[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzz43BBnvMq3HNw-aLxCfFTSXhUSyb68Jcjf7jEWeujg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":134,"fingerprints":272},"xhanch-my-quote","Xhanch – My Quote","1.5.0","xhanch_studio","https:\u002F\u002Fprofiles.wordpress.org\u002Fxhanch_studio\u002F","\u003Cp>Xhanch – My Quote (developed by \u003Ca href=\"http:\u002F\u002Fxhanch.com\u002F\" title=\"Xhanch Studio\" rel=\"nofollow ugc\">Xhanch Studio\u003C\u002Fa>) is a WordPress plugin to show a random quote with provided predefined quotes or your own collections. The collections of quotes are expandable for sure. We will keep adding more collections to the database.\u003C\u002Fp>\n\u003Cp>With this plugin, you can provide useful and worthy knowledge, words and information to your visitor. Else, your website will be more dynamic and more keywords-rich since the content of every pages of your WordPress website will keep changing due to this plugin.\u003C\u002Fp>\n\u003Cp>For complete features list, installation and setup, screen shots, FAQs, update logs\u002Fchangelog, and support:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-quote\u002F\" title=\"Xhanch - My Quote\" rel=\"nofollow ugc\">Plugin details\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fforum.xhanch.com\u002Findex.php\u002Fboard,5.0.html\" title=\"Forum\u002Fcommunity center\" rel=\"nofollow ugc\">Forum\u002Fcommunity center\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fforum.xhanch.com\u002Findex.php\u002Fboard,21.0.html\" title=\"Change\u002Fupdate logs\" rel=\"nofollow ugc\">Change\u002Fupdate logs\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fxhanch_studio\" title=\"Click here to see All free plugins from Xhanch Studio\" rel=\"ugc\">Click here to see All free plugins from Xhanch Studio\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fforum.xhanch.com\u002Findex.php\u002Fboard,5.0.html\" title=\"Xhanch - My Quote\" rel=\"nofollow ugc\">Click here to visit the forum for this plugin\u003C\u002Fa>\u003C\u002Fp>\n","Xhanch - My Quote shows a random quote with provided predefined quotes or your own collections.",10,14052,100,1,"2016-09-04T04:38:00.000Z","4.6.30","2.3","",[20,21,22,23,24],"code","content","sidebar","widget","xhanch","http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-quote\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxhanch-my-quote.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},3,220,3462,69,"2026-04-05T06:58:53.148Z",[39,50,75,95,116],{"slug":40,"name":41,"version":42,"author":7,"author_profile":8,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":28,"num_ratings":28,"last_updated":46,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":47,"homepage":48,"download_link":49,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"xhanch-my-prayer-time","Xhanch – My Prayer Time","1.0.2","\u003Cp>Xhanch – My Prayer Time is a WordPress plugin made by Xhanch Studio to display Moslem\u002FIslamic prayer time table based on visitor’s IP (daily and monthly).\u003C\u002Fp>\n\u003Cp>It provide a widget to display a daily prayer time, a shortcode to be placed on a page to display a monthly prayer time and a print version monthly prayer time.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-prayer-time\u002F\" title=\"Xhanch - My Prayer Time\" rel=\"nofollow ugc\">Click here for more detailed information about Xhanch – My Prayer Time and If you’re having a problem with the plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002Fxhanch_studio\" title=\"Click here to see All free plugins from Xhanch Studio\" rel=\"ugc\">Click here to see All free plugins from Xhanch Studio\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-prayer-time\u002F\" title=\"Xhanch - My Prayer Time\" rel=\"nofollow ugc\">Click here for more detailed information about Xhanch – My Prayer Time and If you’re having a problem with the plugin\u003C\u002Fa>\u003C\u002Fp>\n","Xhanch - My Prayer Time displays Moslem\u002FIslamic prayer time table based on visitor's IP (daily and monthly).",10337,"2016-09-04T05:00:00.000Z",[20,21,22,23,24],"http:\u002F\u002Fxhanch.com\u002Fwp-plugin-my-prayer-time\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxhanch-my-prayer-time.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":28,"last_vuln_date":74,"fetched_at":30},"custom-post-widget","Content Blocks (Custom Post Widget)","3.4.1","Johan van der Wijk","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanderwijk\u002F","\u003Cp>The \u003Ca href=\"http:\u002F\u002Fwww.vanderwijk.com\u002Fwordpress\u002Fwordpress-custom-post-widget\u002F?utm_source=wordpress&utm_medium=website&utm_campaign=custom_post_widget\" rel=\"nofollow ugc\">Content Blocks\u003C\u002Fa> allows you to display the contents of a specific custom post in a widget on in the content area using a shortcode.\u003C\u002Fp>\n\u003Cp>Even though you could use the text widget that comes with the default WordPress install, this plugin has some major benefits:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The Content Blocks plugin enables users to \u003Cstrong>use the WYSIWYG editor\u003C\u002Fstrong> for editing the content and adding images.\u003C\u002Fli>\n\u003Cli>If you are using the standard WordPress text widgets to display content on various areas of your template, this content can only be edited by users with administrator access. If you would like \u003Cstrong>non-administrator accounts to modify the widget content\u003C\u002Fstrong>, you can use this plugin to provide them access to the custom posts that provide the content for the widget areas.\u003C\u002Fli>\n\u003Cli>You can even use the \u003Cstrong>featured image functionality\u003C\u002Fstrong> to display them in a widget.\u003C\u002Fli>\n\u003Cli>The Content Blocks plugin is \u003Cstrong>compatible with the WPML\u003C\u002Fstrong> Multi-Language plugin and automatically shows the correct language in the widget area.\u003C\u002Fli>\n\u003Cli>The Content Blocks can be included in posts and pages using the \u003Cstrong>built-in shortcode functionality\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin creates a ‘content_block’ custom post type. You can choose to either display the title on the page or use it to describe the contents and widget position of the content block. Note that these content blocks can only be displayed in the context of the page. I have added ‘public’ => false to the custom post type which means that it is not accessible outside the page context.\u003C\u002Fp>\n\u003Cp>To add content to a widget, drag it to the required position in the sidebar and select the title of the custom post in the widget configuration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Includes the following translations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Swedish (sv_SE) by \u003Ca href=\"http:\u002F\u002Fkrokedil.se\" rel=\"nofollow ugc\">Andreas Larsson\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) by \u003Ca href=\"https:\u002F\u002Fwww.ibidemgroup.com\" rel=\"nofollow ugc\">IBIDEM GROUP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portuguese (pt_BR) by Ronaldo Chevalier\u003C\u002Fli>\n\u003Cli>Polish (pl_PL) by Kuba Skublicki\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) by \u003Ca href=\"https:\u002F\u002Fvanderwijk.nl\" rel=\"nofollow ugc\">Johan van der Wijk\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Czech (cs_CZ) by \u003Ca href=\"http:\u002F\u002Fjsemweb.cz\u002F\" rel=\"nofollow ugc\">Martin Kucera\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fcustom-post-widget\" rel=\"nofollow ugc\">More translations are very welcome!\u003C\u002Fa>\u003C\u002Fp>\n","This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.",10000,727658,98,80,"2026-01-27T13:29:00.000Z","6.9.4","4.6",[66,67,68,69,23],"block","content-block","custom-post","shortcode","https:\u002F\u002Fvanderwijk.com\u002Fwordpress\u002Fwordpress-custom-post-widget\u002F?utm_source=wordpress&utm_medium=plugin&utm_campaign=custom_post_widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-widget.3.4.1.zip",96,5,"2025-02-19 21:17:14",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":60,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":93,"download_link":94,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disable-author-pages","Disable Author Pages","0.11","Frank Neumann-Staude","https:\u002F\u002Fprofiles.wordpress.org\u002Ffstaude\u002F","\u003Cp>Disable the author pages ( \u002Fauthor=? ) in wordpress and redirect the user to another page.\u003C\u002Fp>\n","Disable the author pages",6000,50618,17,"2017-11-28T17:13:00.000Z","4.7.32","3.0",[90,91,69,22,92],"page","post","widgets","https:\u002F\u002Fstaude.net\u002Fwordpress\u002Fplugins\u002Fdisable-author-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-author-pages.0.11.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":72,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":114,"download_link":115,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"reusable-content-blocks","Reusable Content Blocks","1.1.3","Safeer","https:\u002F\u002Fprofiles.wordpress.org\u002Fsafeerz\u002F","\u003Cp>Reusable Content Blocks plugin allows you to insert contents (pages, posts, custom post types) created with WPBakery Page Builder into other contents, Widget areas and Templates using Shortcode, Widget or PHP without missing custom\u002Finline styles generated by page builders.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works with WPBakery’s Page Builder.\u003C\u002Fli>\n\u003Cli>Works with WP Bakery elements from the The7 theme\u003C\u002Fli>\n\u003Cli>Dedicated Element for WP Bakery page builder.\u003C\u002Fli>\n\u003Cli>Extendable support for Elements from other Themes and addons.\u003C\u002Fli>\n\u003Cli>Allows to use Shortcodes, Widgets and PHP fucntion to place content blocks into other contents, Widgetised areas or Templates.\u003C\u002Fli>\n\u003Cli>Provides ready to use Shortcodes and functions for Reusable block post types.\u003C\u002Fli>\n\u003Cli>Lighweight. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create Reusable blocks and insert it on multiple places, manage it from a single place.\u003C\u002Fli>\n\u003Cli>Design custom footer layouts using page builders, and insert it using Widget\u003C\u002Fli>\n\u003Cli>Design a topbar like block using page builder, place it in templates using PHP or hooks.\u003C\u002Fli>\n\u003Cli>Insert contents of page, post or custom post types in other contents using shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation & Help\u003C\u002Fh4>\n\u003Cp>Basic instructions are provided within your WordPress site’s admin area, Dashboard > Reusable Blocks > Options page. Detailed documentation with screenshots for guidance, is available on the \u003Ca href=\"http:\u002F\u002Fwww.thecodepoetry.com\u002Fplugins\u002Fwordpress-reusable-content-blocks\" rel=\"nofollow ugc\">Plugins page\u003C\u002Fa>\u003C\u002Fp>\n","Reusable Content Blocks plugin allows you to insert contents (pages, posts, custom post types) created with WPBakery Page Builder into other contents, &hellip;",4000,27129,12,"2023-01-30T16:53:00.000Z","6.1.10","4.9.7","5.6",[96,111,112,113],"reusable-content-widget","thecodepoetry","wpbakery-global-widget","http:\u002F\u002Fthecodepoetry.com\u002Fplugins\u002Fwordpress-reusable-pagebulider-contnet-blocks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freusable-content-blocks.zip",{"slug":117,"name":118,"version":42,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":105,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":132,"download_link":133,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"duplicate-widget","Duplicate Widget","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>A widget that can act as a duplicate of another widget (for synchronized use in another sidebar)\u003C\u002Fp>\n\u003Cp>Define a widget once, use it in multiple sidebars.  This saves you from having to manually configure each copy of the widget and later having to worry about keeping them in sync should you ever need to make any changes.  Particularly useful for those who define logic in their themes to conditionally include different versions of a sidebar depending on what template is being shown. Depending on use, it is an alternative to plugins that introduce in-widget logic to determine when widgets should be visible (Widget Logic, Section Widget, Conditional Widgets, etc).\u003C\u002Fp>\n\u003Cp>Quick overview of what this plugin does:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds a widget called “Duplicate”. The widget’s only setting is a dropdown listing all active widgets.  The selected widget will be the widget duplicated by the duplicate widget.\u003C\u002Fli>\n\u003Cli>A duplicate widget shows the same title and content as its source widget, even if those values later get changed in the source widget.\u003C\u002Fli>\n\u003Cli>A widget can be duplicated any number of times and can appear multiple times within the same page. (Yes, even within the same sidebar, though why would you do that?)\u003C\u002Fli>\n\u003Cli>A duplicate widget will abide by the configuration of the sidebar it is placed in, not the configuration of the sidebar containing the source widget.  So it uses ‘before_widget’, ‘after_widget’, ‘before_title’, ‘after_title’ values of its own sidebar.\u003C\u002Fli>\n\u003Cli>Widgets that are duplicated will have “[D]” prepended to their name in the widget titlebar in the admin to denote they have duplicates.  Also, at the bottom of the widget’s configuration form (when the widget is expanded), a short blurb also explains that the widget has duplicate(s) and a count of how many duplicates it has.\u003C\u002Fli>\n\u003Cli>If a widget is deactivated or deleted, if it has any duplicates, they get deleted as well.\u003C\u002Fli>\n\u003Cli>The widget id and widget type of the source widget are included as HTML classes in the duplicate widget’s markup.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fduplicate-widget\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fduplicate-widget\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>The plugin exposes four actions for hooking.  Typically, customizations utilizing these hooks would be put into your active theme’s functions.php file, or used by another plugin.\u003C\u002Fp>\n\u003Ch4>c2c_before_duplicate_widget (action)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_before_duplicate_widget’ hook allows you to output text, or perform some sort of action, just before the output of the duplicate widget.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$instance (array) : The settings for the widget instance (namely: title and widget_to_duplicate)\u003C\u002Fli>\n\u003Cli>$args (array) : The configuration for the widget and sidebar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Output an opening \u003Cdiv> before duplicate widget content\nadd_action( 'c2c_before_duplicate_widget', 'my_c2c_before_duplicate_widget', 10, 2 );\nfunction my_c2c_before_duplicate_widget( $instance, $args ) {\n    echo '\u003Cdiv class=\"a_duplicate_widget\">;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_after_duplicate_widget (action)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_after_duplicate_widget’ hook allows you to output text, or perform some sort of action, just after the output of the duplicate widget.\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$instance (array) : The settings for the widget instance (namely: title and widget_to_duplicate)\u003C\u002Fli>\n\u003Cli>$args (array) : The configuration for the widget and sidebar\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Output an closing \u003C\u002Fdiv> after duplicate widget content\nadd_action( 'c2c_after_duplicate_widget', 'my_c2c_after_duplicate_widget', 10, 2 );\nfunction my_c2c_after_duplicate_widget( $instance, $args ) {\n    echo '\u003C\u002Fdiv>;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_before_duplicate_widget_form (action)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_before_duplicate_widget_form’ hook allows you to output text, or perform some sort of action, just before the output of the duplicate widget’s configuration form (in the WP admin).\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$instance (array) : The settings for the widget instance (namely: title and widget_to_duplicate)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Display a message just before the duplicate widget settings form\nadd_action( 'c2c_before_duplicate_widget_form', 'my_c2c_before_duplicate_widget_form' );\nfunction my_c2c_before_duplicate_widget_form( $instance ) {\n    echo '\u003Cp>Note: this is a note above the widget settings form.\u003C\u002Fp>';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>c2c_after_duplicate_widget_form (action)\u003C\u002Fh4>\n\u003Cp>The ‘c2c_after_duplicate_widget_form’ hook allows you to output text, or perform some sort of action, just after the output of the duplicate widget’s configuration form (in the WP admin).\u003C\u002Fp>\n\u003Cp>Arguments:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$instance (array) : The settings for the widget instance (namely: title and widget_to_duplicate)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Display a message just after the duplicate widget settings form\nadd_action( 'c2c_after_duplicate_widget_form', 'my_c2c_after_duplicate_widget_form' );\nfunction my_c2c_after_duplicate_widget_form( $instance ) {\n    echo '\u003Cp>Note: this is a note below the widget settings form.\u003C\u002Fp>';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A widget that can act as a duplicate of another widget (for synchronized use in another sidebar)",1000,27952,86,"2017-11-28T19:51:00.000Z","3.4.2","3.1",[130,131,22,23,92],"coffee2code","duplicate","http:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fduplicate-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-widget.1.0.2.zip",{"attackSurface":135,"codeSignals":156,"taintFlows":218,"riskAssessment":256,"analyzedAt":271},{"hooks":136,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":28,"unprotectedCount":28},[137,143,148],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","widgets_init","anonymous","wgt\\qte.php",53,{"type":138,"name":144,"callback":145,"file":146,"line":147},"admin_notices","xmq_itl_wrn","xmq.php",34,{"type":138,"name":149,"callback":150,"file":146,"line":151},"admin_menu","xmq_admin_menu",61,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":161,"outputEscaping":163,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":217},[158],{"fn":159,"file":141,"line":142,"context":160},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"xmq_wgt_qte\");'));",{"prepared":28,"raw":28,"locations":162},[],{"escaped":14,"rawEcho":164,"locations":165},27,[166,170,172,174,175,176,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,216],{"file":167,"line":168,"context":169},"adm\\cfg.php",26,"raw output",{"file":167,"line":171,"context":169},57,{"file":167,"line":173,"context":169},65,{"file":167,"line":36,"context":169},{"file":167,"line":125,"context":169},{"file":167,"line":60,"context":169},{"file":167,"line":178,"context":169},99,{"file":167,"line":180,"context":169},109,{"file":167,"line":182,"context":169},112,{"file":167,"line":184,"context":169},117,{"file":167,"line":186,"context":169},121,{"file":167,"line":188,"context":169},127,{"file":167,"line":190,"context":169},129,{"file":167,"line":192,"context":169},130,{"file":167,"line":194,"context":169},132,{"file":167,"line":196,"context":169},133,{"file":167,"line":198,"context":169},137,{"file":167,"line":200,"context":169},140,{"file":141,"line":202,"context":169},19,{"file":141,"line":204,"context":169},21,{"file":141,"line":206,"context":169},23,{"file":141,"line":208,"context":169},24,{"file":141,"line":210,"context":169},30,{"file":141,"line":212,"context":169},45,{"file":141,"line":214,"context":169},46,{"file":141,"line":214,"context":169},{"file":141,"line":214,"context":169},[],[219,245],{"entryPoint":220,"graph":221,"unsanitizedCount":243,"severity":244},"xmq_cfg (adm\\cfg.php:5)",{"nodes":222,"edges":239},[223,228,233,237],{"id":224,"type":225,"label":226,"file":167,"line":227},"n0","source","$_POST['chk_xmq_qte_atv']",16,{"id":229,"type":230,"label":231,"file":167,"line":227,"wp_function":232},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":234,"type":225,"label":235,"file":167,"line":236},"n2","$_POST",13,{"id":238,"type":230,"label":231,"file":167,"line":208,"wp_function":232},"n3",[240,242],{"from":224,"to":229,"sanitized":241},false,{"from":234,"to":238,"sanitized":241},2,"low",{"entryPoint":246,"graph":247,"unsanitizedCount":243,"severity":244},"\u003Ccfg> (adm\\cfg.php:0)",{"nodes":248,"edges":253},[249,250,251,252],{"id":224,"type":225,"label":226,"file":167,"line":227},{"id":229,"type":230,"label":231,"file":167,"line":227,"wp_function":232},{"id":234,"type":225,"label":235,"file":167,"line":236},{"id":238,"type":230,"label":231,"file":167,"line":208,"wp_function":232},[254,255],{"from":224,"to":229,"sanitized":241},{"from":234,"to":238,"sanitized":241},{"summary":257,"deductions":258},"The \"xhanch-my-quote\" v1.5.0 plugin exhibits a mixed security posture.  On the positive side, it has no recorded CVEs, demonstrating a history of security, and its SQL queries are exclusively parameterized, mitigating SQL injection risks.  Furthermore, the plugin has a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces the opportunities for attackers to interact with the plugin's code. However, the static analysis reveals significant concerns. The presence of the `create_function` function, a deprecated and inherently risky PHP construct, is a major red flag.  More critically, taint analysis indicates two flows with unsanitized paths, meaning user-supplied data is not being properly cleaned before being used in potentially sensitive operations, despite the absence of direct SQL vulnerabilities from these flows.  The extremely low percentage of properly escaped output (4%) is also a substantial weakness, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities where user input could be injected into the page's output. The lack of nonce and capability checks, while perhaps a consequence of its minimal attack surface, means that even if an entry point were discovered, there's no built-in protection against unauthorized actions or cross-site request forgery.",[259,262,264,267,269],{"reason":260,"points":261},"Use of dangerous function (create_function)",15,{"reason":263,"points":11},"Taint analysis: Unsantized paths found",{"reason":265,"points":266},"Low percentage of properly escaped output",8,{"reason":268,"points":73},"Missing nonce checks",{"reason":270,"points":73},"Missing capability checks","2026-03-16T23:53:09.028Z",{"wat":273,"direct":283},{"assetPaths":274,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[275,276,277],"\u002Fwp-content\u002Fplugins\u002Fxhanch-my-quote\u002Fimg\u002Fico.jpg","\u002Fwp-content\u002Fplugins\u002Fxhanch-my-quote\u002Fjs\u002Fxmq.js","\u002Fwp-content\u002Fplugins\u002Fxhanch-my-quote\u002Fcss\u002Fxmq.css",[],[276],[281,282],"xhanch-my-quote\u002Fjs\u002Fxmq.js?ver=","xhanch-my-quote\u002Fcss\u002Fxmq.css?ver=",{"cssClasses":284,"htmlComments":286,"htmlAttributes":287,"restEndpoints":288,"jsGlobals":289,"shortcodeOutput":290},[285],"xmq-itl-wrn",[],[],[],[],[]]