions":232},"The \"wp-side-comments\" v1.0.5 plugin demonstrates some good security practices, including a lack of critical code signals like dangerous functions, file operations, or external HTTP requests. The use of prepared statements for SQL queries is also a positive sign, with 75% of them being prepared. However, the plugin has significant security concerns regarding its attack surface.  Out of 4 AJAX handlers, 2 lack authentication checks, presenting a direct entry point for unauthenticated attackers to potentially exploit. The absence of capability checks further exacerbates this risk, as it implies these unprotected AJAX handlers might be accessible to any user, regardless of their role or permissions.\n\nThe taint analysis shows no unsanitized paths or critical\u002Fhigh severity flows, which is a strong indicator of secure data handling within the analyzed code.  The vulnerability history is also completely clean, with no recorded CVEs. This suggests that the plugin has either been consistently developed with security in mind or has not yet been a target for significant vulnerability research.  Despite the clean history and lack of critical taint flows, the two unprotected AJAX handlers represent a tangible and immediate risk that needs to be addressed. The plugin's overall security posture is therefore mixed, with some excellent foundational security practices undermined by an exposed and potentially vulnerable attack surface.",[233,235,238,241],{"reason":234,"points":11},"Unprotected AJAX handlers",{"reason":236,"points":237},"Missing capability checks on AJAX",8,{"reason":239,"points":240},"Low output escaping coverage",5,{"reason":242,"points":14},"SQL queries without prepared statements (25%)","2026-03-16T23:49:26.968Z",{"wat":245,"direct":254},{"assetPaths":246,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[247,248],"\u002Fwp-content\u002Fplugins\u002Fwp-side-comments\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-side-comments\u002Fassets\u002Fjs\u002Fsidecomment.js",[],[248],[252,253],"wp-side-comments\u002Fassets\u002Fcss\u002Fstyle.css?ver=","wp-side-comments\u002Fassets\u002Fjs\u002Fsidecomment.js?ver=",{"cssClasses":255,"htmlComments":264,"htmlAttributes":265,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":271},[256,257,258,259,260,261,262,263],"wpsc_comments","wpsc_wrapper","wpsc_comment_item","wpsc_comment_content","wpsc_comment_meta","wpsc_comment_author","wpsc_comment_date","wpsc_comment_actions",[],[266,267],"data-content-selector","data-comment-selector",[],[270],"WP_Side_Comments",[],{"error":176,"url":273,"statusCode":274,"statusMessage":275,"message":275},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-side-comments\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":189,"versions":277},[278,283,290,297],{"version":6,"download_url":25,"svn_tag_url":279,"released_at":28,"has_diff":174,"diff_files_changed":280,"diff_lines":28,"trac_diff_url":281,"vulnerabilities":282,"is_current":176},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-side-comments\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-side-comments%2Ftags%2F1.0.4&new_path=%2Fwp-side-comments%2Ftags%2F1.0.5",[],{"version":284,"download_url":285,"svn_tag_url":286,"released_at":28,"has_diff":174,"diff_files_changed":287,"diff_lines":28,"trac_diff_url":288,"vulnerabilities":289,"is_current":174},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-side-comments.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-side-comments\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-side-comments%2Ftags%2F1.0.3&new_path=%2Fwp-side-comments%2Ftags%2F1.0.4",[],{"version":291,"download_url":292,"svn_tag_url":293,"released_at":28,"has_diff":174,"diff_files_changed":294,"diff_lines":28,"trac_diff_url":295,"vulnerabilities":296,"is_current":174},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-side-comments.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-side-comments\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-side-comments%2Ftags%2F1.0.2&new_path=%2Fwp-side-comments%2Ftags%2F1.0.3",[],{"version":298,"download_url":299,"svn_tag_url":300,"released_at":28,"has_diff":174,"diff_files_changed":301,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":302,"is_current":174},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-side-comments.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-side-comments\u002Ftags\u002F1.0.2\u002F",[],[]]