[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCoSgixbJNXOwR5KgscKLoZ8jtlizuVHK5FC9MaWlfEQ":3,"$fkGQX8AKz5kCqs1U8OjUAaqBae-khS9G6aqmDTKiSzhA":341,"$f6TGPZFfg5ZSFNy__bf5NwiBJdogPhKRr2-LhXqEaLfQ":346},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":39,"analysis":131,"fingerprints":322},"wp-statusnet","WP-Status.net","1.4.2","Xavier Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreasbylund\u002F","\u003Cp>Every time you make a new blog post this plugin will post a status update to the Status.net servers and Twitter accounts\u003Cbr \u002F>\nyou have specified. You can set as many acounts on as many servers you like. You can even have the plugin to post to\u003Cbr \u002F>\ndifferent account on the same \u003Ca href=\"http:\u002F\u002Fstatus.net\" rel=\"nofollow ugc\">Status.net\u003C\u002Fa> server.\u003C\u002Fp>\n\u003Cp>The links to your blog can be shortened by one of seven different link shortener services like TinyURL.com.\u003C\u002Fp>\n","Posts your blog posts to one or multiple Status.net servers and even to Twitter",10,10352,0,"2012-01-26T19:18:00.000Z","3.3.2","2.7.0","",[19,20,21,22,23],"identica","oauth","status-updates","status-net","twitter","http:\u002F\u002Fwww.xaviermedia.com\u002Fwordpress\u002Fplugins\u002Fwp-status-net.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-statusnet.1.4.2.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"andreasbylund",3,70,78,30,79,"2026-05-20T01:26:09.634Z",[40,60,81,96,114],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":33,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":17,"tags":54,"homepage":58,"download_link":59,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"postmatic-social-commenting","Postmatic Social Commenting","1.1.1","Postmatic","https:\u002F\u002Fprofiles.wordpress.org\u002Fvernal\u002F","\u003Cp>Postmatic Social Commenting takes a lighter weight approach than traditional Social Login plugins.\u003C\u002Fp>\n\u003Ch4>The big difference\u003C\u002Fh4>\n\u003Cp>No WordPress users are created. Nobody is logged in. This is not social \u003Cem>login\u003C\u002Fem>, it is social \u003Cem>commenting\u003C\u002Fem>. That means it is simple, lean, and whoopingly fast.\u003C\u002Fp>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Users click the social network icon of their choice when they want to leave a comment.\u003C\u002Fli>\n\u003Cli>The social network asks their permission to share their name, profile image, and email address with your site.\u003C\u002Fli>\n\u003Cli>If they agree a standard WordPress cookie is added to their browser and the comment form is ready for their reply. When they return to your site they are already authorized. Nice.\u003C\u002Fli>\n\u003C\u002Ful>\n","A tiny, fast, and convenient way to let your readers comment using their social profiles.",50,9907,86,"2016-03-11T02:16:00.000Z","4.4.34","3.0",[55,20,56,57,23],"facebook","social","social-login","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpostmatic-social\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmatic-social-commenting.1.1.1.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":79,"download_link":80,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"tweets-widget","Tweets Widget","1.0","fossasia","https:\u002F\u002Fprofiles.wordpress.org\u002Ffossasia\u002F","\u003Cp>Use anonymous Loklak API OR Connect your Twitter account to this plugin and the widget will display your latest tweets on your site.\u003C\u002Fp>\n\u003Cp>This plugin is compatible with the new \u003Cstrong>Twitter API 1.1\u003C\u002Fstrong> and provides full \u003Cstrong>OAuth\u003C\u002Fstrong> authentication via the WordPress admin area.\u003C\u002Fp>\n\u003Ch3>Shortcodes\u003C\u002Fh3>\n\u003Cp>You can embed tweets in the body of your posts using a WordPress the shortcode \u003Ccode>[tweets]\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>To specify a different user’s timeline add the \u003Ccode>user\u003C\u002Fcode> attribute.\u003Cbr \u002F>\nTo override the default number of 5 tweets add the \u003Ccode>max\u003C\u002Fcode> attribute, e.g:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[tweets max=10 user=KhoslaSopan]\u003Ch3>Theming\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For starters you can alter some of the HTML using built-in WordPress features.\u003Cbr \u002F>\nSee \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FFilter_Reference#Widgets\" rel=\"nofollow ugc\">Widget Filters\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FWidgetizing_Themes\" rel=\"nofollow ugc\">Widgetizing Themes\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>CSS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin contains no default CSS. That’s deliberate, so you can style it how you want.\u003C\u002Fp>\n\u003Cp>Tweets are rendered as a list which has various hooks you can use. Here’s a rough template:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>.tweets {\n    \u002F* style tweet list wrapper *\u002F\n}\n.tweets h3 {\n    \u002F* style whatever you did with the header *\u002F\n}\n.tweets ul { \n    \u002F* style tweet list*\u002F\n}\n.tweets li {\n   \u002F* style tweet item *\u002F\n}\n.tweets .tweet-text {\n   \u002F* style main tweet text *\u002F\n}\n.tweets .tweet-text a {\n   \u002F* style links, hashtags and mentions *\u002F\n}\n.tweets .tweet-text .emoji {\n  \u002F* style embedded emoji image in tweet *\u002F \n}\n.tweets .tweet-details {\n  \u002F* style datetime and link under tweet *\u002F\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Custom HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you want to override the default markup of the tweets, the following filters are also available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a header between the widget title and the tweets with \u003Ccode>tweets_render_before\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Perform your own rendering of the timestamp with \u003Ccode>tweets_render_date\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Render plain tweet text to your own HTML with \u003Ccode>tweets_render_text\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Render each composite tweet with \u003Ccode>tweets_render_tweet\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Override the unordered list for tweets with \u003Ccode>tweets_render_list\u003C\u002Fcode> \u003C\u002Fli>\n\u003Cli>Add a footer before the end of the widget with \u003Ccode>tweets_render_after\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s an \u003Cstrong>example\u003C\u002Fstrong> of using some of the above in your theme’s functions.php file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_render_date', function( $created_at ){\n    $date = DateTime::createFromFormat('D M d H:i:s O Y', $created_at );\n    return $date->format('d M h:ia');\n}, 10 , 1 );\n\nadd_filter('tweets_render_text', function( $text ){\n    return $text; \u002F\u002F \u003C- will use default\n}, 10 , 1 );\n\nadd_filter('tweets_render_tweet', function( $html, $date, $link, array $tweet ){\n    $pic = $tweet['user']['profile_image_url_https'];\n    return '\u003Cp class=\"my-tweet\">\u003Cimg src=\"'.$pic.'\"\u002F>'.$html.'\u003C\u002Fp>\u003Cp class=\"my-date\">\u003Ca href=\"'.$link.'\">'.$date.'\u003C\u002Fa>\u003C\u002Fp>';\n}, 10, 4 );\n\nadd_filter('tweets_render_after', function(){\n    return '\u003Cfooter>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fme\">More from me\u003C\u002Fa>\u003C\u002Ffooter>';\n}, 10, 0 );\u003Ch3>Caching\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Responses from the Twitter API are cached for 5 minutes by default. This means your new Tweets will not appear on your site in real time.\u003C\u002Fp>\n\u003Cp>This is deliberate not only for performance, but also to avoid Twitter’s strict rate limits of 15 requests every 15 minutes.\u003C\u002Fp>\n\u003Cp>You can override the 300 second cache by using the \u003Ccode>tweets_cache_seconds\u003C\u002Fcode> filter in your theme as follows:\u003C\u002Fp>\n\u003Cp>This would extend the cache to 1 minute, which is the lowest value you should consider using on a live site:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_cache_seconds', function( $ttl ){\n    return 60;\n}, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would disable the cache (not recommended other than for debugging):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_cache_seconds', function( $ttl ){\n    return 0;\n}, 10, 1 );\u003Ch3>Emoji\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you want to disable Emoji image replacement, you can filter the replacement callback function to something empty, e.g:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('tweets_emoji_callback', function( $func ){\n    return '';\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\n\u003Cp>or to strip Emoji characters from all tweets, return your own replacement function that returns something else, e.g:\u003C\u002Fp>\n\u003Cp>add_filter(‘tweets_emoji_callback’, function( $func ){\u003Cbr \u002F>\n    return function( array $match ){\u003Cbr \u002F>\n        return ‘\u003C!-- removed emoji -->‘;\u003Cbr \u002F>\n    };\u003Cbr \u002F>\n} );\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Screenshot taken with permission from http:\u002F\u002Fstayingalivefoundation.org\u002Fblog\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Portuguese translations by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fleandrodimitrio\" rel=\"ugc\">Leandro Dimitrio\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>German translations by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FFlorianFelsing\" rel=\"nofollow ugc\">Florian Felsing\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fdavid_noh\" rel=\"ugc\">David Noh\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian translations by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FYakovenkoAndrey\" rel=\"nofollow ugc\">Andrey Yakovenko\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Dutch translations by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fdwichers\" rel=\"nofollow ugc\">Daniel Wichers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish translations by \u003Ca href=\"http:\u002F\u002Fminimizo.com\" rel=\"nofollow ugc\">Pedro Pica\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>Be aware of \u003Ca href=\"https:\u002F\u002Fdev.twitter.com\u002Fterms\u002Fdisplay-requirements\" rel=\"nofollow ugc\">Twitter’s display requirements\u003C\u002Fa> when rendering tweets on your website.\u003C\u002Fp>\n\u003Cp>Example code here uses PHP \u003Ca href=\"http:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fclass.closure.php\" rel=\"nofollow ugc\">closures\u003C\u002Fa> which require PHP>=5.3.0 and won’t work on older systems.\u003C\u002Fp>\n","Tweets Widget compatible with the new Twitter API 1.1",20,2633,100,1,"2016-08-29T13:28:00.000Z","4.5.33","3.5.1",[76,77,20,78,23],"loklak","loklak-api","tweets","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftweets-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftweets-widget.1.0.1.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":13,"num_ratings":13,"last_updated":90,"tested_up_to":15,"requires_at_least":53,"requires_php":17,"tags":91,"homepage":17,"download_link":95,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"tp","TP – TweetPress","1.4","Louy Alakkad","https:\u002F\u002Fprofiles.wordpress.org\u002Flouyx\u002F","\u003Cp>TweetPress, gives you all the tools you need to integrate your wordpress and twitter, including “Login with Twitter” and “Comment via Twitter”…\u003Cbr \u002F>\nhighly customizable and easy to use.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow your visitors to comment using their twitter ids\u003C\u002Fli>\n\u003Cli>Adds a tweet button to your posts, so your visitors can share your content.\u003C\u002Fli>\n\u003Cli>Allow your blog users to sign in with their twitter ids. one click signin!\u003C\u002Fli>\n\u003Cli>Automatically publish new posts to a twitter account.\u003C\u002Fli>\n\u003Cli>Easily customizable by theme authors.\u003C\u002Fli>\n\u003Cli>Add a follow button to your blog\u003C\u002Fli>\n\u003C\u002Ful>\n","All the tools you need to integrate your wordpress and twitter.",13837,"2013-07-26T22:48:00.000Z",[92,20,93,94,23],"login","tweet","tweetbutton","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftp.1.4.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":11,"downloaded":104,"rating":13,"num_ratings":13,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":112,"download_link":113,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"twitter-list-widget","Twitter List Widget","0.2","yorik","https:\u002F\u002Fprofiles.wordpress.org\u002Fyorik\u002F","\u003Cp>This plugin allows to place widgets on your sidebars, that fetch the contents of one or more RSS feeds, combine them by date if there is more than one, and display their contents in a twitter-like manner, that is, a list of texts, where links, @someone and #something are turned into links.\u003C\u002Fp>\n\u003Cp>Use it typically to condense several twitter feeds into one, or to display any other feed that follows twitter syntax, such as identi.ca\u003C\u002Fp>\n","This plugin allows to place widgets on your sidebars, that fetch the contents of one or more RSS feeds, combine them by date if there is more than one &hellip;",2491,"2009-12-09T16:35:00.000Z","2.8.5","2.8.4",[109,19,110,111,23],"feed","list","rss","http:\u002F\u002Fyorik.uncreated.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwitter-list-widget.zip",{"slug":115,"name":116,"version":63,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":70,"num_ratings":71,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":17,"tags":125,"homepage":129,"download_link":130,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"u-tweets","U-Tweets","Ultimatum Theme","https:\u002F\u002Fprofiles.wordpress.org\u002Fultimatumtheme\u002F","\u003Ch4>U-Tweets\u003C\u002Fh4>\n\u003Cp>U-Tweets is a very easy to use plugin to display your needed tweets feeds on your web site. It is powered with Twitter’s OAuth\u003Cbr \u002F>\nprotocol and ajax.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works with Twitter API v1.1.\u003C\u002Fli>\n\u003Cli>Easily configurable.\u003C\u002Fli>\n\u003Cli>Supports OAuth Token Authentication (via Twitter App)\u003C\u002Fli>\n\u003Cli>Ajax powered (Tweets refresh live)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>You may also contribute to the plugin yourself on Github. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fultimatumtheme\u002Futweets\" rel=\"nofollow ugc\">Get involved!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you are having issues, set $debug = true; in lib\u002Ftweets.php. Errors \u003Cem>should\u003C\u002Fem> be logged to the JS console on execution.\u003C\u002Fp>\n\u003Cp>If you still can’t figure it out, feel free to submit an issue on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fultimatumtheme\u002Futweets\" rel=\"nofollow ugc\">github page of the plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Unfortunately, We can not guarantee any support for this. We will, however, provide help and support within the constraints of our schedule.\u003C\u002Fp>\n","U-Tweets is a simple to use WordPress Plugin powered with Twitter OAuth API to display tweets.",2241,"2013-06-23T11:27:00.000Z","3.5.2","3.0.1",[126,78,23,127,128],"hash-tags","twitter-oauth","twitter-widget","http:\u002F\u002Fultimatumtheme.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fu-tweets.zip",{"attackSurface":132,"codeSignals":153,"taintFlows":247,"riskAssessment":304,"analyzedAt":321},{"hooks":133,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":13,"unprotectedCount":13},[134,140,145],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","publish_post","wpstatusnet_poststatus","wp-status-net.php",11,{"type":135,"name":141,"callback":142,"priority":143,"file":138,"line":144},"comment_form","wpstatusnet_commentform",5,12,{"type":135,"name":146,"callback":147,"file":138,"line":148},"admin_menu","wpstatusnet_addoption",938,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":167,"outputEscaping":169,"fileOperations":245,"externalRequests":33,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":246},[155,159,163,165],{"fn":156,"file":138,"line":157,"context":158},"preg_replace(\u002Fe)",387,"preg_replace('\u002F[A-Z]|[0-9]+\u002Fe'",{"fn":160,"file":138,"line":161,"context":162},"unserialize",521,"$options = unserialize($opt);",{"fn":160,"file":138,"line":164,"context":162},687,{"fn":160,"file":138,"line":166,"context":162},782,{"prepared":13,"raw":13,"locations":168},[],{"escaped":71,"rawEcho":170,"locations":171},61,[172,175,177,179,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,219,220,221,223,224,225,227,228,229,230,231,232,234,235,236,237,238,239,241,242,244],{"file":138,"line":173,"context":174},798,"raw output",{"file":138,"line":176,"context":174},838,{"file":138,"line":178,"context":174},839,{"file":138,"line":180,"context":174},908,{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":180,"context":174},{"file":138,"line":201,"context":174},909,{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":201,"context":174},{"file":138,"line":218,"context":174},911,{"file":138,"line":218,"context":174},{"file":138,"line":218,"context":174},{"file":138,"line":222,"context":174},912,{"file":138,"line":222,"context":174},{"file":138,"line":222,"context":174},{"file":138,"line":226,"context":174},913,{"file":138,"line":226,"context":174},{"file":138,"line":226,"context":174},{"file":138,"line":226,"context":174},{"file":138,"line":226,"context":174},{"file":138,"line":226,"context":174},{"file":138,"line":233,"context":174},914,{"file":138,"line":233,"context":174},{"file":138,"line":233,"context":174},{"file":138,"line":233,"context":174},{"file":138,"line":233,"context":174},{"file":138,"line":233,"context":174},{"file":138,"line":240,"context":174},915,{"file":138,"line":240,"context":174},{"file":138,"line":243,"context":174},916,{"file":138,"line":243,"context":174},7,[],[248,287],{"entryPoint":249,"graph":250,"unsanitizedCount":143,"severity":286},"wpstatusnet_options (wp-status-net.php:700)",{"nodes":251,"edges":280},[252,257,263,265,268,271,275,278],{"id":253,"type":254,"label":255,"file":138,"line":256},"n0","source","$_REQUEST",709,{"id":258,"type":259,"label":260,"file":138,"line":261,"wp_function":262},"n1","sink","update_option() [Settings Manipulation]",777,"update_option",{"id":264,"type":254,"label":255,"file":138,"line":256},"n2",{"id":266,"type":259,"label":267,"file":138,"line":166,"wp_function":160},"n3","unserialize() [Object Injection]",{"id":269,"type":254,"label":270,"file":138,"line":173},"n4","$_SERVER['REQUEST_URI']",{"id":272,"type":259,"label":273,"file":138,"line":173,"wp_function":274},"n5","echo() [XSS]","echo",{"id":276,"type":254,"label":277,"file":138,"line":256},"n6","$_REQUEST (x2)",{"id":279,"type":259,"label":273,"file":138,"line":176,"wp_function":274},"n7",[281,283,284,285],{"from":253,"to":258,"sanitized":282},false,{"from":264,"to":266,"sanitized":282},{"from":269,"to":272,"sanitized":282},{"from":276,"to":279,"sanitized":282},"high",{"entryPoint":288,"graph":289,"unsanitizedCount":143,"severity":286},"\u003Cwp-status-net> (wp-status-net.php:0)",{"nodes":290,"edges":299},[291,292,293,294,295,296,297,298],{"id":253,"type":254,"label":255,"file":138,"line":256},{"id":258,"type":259,"label":260,"file":138,"line":261,"wp_function":262},{"id":264,"type":254,"label":255,"file":138,"line":256},{"id":266,"type":259,"label":267,"file":138,"line":166,"wp_function":160},{"id":269,"type":254,"label":270,"file":138,"line":173},{"id":272,"type":259,"label":273,"file":138,"line":173,"wp_function":274},{"id":276,"type":254,"label":277,"file":138,"line":256},{"id":279,"type":259,"label":273,"file":138,"line":176,"wp_function":274},[300,301,302,303],{"from":253,"to":258,"sanitized":282},{"from":264,"to":266,"sanitized":282},{"from":269,"to":272,"sanitized":282},{"from":276,"to":279,"sanitized":282},{"summary":305,"deductions":306},"The \"wp-statusnet\" v1.4.2 plugin exhibits a mixed security posture, with some strong practices alongside significant areas of concern. On the positive side, the plugin has a completely clean vulnerability history, with no known CVEs. Furthermore, all SQL queries utilize prepared statements, and there are no bundled libraries, which are excellent security practices.  However, the static analysis reveals several critical weaknesses.  The plugin employs dangerous functions like `preg_replace` with the `\u002Fe` modifier and `unserialize`, which are notorious for leading to remote code execution vulnerabilities if not handled with extreme care.  The taint analysis confirms this by identifying two flows with unsanitized paths, both flagged as high severity.  The lack of any nonce checks or capability checks on potential entry points, even though the attack surface appears small (0 AJAX, 0 REST API, etc.), is a major oversight.  This, combined with the extremely low percentage of properly escaped output (2%), creates a substantial risk of cross-site scripting (XSS) and other injection attacks if any of the identified unsanitized paths are ever reachable by user input. The absence of any recorded vulnerabilities in the past might be misleading; it could indicate either very thorough past code reviews, a lack of public disclosure, or simply that the existing vulnerabilities haven't been exploited or discovered yet.  Given the presence of dangerous functions and unsanitized taint flows, alongside a complete lack of authentication and authorization checks on entry points and poor output escaping, the plugin's current security posture is concerning.",[307,310,312,314,316,319],{"reason":308,"points":309},"High severity unsanitized taint flows detected",15,{"reason":311,"points":309},"Use of dangerous functions (preg_replace(\u002Fe), unserialize)",{"reason":313,"points":11},"No nonce checks detected",{"reason":315,"points":11},"No capability checks detected",{"reason":317,"points":318},"Very low percentage of properly escaped output",8,{"reason":320,"points":143},"Unsanitized paths in taint analysis","2026-04-16T12:56:40.479Z",{"wat":323,"direct":333},{"assetPaths":324,"generatorPatterns":327,"scriptPaths":328,"versionParams":330},[325,326],"\u002Fwp-content\u002Fplugins\u002Fwp-statusnet\u002Fwp-statusnet.css","\u002Fwp-content\u002Fplugins\u002Fwp-status-net\u002Fwp-statusnet.js",[],[329],"\u002Fwp-content\u002Fplugins\u002Fwp-statusnet\u002Fwp-statusnet.js",[331,332],"wp-statusnet\u002Fwp-statusnet.css?ver=","wp-statusnet\u002Fwp-statusnet.js?ver=",{"cssClasses":334,"htmlComments":335,"htmlAttributes":336,"restEndpoints":337,"jsGlobals":338,"shortcodeOutput":340},[],[],[],[],[339],"wp_statusnet_opt_in",[],{"error":342,"url":343,"statusCode":344,"statusMessage":345,"message":345},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fwp-statusnet\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":347,"versions":348},4,[349,354,361,368],{"version":6,"download_url":25,"svn_tag_url":350,"released_at":27,"has_diff":282,"diff_files_changed":351,"diff_lines":27,"trac_diff_url":352,"vulnerabilities":353,"is_current":342},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-statusnet\u002Ftags\u002F1.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-statusnet%2Ftags%2F1.4.0&new_path=%2Fwp-statusnet%2Ftags%2F1.4.2",[],{"version":355,"download_url":356,"svn_tag_url":357,"released_at":27,"has_diff":282,"diff_files_changed":358,"diff_lines":27,"trac_diff_url":359,"vulnerabilities":360,"is_current":282},"1.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-statusnet.1.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-statusnet\u002Ftags\u002F1.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-statusnet%2Ftags%2F1.3.1&new_path=%2Fwp-statusnet%2Ftags%2F1.4.0",[],{"version":362,"download_url":363,"svn_tag_url":364,"released_at":27,"has_diff":282,"diff_files_changed":365,"diff_lines":27,"trac_diff_url":366,"vulnerabilities":367,"is_current":282},"1.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-statusnet.1.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-statusnet\u002Ftags\u002F1.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fwp-statusnet%2Ftags%2F1.3&new_path=%2Fwp-statusnet%2Ftags%2F1.3.1",[],{"version":369,"download_url":370,"svn_tag_url":371,"released_at":27,"has_diff":282,"diff_files_changed":372,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":373,"is_current":282},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-statusnet.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwp-statusnet\u002Ftags\u002F1.3\u002F",[],[]]