[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuBYW8yXXEUIW2nxkupmI5Nea66y7dvo7k4prRHB3kOs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":118,"fingerprints":304},"wpms-sidebar-login-widget","WPMS Sidebar Login Widget","1.9.4","Joshua Parker","https:\u002F\u002Fprofiles.wordpress.org\u002Fparkerj\u002F","\u003Cp>If you are running a WPMS (Multisite) blogging network, the issue with most login widgets that you add to the main site’s sidebar is that it doesn’t pull the user’s own blog info. That is why the WPMS Sidebar Login Widget was created. Instead of the user trying to remember the login page of their own site\u002Fblog, when a user logs into your main site, the widget will conveniently contain links to navigate to 3 different pages of the user’s blog: dashboard, new post page, and profile page.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Link to Network Admin page (only shows if user logged in is a super admin)\u003C\u002Fli>\n\u003Cli>Link to user’s dashboard\u003C\u002Fli>\n\u003Cli>Link to user’s new post page\u003C\u002Fli>\n\u003Cli>Link to user’s profile page\u003C\u002Fli>\n\u003Cli>Link to forums page\u003C\u002Fli>\n\u003Cli>Subblog registration detection\u003C\u002Fli>\n\u003Cli>Custom CSS settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To make sure it works, activate the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> plugin on the main site only to switch to a different user.\u003C\u002Fp>\n","Adds a sidebar widget to the main site of a WPMU\u002FWPMS install.",50,22785,0,"2012-02-19T04:23:00.000Z","3.3.2","2.8","",[19,20,21,22,23],"login","multisite","widget","wpms","wpmu","http:\u002F\u002Fwww.7mediaws.org\u002Fblog\u002Fwpms_sidebar_login_widget.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpms-sidebar-login-widget.1.9.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"parkerj",5,130,30,84,"2026-04-04T04:22:41.073Z",[38,56,74,91,106],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wpms-site-maintenance-mode","WPMS Site Maintenance Mode","1.0.3","\u003Cp>Plugin allows a super admin to put his\u002Fher entire network, main site, or subsites into maintenance mode.\u003C\u002Fp>\n","Provides an interface to make a WPMS network unavailable to everyone during maintenance, except the admin.",20,15535,100,1,"2012-08-27T18:19:00.000Z","3.4.2","3.0",[52,20,53,22,23],"maintenance","shutdown","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwpms-site-maintenance-mode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpms-site-maintenance-mode.1.0.3.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":72,"download_link":73,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"limit-blogs-per-user","Limit Blogs Per User","1.4","Brajesh","https:\u002F\u002Fprofiles.wordpress.org\u002Fwrite2brajesh\u002F","\u003Cp>This is a plugin for wpmu\u002Fwpmu+byddypress powered websites, where network administrators can limit the number of blogs a user can signup.\u003Cbr \u002F>\nIt is pretty simple and adds an option to NetworkAdmin->Dashboard->network settings page, where you can limit the number of blogs. No additional frills required.\u003C\u002Fp>\n\u003Cp>What It does\u003C\u002Fp>\n\u003Cp>It adds an option to the Network settings  page when you are logged in as site admin of the wpmu site(or wpmu+buddyppress site),Look at the bottom of options page,and You will see a text box like this asking for number of blogs allowed per user.If you set it to zero(which is the default),It will not restrict the blog registration then.\u003Cbr \u002F>\nFor any support or any questions,please leave a comment at my blog\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fbuddydev.com\u002Fbuddypress\u002Flimit-blogs-per-user-plugin-for-wpmu\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fbuddydev.com\u002Fbuddypress\u002Flimit-blogs-per-user-plugin-for-wpmu\u002F\u003C\u002Fa>\u003Cbr \u002F>\nAnd yeh did I mention \u003Ca href=\"http:\u002F\u002Fblog.strategy11.com\u002F\" rel=\"nofollow ugc\">Steph\u003C\u002Fa> has been very kind in reporting bugs and suggesting fixes.Many Thanks to Steph.\u003C\u002Fp>\n","This plugin is for WordPress Multisite and\u002For WordPress Multisite+buddypress based social network.It limits the number of blogs a user can create.",10,14683,"2011-09-29T07:47:00.000Z","3.2.1","2.5",[70,20,71,22,23],"buddypress","options","http:\u002F\u002Fbuddydev.com\u002Fbuddypress\u002Flimit-blogs-per-user-plugin-for-wpmu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimit-blogs-per-user.1.4.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":64,"downloaded":82,"rating":46,"num_ratings":83,"last_updated":17,"tested_up_to":84,"requires_at_least":17,"requires_php":17,"tags":85,"homepage":88,"download_link":89,"security_score":46,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":90},"multisite-dashboard-broadcast","Multisite Dashboard Broadcast","0.1","mogita","https:\u002F\u002Fprofiles.wordpress.org\u002Fck65\u002F","\u003Cp>NOTE: ONLY works with multisite (aka WordPress Network) mode for now.\u003C\u002Fp>\n\u003Cp>A super-easy-to-use Multisite WordPress news broadcasting tool for the Super Admin of the Network.\u003C\u002Fp>\n\u003Cp>This plugin can be helpful for the Super Admins to push a notification, some kind of messages, even some Ads if they like, to every site admins who registered under your Multisite WordPress network. The added widget will go to the first place of all widgets, unless the site admins move it elsewhere.\u003C\u002Fp>\n\u003Cp>This is a very simple task but yet no plugins ever met my simple need, so I made one for myself, and hope it helps you too.\u003C\u002Fp>\n\u003Cp>Key Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a widget to every site admin’s dashboard (by Super Admin only)\u003C\u002Fli>\n\u003Cli>Support HTML content\u003C\u002Fli>\n\u003Cli>Comes at the top of all widgets\u003C\u002Fli>\n\u003Cli>Site admins can move or hide it as they wish\u003C\u002Fli>\n\u003Cli>Multi languages support (available in English and Chinese till now)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can find the configuration page at Manage Network -> Settings -> Dashbaord Broadcast.\u003C\u002Fp>\n","Place a widget on top of every site's dashboard under the same Multisite installation, containing whatever content the Super Admin writes.",2361,2,"3.5.2",[86,20,87,21,23],"dashboard","network","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultisite-dashboard-broadcast\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-dashboard-broadcast.zip","2026-03-15T10:48:56.248Z",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":64,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":100,"tested_up_to":101,"requires_at_least":50,"requires_php":17,"tags":102,"homepage":104,"download_link":105,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"my-sites-widget","My Sites Widget","1.0","scribu","https:\u002F\u002Fprofiles.wordpress.org\u002Fscribu\u002F","\u003Cp>On a multisite installation, the admin bar has a menu item called My Sites.\u003C\u002Fp>\n\u003Cp>If you’re not a big fan of the admin bar on the front-end, try this widget instead. If the user is not logged in, he won’t see the widget at all.\u003C\u002Fp>\n","A widget that displays a list of sites that the current user has access to.",2834,"2014-01-04T02:06:00.000Z","3.7.41",[20,103,21,23],"navigation","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmy-sites-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-sites-widget.zip",{"slug":107,"name":108,"version":109,"author":7,"author_profile":8,"description":110,"short_description":111,"active_installs":64,"downloaded":112,"rating":13,"num_ratings":13,"last_updated":113,"tested_up_to":67,"requires_at_least":50,"requires_php":17,"tags":114,"homepage":116,"download_link":117,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-amember-dashboard-widget","WP aMember Dashboard Widget","0.2.2","\u003Cp>Adds aMember account info in your WP\u002FWPMU\u002FWPMS dashboard. Users will be able to have some of their payment account info in their dashboard.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full XHTML compliancy\u003C\u002Fli>\n\u003Cli>Listing of members’ subscribed products (hyperlinked)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Future plans:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>More account info: registration date, expire date, next recurring payment date.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds aMember account info to your WP\u002FWPMU\u002FWPMS dashboard. Users will be able to have some of their payment account info in their dashboard.",2867,"2011-07-28T04:43:00.000Z",[115,86,20,21,22],"amember","http:\u002F\u002Fwww.joshmac.net\u002Fwordpress\u002Fwp_amember_dashboard_widget.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-amember-dashboard-widget.0.2.2.zip",{"attackSurface":119,"codeSignals":174,"taintFlows":252,"riskAssessment":290,"analyzedAt":303},{"hooks":120,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":13,"unprotectedCount":13},[121,127,131,135,138,142,146,149,152,154,157,160,162,166],{"type":122,"name":123,"callback":124,"file":125,"line":126},"action","admin_init","register_wpms_network_sidebar_login_settings","wpms_login_widget.php",11,{"type":122,"name":128,"callback":129,"file":125,"line":130},"admin_menu","wpms_network_sidebar_login_menu",12,{"type":122,"name":132,"callback":133,"priority":64,"file":125,"line":134},"wpmu_new_user","u2s_add_new_user",76,{"type":122,"name":136,"callback":133,"priority":64,"file":125,"line":137},"user_register",77,{"type":122,"name":139,"callback":140,"priority":64,"file":125,"line":141},"wpmu_new_blog","u2s_add_new_blog",78,{"type":122,"name":143,"callback":144,"priority":64,"file":125,"line":145},"admin_head","update_main_blog_subs",80,{"type":122,"name":147,"callback":144,"priority":64,"file":125,"line":148},"wp_login",81,{"type":122,"name":132,"callback":150,"priority":64,"file":125,"line":151},"new_u2s_add_new_user",108,{"type":122,"name":136,"callback":150,"priority":64,"file":125,"line":153},109,{"type":122,"name":139,"callback":155,"priority":64,"file":125,"line":156},"new_u2s_add_new_blog",110,{"type":122,"name":143,"callback":158,"priority":64,"file":125,"line":159},"update_other_blog_subs",112,{"type":122,"name":147,"callback":158,"priority":64,"file":125,"line":161},113,{"type":122,"name":163,"callback":164,"file":125,"line":165},"plugins_loaded","widget_wpms_network_login_init",442,{"type":122,"name":167,"callback":168,"file":125,"line":169},"wp_head","wpms_network_sidebar_login_stylesheet",443,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":182,"outputEscaping":196,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":250,"bundledLibraries":251},[176,180],{"fn":177,"file":125,"line":178,"context":179},"preg_replace(\u002Fe)",189,"preg_replace('\u002Fe",{"fn":177,"file":125,"line":181,"context":179},196,{"prepared":13,"raw":32,"locations":183},[184,187,189,192,194],{"file":125,"line":185,"context":186},70,"$wpdb->get_results() with variable interpolation",{"file":125,"line":188,"context":186},102,{"file":125,"line":190,"context":191},376,"$wpdb->get_var() with variable interpolation",{"file":125,"line":193,"context":191},377,{"file":125,"line":195,"context":191},378,{"escaped":13,"rawEcho":197,"locations":198},27,[199,202,204,206,208,210,212,214,216,218,220,222,224,226,228,229,231,233,235,237,239,240,241,243,245,247,248],{"file":125,"line":200,"context":201},122,"raw output",{"file":125,"line":203,"context":201},265,{"file":125,"line":205,"context":201},275,{"file":125,"line":207,"context":201},276,{"file":125,"line":209,"context":201},282,{"file":125,"line":211,"context":201},289,{"file":125,"line":213,"context":201},316,{"file":125,"line":215,"context":201},327,{"file":125,"line":217,"context":201},334,{"file":125,"line":219,"context":201},344,{"file":125,"line":221,"context":201},355,{"file":125,"line":223,"context":201},362,{"file":125,"line":225,"context":201},373,{"file":125,"line":227,"context":201},394,{"file":125,"line":227,"context":201},{"file":125,"line":230,"context":201},396,{"file":125,"line":232,"context":201},399,{"file":125,"line":234,"context":201},402,{"file":125,"line":236,"context":201},405,{"file":125,"line":238,"context":201},407,{"file":125,"line":238,"context":201},{"file":125,"line":238,"context":201},{"file":125,"line":242,"context":201},411,{"file":125,"line":244,"context":201},417,{"file":125,"line":246,"context":201},426,{"file":125,"line":246,"context":201},{"file":125,"line":249,"context":201},430,3,[],[253,279],{"entryPoint":254,"graph":255,"unsanitizedCount":13,"severity":278},"wpms_network_sidebar_login_settings_page (wpms_login_widget.php:128)",{"nodes":256,"edges":274},[257,262,268,270],{"id":258,"type":259,"label":260,"file":125,"line":261},"n0","source","$_POST",173,{"id":263,"type":264,"label":265,"file":125,"line":266,"wp_function":267},"n1","sink","update_option() [Settings Manipulation]",239,"update_option",{"id":269,"type":259,"label":260,"file":125,"line":261},"n2",{"id":271,"type":264,"label":272,"file":125,"line":211,"wp_function":273},"n3","echo() [XSS]","echo",[275,277],{"from":258,"to":263,"sanitized":276},true,{"from":269,"to":271,"sanitized":276},"low",{"entryPoint":280,"graph":281,"unsanitizedCount":13,"severity":278},"\u003Cwpms_login_widget> (wpms_login_widget.php:0)",{"nodes":282,"edges":287},[283,284,285,286],{"id":258,"type":259,"label":260,"file":125,"line":261},{"id":263,"type":264,"label":265,"file":125,"line":266,"wp_function":267},{"id":269,"type":259,"label":260,"file":125,"line":261},{"id":271,"type":264,"label":272,"file":125,"line":211,"wp_function":273},[288,289],{"from":258,"to":263,"sanitized":276},{"from":269,"to":271,"sanitized":276},{"summary":291,"deductions":292},"The plugin 'wpms-sidebar-login-widget' v1.9.4 exhibits a mixed security posture. While the static analysis reveals no direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected, and there's a complete absence of known vulnerabilities, several concerning code signals warrant attention. The presence of two instances of `preg_replace` with the `\u002Fe` modifier is a significant red flag, as this function can be exploited for remote code execution if not handled with extreme care and sanitization. Furthermore, all SQL queries are executed without prepared statements, increasing the risk of SQL injection vulnerabilities. The lack of proper output escaping for all identified outputs means that any user-supplied data that is displayed could be vulnerable to cross-site scripting (XSS) attacks.\n\nDespite the lack of a large attack surface and a clean vulnerability history, the internal code quality indicates potential weaknesses. The heavy reliance on raw SQL queries and the complete absence of output escaping are serious concerns that could be exploited by an attacker, even without obvious external entry points. The absence of taint flows with unsanitized paths is positive, but it does not negate the risks posed by the dangerous function usage and insecure database interactions. Therefore, while the plugin appears to be free of known exploits and has a clean history, the internal code's insecurity is a notable weakness that needs to be addressed.",[293,296,298,301],{"reason":294,"points":295},"Dangerous function preg_replace(\u002Fe) found",15,{"reason":297,"points":64},"Raw SQL queries without prepared statements",{"reason":299,"points":300},"No output escaping detected",8,{"reason":302,"points":32},"No nonce checks","2026-03-16T21:56:26.382Z",{"wat":305,"direct":312},{"assetPaths":306,"generatorPatterns":308,"scriptPaths":309,"versionParams":310},[307],"\u002Fwp-content\u002Fplugins\u002Fwpms-sidebar-login-widget\u002Fwpms_login_widget.css",[],[],[311],"\u002Fwpms-sidebar-login-widget\u002Fwpms_login_widget.css?ver=",{"cssClasses":313,"htmlComments":315,"htmlAttributes":341,"restEndpoints":343,"jsGlobals":344,"shortcodeOutput":345},[314],"wpms_login_widget",[316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340],"\u003C!-- Custom Sidebar Login CSS : http:\u002F\u002Fwww.7mediaws.org\u002F -->","\u003C!-- If you are good at CSS, you can style the login widget. -->","\u003C!-- This is a comment. Comments begin with \u002F* and end with *\u002F","\u003C!-- Below is example css; uncomment to see how the avatar is affected. -->","\u003C!-- #wp_sidebarlogin-4 img.avatar {","background: #FFF;","margin-top:2px;","padding: 4px;","border: 1px solid #DDD;","Round Corners (native in Safari, Firefox and Chrome)","-moz-border-radius: 6px;","-webkit-border-radius: 6px;","} -->","\u003C!--","Things we strip out include:","* HTML code","* @import rules","* expressions","* invalid and unsafe code","* URLs not using the http: protocol","Things we encourage include:","* @media blocks!","* sharing your CSS!","* testing in several browsers!","-->",[342],"id=\"wp_sidebarlogin-4\"",[],[],[]]