[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXGQUWep-_7YIYLqtGFsFZughaa3aZPD-FfwrGrEBUE4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":13,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":71,"crawl_stats":35,"alternatives":78,"analysis":180,"fingerprints":397},"wp-vipergb","WP-ViperGB","1.6.2","JK","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustin_k\u002F","\u003Cp>WP-ViperGB is a WordPress plugin designed to replicate the appearance and behavior of the discontinued \u003Ca href=\"http:\u002F\u002Fwww.vipergb.de.vu\u002F\" rel=\"nofollow ugc\">Viper Guestbook\u003C\u002Fa> project. It makes it easy to add a stylish and user-friendly guestbook to your blog.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create user-friendly guestbooks without writing a single line of code.\u003C\u002Fli>\n\u003Cli>Lives in a standard WordPress page and uses comments for entries, so moderation and antispam functionality works as normal.\u003C\u002Fli>\n\u003Cli>Two-View layout provides one view for submitting entries and another for reading them.\u003C\u002Fli>\n\u003Cli>Automatic paging of entries to customizable length.\u003C\u002Fli>\n\u003Cli>Show icons for country, browser, and OS in visitor signatures.\u003C\u002Fli>\n\u003Cli>Admin-panel stylesheet selector allows easy skinning to suit your theme.\u003C\u002Fli>\n\u003Cli>No bloat: Uses existing WordPress faculties so no custom database tables are required.\u003C\u002Fli>\n\u003Cli>Simple PHP template function allows programmers to manually embed standalone guestbooks in any template they wish.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a Demo, see the \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb#demo\" rel=\"nofollow ugc\">plugin’s homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donate\u003C\u002Fh3>\n\u003Cp>Many hours have gone into developing & maintaining this plugin, far beyond my own personal needs. If you find it useful, \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb\u002F#donate\" rel=\"nofollow ugc\">a donation\u003C\u002Fa> would be greatly appreciated.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses standard WordPress comments for its entries – it is essentially a fancy whole-page comment form skin. It does not collect any data beyond that which would normally be included in standard WordPress comments. Please refer to the WordPress documentation for details on what information is stored with comments.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Please direct all support requests \u003Ca href=\"https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb#feedback\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Create a stylish and user-friendly Guestbook for your Wordpress blog.  Designed to replicate the appearance and behavior of Viper Guestbook.",400,92358,90,4,"2024-05-23T04:52:00.000Z","6.5.8","2.5","",[20,21,22],"guestbook","viper-guestbook","vipergb","https:\u002F\u002Fwww.justin-klein.com\u002Fprojects\u002Fwp-vipergb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-vipergb.1.6.2.zip",3,0,"2024-05-23 14:23:40","2026-03-15T15:16:48.613Z",[30,45,60],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2024-4409","wp-vipergb-cross-site-request-forgery","WP-ViperGB \u003C= 1.6.1 - Cross-Site Request Forgery","The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.6.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-05-24 02:31:03",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe86581bd-94c3-4b05-9590-ca3b62073703?source=api-prod",1,{"id":46,"url_slug":47,"title":48,"description":49,"plugin_slug":4,"theme_slug":35,"affected_versions":50,"patched_in_version":51,"severity":37,"cvss_score":52,"cvss_vector":53,"vuln_type":54,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2015-9356","viper-guestbook-cross-site-scripting","Viper GuestBook \u003C= 1.3.15 - Cross-Site Scripting","The Viper GuestBook plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping on a query arg. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C1.3.16","1.3.16",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2015-04-20 00:00:00","2024-01-22 19:56:02",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F39843d5b-702d-466d-9e17-ccf1c4444220?source=api-prod",3200,{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":35,"affected_versions":65,"patched_in_version":66,"severity":37,"cvss_score":52,"cvss_vector":53,"vuln_type":54,"published_date":67,"updated_date":56,"references":68,"days_to_patch":70},"CVE-2014-9460","wp-vipergb-cross-site-request-forgery-to-cross-site-scripting","WP-ViperGB \u003C= 1.3.10 - Cross-Site Request Forgery to Cross-Site Scripting","Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) vgb_page or (3) vgb_items_per_pg parameter in the wp-vipergb page to wp-admin\u002Foptions-general.php.","\u003C=1.3.10","1.3.11","2014-12-12 00:00:00",[69],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F30dda650-3262-4d22-bec7-b6de3bc25381?source=api-prod",3329,{"slug":72,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":73,"avg_security_score":74,"avg_patch_time_days":75,"trust_score":76,"computed_at":77},"justin_k",1900,78,1466,64,"2026-04-04T07:05:03.892Z",[79,105,122,142,160],{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":26,"last_vuln_date":104,"fetched_at":28},"gwolle-gb","Gwolle Guestbook","4.10.1","Marcel Pol","https:\u002F\u002Fprofiles.wordpress.org\u002Fmpol\u002F","\u003Cp>Gwolle Guestbook is the WordPress guestbook you’ve just been looking for. Beautiful and easy.\u003Cbr \u002F>\nGwolle Guestbook is not just another guestbook for WordPress. The goal is to provide an easy and slim way to integrate a guestbook into your WordPress powered site. Don’t use your ‘comment’ section the wrong way – install Gwolle Guestbook and have a real guestbook.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to use guestbook frontend with a simple form for visitors of your website.\u003C\u002Fli>\n\u003Cli>List of guestbook entries at the frontend with pagination or infinite scroll.\u003C\u002Fli>\n\u003Cli>Widget to display an excerpt of your last or your best entries.\u003C\u002Fli>\n\u003Cli>Simple and clean admin interface that integrates seamlessly into WordPress admin.\u003C\u002Fli>\n\u003Cli>Dashboard Widget to easily manage the latest entries from your Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Easy Import from other guestbooks into Gwolle Guestbook.\u003C\u002Fli>\n\u003Cli>Notification by mail when a new entry has been posted.\u003C\u002Fli>\n\u003Cli>Moderation, so that you can check an entry before it is visible in your guestbook (optional).\u003C\u002Fli>\n\u003Cli>7 anti-spam features, like Honeypot, Nonce, Form Timeout, Akismet, Stop Forum Spam and Custom Quiz Question.\u003C\u002Fli>\n\u003Cli>Simple Form Builder to select which form-fields you want to use.\u003C\u002Fli>\n\u003Cli>Simple Entry Builder with the parts of each entry that you want to show.\u003C\u002Fli>\n\u003Cli>Multiple guestbooks are possible.\u003C\u002Fli>\n\u003Cli>MultiSite is supported.\u003C\u002Fli>\n\u003Cli>Localization. Own languages can be added very easily through \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgwolle-gb\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Admins can add a reply to each entry.\u003C\u002Fli>\n\u003Cli>A log for each entry, so that you know which member of the staff released and edited a guestbook-entry to the public and when.\u003C\u002Fli>\n\u003Cli>IP-address and host-logging with link to WHOIS query site.\u003C\u002Fli>\n\u003Cli>RSS Feed.\u003C\u002Fli>\n\u003Cli>BBcode, Emoji and Smiley integration (optional).\u003C\u002Fli>\n\u003Cli>Easy uninstall routine for complete removal of all database changes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>… and all that integrated in the stylish WordPress look.\u003C\u002Fp>\n\u003Ch4>Import \u002F Export\u003C\u002Fh4>\n\u003Cp>You may have another guestbook installed. That’s great, because Gwolle Guestbook enables you to import entries easily.\u003Cbr \u002F>\nThe importer does not delete any of your data, so you can go back to your previous setup without loss of data, if you want to.\u003Cbr \u002F>\nTrying Gwolle Guestbook is as easy as 1-2-3.\u003C\u002Fp>\n\u003Cp>Import is supported from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>DMSGuestbook.\u003C\u002Fli>\n\u003Cli>WordPress comments from a specific post, page or just all comments.\u003C\u002Fli>\n\u003Cli>Gwolle Guestbook itself, with Export supported as well (CSV-file).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have a problem or a feature request, please post it on the plugin’s support forum on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fgwolle-gb\" rel=\"ugc\">wordpress.org\u003C\u002Fa>. I will do my best to respond as soon as possible.\u003C\u002Fp>\n\u003Cp>If you send me an email, I will not reply. Please use the support forum.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Translations can be added very easily through \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fgwolle-gb\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>.\u003Cbr \u002F>\nYou can start translating strings there for your locale. They need to be validated though, so if there’s no validator yet, and you want to apply for being validator (PTE), please post it on the support forum.\u003Cbr \u002F>\nI will make a request on make\u002Fpolyglots to have you added as validator for this plugin\u002Flocale.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>Check out the demo at \u003Ca href=\"https:\u002F\u002Fdemo.zenoweb.nl\u002Fwordpress-plugins\u002Fgwolle-gb\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.zenoweb.nl\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Add-On\u003C\u002Fh4>\n\u003Cp>Gwolle Guestbook: The Add-On is the add-on for Gwolle Guestbook that gives extra functionality for your guestbook.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Meta Fields. Add any field you want; company, phone number, you name it.\u003C\u002Fli>\n\u003Cli>Social Media Sharing (optional).\u003C\u002Fli>\n\u003Cli>Star Ratings, with voting and display and Rich Snippets for SEO (optional).\u003C\u002Fli>\n\u003Cli>Average star rating per guestbook.\u003C\u002Fli>\n\u003Cli>Like an entry and view likes for each entry.\u003C\u002Fli>\n\u003Cli>Preview for the frontend form.\u003C\u002Fli>\n\u003Cli>Preview for the admin editor form.\u003C\u002Fli>\n\u003Cli>Automatic Refresh of guestbook list with new entries.\u003C\u002Fli>\n\u003Cli>Admin reply on the frontend with AJAX.\u003C\u002Fli>\n\u003Cli>Edit content\u002Fauthor\u002Forigin of entry on the frontend with AJAX.\u003C\u002Fli>\n\u003Cli>Report Abuse.\u003C\u002Fli>\n\u003Cli>Easy String Replacement in the default text so you can make this guestbook into a review section or anything you want.\u003C\u002Fli>\n\u003Cli>Delete button in each entry for the moderator and author (optional).\u003C\u002Fli>\n\u003Cli>Permalink button in each entry for easy access (optional).\u003C\u002Fli>\n\u003Cli>Email button to contact each author (optional).\u003C\u002Fli>\n\u003Cli>Upload Images through the form. (Only for Author, Editor and Administrator with capability ‘gwolle_gb_upload_files’) (optional).\u003C\u002Fli>\n\u003Cli>Sitemap support for popular SEO\u002FSitemap plugins.\u003C\u002Fli>\n\u003Cli>Auto Anonymize timer (optional).\u003C\u002Fli>\n\u003Cli>Auto Delete timer (optional).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can buy the Add-On at \u003Ca href=\"https:\u002F\u002Fzenoweb.nl\u002Fdownloads\u002Fgwolle-guestbook-add-on\u002F\" rel=\"nofollow ugc\">ZenoWeb Webshop\u003C\u002Fa> for only 15 Euro.\u003C\u002Fp>\n\u003Ch4>Demo with Add-On\u003C\u002Fh4>\n\u003Cp>Check out the demo with the Add-On enabled at \u003Ca href=\"https:\u002F\u002Fdemo.zenoweb.nl\u002Fwordpress-plugins\u002Fgwolle-guestbook-the-add-on\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdemo.zenoweb.nl\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This plugin is compatible with \u003Ca href=\"https:\u002F\u002Fwww.classicpress.net\" rel=\"nofollow ugc\">ClassicPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>This plugin is also available in \u003Ca href=\"https:\u002F\u002Fcodeberg.org\u002Fcyclotouriste\u002Fgwolle-gb\" rel=\"nofollow ugc\">Codeberg\u003C\u002Fa>.\u003C\u002Fp>\n","Gwolle Guestbook is the WordPress guestbook you've just been looking for. Beautiful and easy.",20000,1516110,96,114,"2026-02-06T09:48:00.000Z","6.9.4","4.1","7.0",[96,97,20,98,99],"gastebuch","guest-book","livre-dor","review","https:\u002F\u002Fzenoweb.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgwolle-gb.4.10.1.zip",89,7,"2025-07-09 12:49:48",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":26,"num_ratings":26,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":119,"download_link":120,"security_score":121,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"guestbook-generator","Guestbook Generator","0.8","Andrew DS a11n","https:\u002F\u002Fprofiles.wordpress.org\u002Fdruesome\u002F","\u003Cp>Instantly generates a guestbook for WordPress blogs based on the active theme. Once activated, click on Options > Guestbook Generator to create the guestbook.\u003C\u002Fp>\n\u003Ch3>Issues and Warnings\u003C\u002Fh3>\n\u003Cp>The latest version of Guestbook Generators work only with WordPress 2.1 and above.  If you are using a previous version (2.0), use Guestbook Generator v0.7 instead.\u003C\u002Fp>\n\u003Ch3>Future Releases\u003C\u002Fh3>\n\u003Cp>Guestbook Generator is continuously being developed and supported.  Please visit the official homepage for more news and information:\u003C\u002Fp>\n\u003Cp>[http:\u002F\u002Fwww.alleba.com\u002Fblog\u002F2006\u002F09\u002F21\u002Fwordpress-guestbook-generator-plugin\u002F WordPress Guestbook Generator]\u003C\u002Fp>\n","Instantly generates a guestbook for Wordpress blogs based on the active theme.",200,49679,"2007-03-20T19:16:00.000Z","2.1","2.0",[20],"http:\u002F\u002Fwww.alleba.com\u002Fblog\u002F2006\u002F09\u002F21\u002Fwordpress-guestbook-generator-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fguestbook-generator.0.8.zip",85,{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":130,"num_ratings":44,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":18,"tags":135,"homepage":140,"download_link":141,"security_score":121,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"reverse-order-comments","Reverse Order Comments","1.1.1","Tim","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimz\u002F","\u003Cp>A really simple WordPress Plugin. It provides the function \u003Ccode>ro_comments_template()\u003C\u002Fcode>, which allows the comments to be displayed in reverse order (thus the newest comments first, oldest last).\u003C\u002Fp>\n","Allows to display the comments in reverse order. Latest comment first, oldest last.",100,18856,"2012-07-16T18:47:00.000Z","3.4.2","1.5",[136,137,20,138,139],"comments","gstebuch","order","reverse","http:\u002F\u002Fwww.zyblog.de\u002Fwordpress-plugins\u002Freverse-order-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freverse-order-comments.1.1.1.zip",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":26,"num_ratings":26,"last_updated":152,"tested_up_to":92,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":158,"download_link":159,"security_score":130,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"simple-guestbook","Simple Guestbook","1.0.0","dichternebel","https:\u002F\u002Fprofiles.wordpress.org\u002Fdichternebel\u002F","\u003Cp>This plugin is based on the comments feature from WordPress and creates a paged output that can be displayed in a WordPress \u003Cstrong>page\u003C\u002Fstrong> by simply putting the shortcode \u003Ccode>[simple-guestbook]\u003C\u002Fcode> as its content.\u003C\u002Fp>\n\u003Cp>Since the plugin just uses existing core functionality it should respect all WP settings and integrate seemless into most of the themes out there.\u003C\u002Fp>\n\u003Cp>You can tweak some basic settings in the options section of the plugin like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>sort order\u003C\u002Fli>\n\u003Cli>entries per page\u003C\u002Fli>\n\u003Cli>avatar size\u003C\u002Fli>\n\u003Cli>custom avatar\u003C\u002Fli>\n\u003Cli>reply functionality for editors\u003C\u002Fli>\n\u003Cli>JavaScript based validation for the WP comment form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Manual Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download \u003Ccode>simple-guestbook[version].zip\u003C\u002Fcode> and unzip to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Change settings in the ‘Options’ menu as needed or leave them default\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Just place the shortcode \u003Ccode>[simple-guestbook]\u003C\u002Fcode> in an (empty) WordPress page. If you like to have some small content on that page, please make sure to put the shortcode at the very end of the page.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Since this plugin uses WP comments I highly recommend that you protect yourself against spam by using e.g. at least one of these plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhcaptcha-for-forms-and-more\u002F\" rel=\"ugc\">hCaptcha\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fantispam-bee\u002F\" rel=\"ugc\">Antispam Bee\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhoneypot-toolkit\u002F\" rel=\"ugc\">Honeypot Toolkit\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin was tested with hCaptcha and the included JavaScript Validation functionality for the comment form comes with an integration for hCaptcha already.\u003C\u002Fp>\n\u003Cp>Enjoy!\u003C\u002Fp>\n\u003Cp>—\u003C\u002Fp>\n\u003Cp>Banner image by \u003Ca href=\"https:\u002F\u002Fpixabay.com\u002Fusers\u002Fpexels-2286921\u002F?utm_source=link-attribution&utm_medium=referral&utm_campaign=image&utm_content=1866992\" rel=\"nofollow ugc\">Pexels\u003C\u002Fa> from \u003Ca href=\"https:\u002F\u002Fpixabay.com\u002F\u002F?utm_source=link-attribution&utm_medium=referral&utm_campaign=image&utm_content=1866992\" rel=\"nofollow ugc\">Pixabay\u003C\u002Fa>\u003C\u002Fp>\n","A simple guestbook plugin based on WordPress page comments.",70,1911,"2026-01-03T13:04:00.000Z","5.2","5.6.20",[136,20,156,157],"navigation","paging","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-guestbook\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-guestbook.1.0.0.zip",{"slug":161,"name":162,"version":163,"author":164,"author_profile":165,"description":166,"short_description":167,"active_installs":168,"downloaded":169,"rating":170,"num_ratings":103,"last_updated":171,"tested_up_to":172,"requires_at_least":173,"requires_php":18,"tags":174,"homepage":18,"download_link":178,"security_score":150,"vuln_count":44,"unpatched_count":44,"last_vuln_date":179,"fetched_at":28},"dooodl","Dooodl","2.3.0","noCreativity","https:\u002F\u002Fprofiles.wordpress.org\u002Fnocreativity\u002F","\u003Cp>Dooodl is a fun plugin for your blog that allows your visitors to draw a little doodle and save it to your site. It’s a bit like a guestbook but less boring and more visual, aka more fun!\u003C\u002Fp>\n\u003Cp>Show the doodles in a widget, with a shortcode, or use any plugin that allows you to show a grid\u002Flist of a custom post type. If you do this look for the custom post type, dooodl.\u003C\u002Fp>\n","Dooodl is a fun plugin for your blog that allows your visitors to draw a little doodle and save it to your site.",60,19123,86,"2024-07-18T12:01:00.000Z","6.6.0","2.7",[175,176,177,20],"doodle","doodles","drawing","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdooodl.zip","2026-01-16 00:00:00",{"attackSurface":181,"codeSignals":220,"taintFlows":309,"riskAssessment":385,"analyzedAt":396},{"hooks":182,"ajaxHandlers":216,"restRoutes":217,"shortcodes":218,"cronEvents":219,"entryPointCount":26,"unprotectedCount":26},[183,188,192,197,202,206,212],{"type":184,"name":185,"callback":186,"file":187,"line":76},"filter","the_content","vgb_replace_content","WP-ViperGB.php",{"type":184,"name":189,"callback":190,"file":187,"line":191},"comments_template","suppress_comments",87,{"type":184,"name":193,"callback":194,"priority":195,"file":187,"line":196},"pre_render_block","closure",10,97,{"type":198,"name":199,"callback":200,"file":187,"line":201},"action","wp_enqueue_scripts","vgb_enqueue_styles",106,{"type":198,"name":203,"callback":204,"file":187,"line":205},"comment_text","comment_img_shortcode",118,{"type":198,"name":207,"callback":208,"priority":209,"file":210,"line":211},"admin_menu","vgb_add_admin_page",99,"_admin_menu.php",15,{"type":184,"name":213,"callback":214,"priority":195,"file":210,"line":215},"plugin_action_links","vgb_add_plugin_links",24,[],[],[],[],{"dangerousFunctions":221,"sqlUsage":222,"outputEscaping":224,"fileOperations":26,"externalRequests":26,"nonceChecks":44,"capabilityChecks":26,"bundledLibraries":308},[],{"prepared":26,"raw":26,"locations":223},[],{"escaped":225,"rawEcho":226,"locations":227},14,43,[228,232,233,234,236,238,240,242,243,245,246,248,250,252,254,256,258,261,263,265,267,268,269,271,272,274,276,278,280,282,283,284,286,288,290,292,294,296,298,300,302,304,306],{"file":229,"line":230,"context":231},"browsersniff\\browsersniff.php",53,"raw output",{"file":210,"line":121,"context":231},{"file":210,"line":209,"context":231},{"file":210,"line":235,"context":231},105,{"file":210,"line":237,"context":231},110,{"file":210,"line":239,"context":231},116,{"file":210,"line":241,"context":231},123,{"file":210,"line":241,"context":231},{"file":210,"line":244,"context":231},124,{"file":210,"line":244,"context":231},{"file":210,"line":247,"context":231},125,{"file":210,"line":249,"context":231},126,{"file":210,"line":251,"context":231},127,{"file":210,"line":253,"context":231},128,{"file":210,"line":255,"context":231},129,{"file":210,"line":257,"context":231},144,{"file":259,"line":260,"context":231},"_output_guestbook.php",146,{"file":259,"line":262,"context":231},150,{"file":259,"line":264,"context":231},170,{"file":259,"line":266,"context":231},178,{"file":259,"line":266,"context":231},{"file":259,"line":266,"context":231},{"file":259,"line":270,"context":231},185,{"file":259,"line":270,"context":231},{"file":259,"line":273,"context":231},193,{"file":259,"line":275,"context":231},196,{"file":259,"line":277,"context":231},205,{"file":259,"line":279,"context":231},212,{"file":259,"line":281,"context":231},215,{"file":259,"line":281,"context":231},{"file":259,"line":281,"context":231},{"file":259,"line":285,"context":231},224,{"file":259,"line":287,"context":231},226,{"file":259,"line":289,"context":231},256,{"file":259,"line":291,"context":231},261,{"file":259,"line":293,"context":231},272,{"file":259,"line":295,"context":231},273,{"file":259,"line":297,"context":231},281,{"file":259,"line":299,"context":231},282,{"file":259,"line":301,"context":231},290,{"file":259,"line":303,"context":231},310,{"file":259,"line":305,"context":231},318,{"file":259,"line":307,"context":231},319,[],[310,326,360,377],{"entryPoint":311,"graph":312,"unsanitizedCount":44,"severity":37},"vgb_get_sign_pg (_output_guestbook.php:243)",{"nodes":313,"edges":323},[314,318],{"id":315,"type":316,"label":317,"file":259,"line":303},"n0","source","$_SERVER['REQUEST_URI']",{"id":319,"type":320,"label":321,"file":259,"line":303,"wp_function":322},"n1","sink","echo() [XSS]","echo",[324],{"from":315,"to":319,"sanitized":325},false,{"entryPoint":327,"graph":328,"unsanitizedCount":26,"severity":359},"vgb_admin_page (_admin_menu.php:36)",{"nodes":329,"edges":353},[330,332,335,339,341,345,347,351],{"id":315,"type":316,"label":331,"file":210,"line":168},"$_POST[$opt_vgb_page]",{"id":319,"type":320,"label":333,"file":210,"line":168,"wp_function":334},"update_option() [Settings Manipulation]","update_option",{"id":336,"type":316,"label":337,"file":210,"line":338},"n2","$_POST[$opt_vgb_style]",61,{"id":340,"type":320,"label":333,"file":210,"line":338,"wp_function":334},"n3",{"id":342,"type":316,"label":343,"file":210,"line":344},"n4","$_POST[$opt_vgb_items_per_pg]",62,{"id":346,"type":320,"label":333,"file":210,"line":344,"wp_function":334},"n5",{"id":348,"type":316,"label":349,"file":210,"line":350},"n6","$_REQUEST[$opt_vgb_hidesponsor]",80,{"id":352,"type":320,"label":333,"file":210,"line":350,"wp_function":334},"n7",[354,356,357,358],{"from":315,"to":319,"sanitized":355},true,{"from":336,"to":340,"sanitized":355},{"from":342,"to":346,"sanitized":355},{"from":348,"to":352,"sanitized":355},"low",{"entryPoint":361,"graph":362,"unsanitizedCount":26,"severity":359},"\u003C_admin_menu> (_admin_menu.php:0)",{"nodes":363,"edges":372},[364,365,366,367,368,369,370,371],{"id":315,"type":316,"label":331,"file":210,"line":168},{"id":319,"type":320,"label":333,"file":210,"line":168,"wp_function":334},{"id":336,"type":316,"label":337,"file":210,"line":338},{"id":340,"type":320,"label":333,"file":210,"line":338,"wp_function":334},{"id":342,"type":316,"label":343,"file":210,"line":344},{"id":346,"type":320,"label":333,"file":210,"line":344,"wp_function":334},{"id":348,"type":316,"label":349,"file":210,"line":350},{"id":352,"type":320,"label":333,"file":210,"line":350,"wp_function":334},[373,374,375,376],{"from":315,"to":319,"sanitized":355},{"from":336,"to":340,"sanitized":355},{"from":342,"to":346,"sanitized":355},{"from":348,"to":352,"sanitized":355},{"entryPoint":378,"graph":379,"unsanitizedCount":44,"severity":359},"\u003C_output_guestbook> (_output_guestbook.php:0)",{"nodes":380,"edges":383},[381,382],{"id":315,"type":316,"label":317,"file":259,"line":303},{"id":319,"type":320,"label":321,"file":259,"line":303,"wp_function":322},[384],{"from":315,"to":319,"sanitized":325},{"summary":386,"deductions":387},"The wp-vipergb plugin v1.6.2 presents a mixed security posture. While the static analysis shows a commendable lack of direct attack surface entry points like AJAX handlers, REST API routes, and shortcodes, and all SQL queries use prepared statements, significant concerns arise from the output escaping. With only 25% of outputs properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might not be neutralized before being displayed to other users. The taint analysis, while showing no critical or high severity flows, did identify two flows with unsanitized paths, which could potentially lead to path traversal or other file-related vulnerabilities if exploited in conjunction with other weaknesses.\n\nThe vulnerability history is particularly concerning, with three medium-severity CVEs recorded. The common types of these historical vulnerabilities being CSRF and XSS strongly correlate with the observed poor output escaping. The fact that a vulnerability was reported very recently (2024-05-23) and that there are no currently unpatched CVEs is a positive sign, suggesting the developers are responsive to patching. However, the recurrence of similar vulnerability types indicates persistent underlying issues in how user input is handled and sanitized. The plugin exhibits strengths in its limited attack surface and secure SQL practices, but weaknesses in output sanitization and a history of common web vulnerabilities warrant caution.",[388,390,392,394],{"reason":389,"points":211},"High percentage of unescaped outputs",{"reason":391,"points":195},"Flows with unsanitized paths found",{"reason":393,"points":211},"History of medium severity vulnerabilities (3 total)",{"reason":395,"points":195},"Historically vulnerable to XSS and CSRF","2026-03-16T19:46:13.121Z",{"wat":398,"direct":413},{"assetPaths":399,"generatorPatterns":403,"scriptPaths":404,"versionParams":407},[400,401,402],"\u002Fwp-content\u002Fplugins\u002Fwp-vipergb\u002Fstyles\u002FDefault.css","\u002Fwp-content\u002Fplugins\u002Fwp-vipergb\u002Fstyles\u002Fvgb-admin-css.css","\u002Fwp-content\u002Fplugins\u002Fwp-vipergb\u002Fstyles\u002Fvgb-guestbook-css.css",[],[405,406],"\u002Fwp-content\u002Fplugins\u002Fwp-vipergb\u002Fscripts\u002Fvgb-guestbook-js.js","\u002Fwp-content\u002Fplugins\u002Fwp-vipergb\u002Fscripts\u002Fvgb-admin-js.js",[408,409,410,411,412],"wp-vipergb\u002Fstyles\u002FDefault.css?ver=","wp-vipergb\u002Fstyles\u002Fvgb-admin-css.css?ver=","wp-vipergb\u002Fstyles\u002Fvgb-guestbook-css.css?ver=","wp-vipergb\u002Fscripts\u002Fvgb-guestbook-js.js?ver=","wp-vipergb\u002Fscripts\u002Fvgb-admin-js.js?ver=",{"cssClasses":414,"htmlComments":425,"htmlAttributes":426,"restEndpoints":428,"jsGlobals":429,"shortcodeOutput":432},[415,416,417,418,419,420,421,422,423,424],"vgb-guestbook-wrapper","vgb-entry","vgb-entry-header","vgb-entry-body","vgb-pagination","vgb-form-wrapper","vgb-form-input","vgb-form-textarea","vgb-form-submit","vgb-admin-form-wrapper",[],[427],"data-vgb-id",[],[430,431],"vgb_guestbook_ajax_url","vgb_guestbook_nonce",[433],"[vgb-guestbook]"]