[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWViaCK7jk6WUB8u00Ztg0iMTLYR8WxPfXv5PhnOgFRU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":93,"fingerprints":180},"acf-pro-show-fields-shortcode","ACF Pro show fields shortcode","1.1","Maksym Marko","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkomaksym\u002F","\u003Cp>\n    If you use ACF Pro, you can display some fields on your pages with shortcode.\u003Cbr \u002F>\n    There is a shortcode [mxasts_acfp_show_field debug=”true” get_field=”card” show_all_fields=”true”].\n\u003C\u002Fp>\n\u003Cp>\n    Attributes:\u003Cbr \u002F>\n    debug=”true” – enable debugging mode;\u003Cbr \u002F>\n    get_field=”card” – show field “card” (“card” is just example)\u003Cbr \u002F>\n    show_all_fields=”true” – show all existing fields on current page or post\u003C\u002Fp>\n","If you use ACF Pro, you can display some fields on your pages with shortcode. e.g. [mxasts_acfp_show_field debug=\"true\" get_field=\"card &hellip;",10,1562,0,"","6.3.8","4.9",[18,19,20,21],"acf-pro","display-fields","get-fields","show-fields","https:\u002F\u002Fgithub.com\u002FMaxim-us\u002Facf-pro-show-fields-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-pro-show-fields-shortcode.1.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"markomaksym",11,1110,86,881,69,"2026-04-05T05:05:17.288Z",[37,61,77],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":24,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":60},"acf-clone-repeater","ACF Clone Repeater","1.0.4","Suman Ali","https:\u002F\u002Fprofiles.wordpress.org\u002Fsumanengbd\u002F","\u003Cp>ACF Pro 5.9 comes with a duplicate row feature on its own.\u003Cbr \u002F>\nACF Clone Repeater and Layout Fields in ACF Pro.\u003C\u002Fp>\n\u003Cp>Supports all ACF Native fields.\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>Please head over to the source code \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsumanengbd\u002Facf-clone-repeater\" rel=\"nofollow ugc\">on Github\u003C\u002Fa>.\u003C\u002Fp>\n","ACF Pro 5.9 comes with a duplicate row feature on its own.",1000,10236,1,"2023-02-09T09:59:00.000Z","6.0.11","5.0","7.4",[53,18,54,55,56],"acf","clone","duplicate","repeater","https:\u002F\u002Fgithub.com\u002Fsumanengbd\u002Facf-clone-repeater","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-clone-repeater.1.0.4.zip",85,"2026-03-15T15:16:48.613Z",{"slug":62,"name":63,"version":40,"author":64,"author_profile":65,"description":66,"short_description":63,"active_installs":24,"downloaded":67,"rating":24,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":14,"tags":72,"homepage":14,"download_link":76,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":60},"acf-yith-woocommerce-compare-support","Advanced Custom Fields YITH WooCommerce Compare support","olezhyk5","https:\u002F\u002Fprofiles.wordpress.org\u002Folezhyk5\u002F","\u003Cp>This plugin allows adding Advanced custom fields to the YITH Woocommerce compare table. Almost all field types are supported.\u003Cbr \u002F>\nYou can use radio, button, select, checkbox, date picker, date time picker, number, time picker, email, text, textarea, range, wysiwyg, link, page link and taxonomy fields.\u003C\u002Fp>\n",4203,2,"2020-12-10T16:14:00.000Z","5.6.17","4.0",[53,73,74,75],"acf-product-compare","advanced-custom-fields","yith-woocommerce-compare","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-yith-woocommerce-compare-support.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":14,"tags":89,"homepage":91,"download_link":92,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":60},"wp-typography-disable-acf-integration","wp-Typography Disable ACF Integration","1.0.1","sarukuku","https:\u002F\u002Fprofiles.wordpress.org\u002Fsarukuku\u002F","\u003Cp>Disables wp-Typographys (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-typography\u002F) built-in Advanced Custom Fields (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-custom-fields\u002F) integration.\u003C\u002Fp>\n\u003Ch3>wp-Typography Compatibility\u003C\u002Fh3>\n\u003Cp>This plugin is compatible with wp-Typography version 3.6.0 and later.\u003C\u002Fp>\n\u003Ch3>Do I need this plugin?\u003C\u002Fh3>\n\u003Cp>If you’re using ACF and wp-Typography and want to disable the automatic integration between them this plugin does it. If you’re not using ACF or wp-Typography this plugin is useless.\u003C\u002Fp>\n","Disables wp-Typography ACF Integration.",1292,"2017-01-08T16:09:00.000Z","4.8.28","4.7",[53,18,90],"wp-typography","https:\u002F\u002Fgithub.com\u002Fsarukuku\u002Fwp-typography-disable-acf","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-typography-disable-acf-integration.1.0.1.zip",{"attackSurface":94,"codeSignals":129,"taintFlows":166,"riskAssessment":167,"analyzedAt":179},{"hooks":95,"ajaxHandlers":120,"restRoutes":121,"shortcodes":122,"cronEvents":128,"entryPointCount":47,"unprotectedCount":13},[96,102,107,110,115],{"type":97,"name":98,"callback":99,"file":100,"line":101},"action","plugins_loaded","mxasts_translate","acf-pro-show-fields-shortcode.php",116,{"type":97,"name":103,"callback":104,"file":105,"line":106},"admin_notices","closure","includes\\core\\error_handle\\Display-Error.php",27,{"type":97,"name":103,"callback":104,"file":108,"line":109},"includes\\core\\error_handle\\Display_Error.php",26,{"type":97,"name":111,"callback":112,"file":113,"line":114},"admin_menu","anonymous","includes\\core\\Route-Registrar.php",165,{"type":97,"name":116,"callback":117,"file":118,"line":119},"wp_enqueue_scripts","mxasts_enqueue","includes\\frontend\\classes\\enqueue-scripts.php",24,[],[],[123],{"tag":124,"callback":125,"file":126,"line":127},"mxasts_acfp_show_field","mxasts_acfp_show_field_function","includes\\frontend\\classes\\shortcode.php",23,[],{"dangerousFunctions":130,"sqlUsage":131,"outputEscaping":143,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":165},[],{"prepared":13,"raw":132,"locations":133},3,[134,138,141],{"file":135,"line":136,"context":137},"includes\\core\\Model.php",50,"$wpdb->get_row() with variable interpolation",{"file":135,"line":139,"context":140},72,"$wpdb->get_results() with variable interpolation",{"file":135,"line":142,"context":140},76,{"escaped":13,"rawEcho":144,"locations":145},8,[146,150,152,154,157,159,161,163],{"file":147,"line":148,"context":149},"includes\\core\\Controller.php",17,"raw output",{"file":105,"line":151,"context":149},31,{"file":108,"line":153,"context":149},30,{"file":155,"line":156,"context":149},"includes\\core\\View.php",35,{"file":126,"line":158,"context":149},98,{"file":126,"line":160,"context":149},105,{"file":126,"line":162,"context":149},117,{"file":126,"line":164,"context":149},133,[],[],{"summary":168,"deductions":169},"The plugin \"acf-pro-show-fields-shortcode\" v1.1 presents a mixed security posture.  On the positive side, it has a very small attack surface with only one entry point, a shortcode, and no identified AJAX handlers, REST API routes, or cron events that are exposed without authentication.  Furthermore, there are no known CVEs associated with this plugin, and the static analysis did not reveal any critical or high severity taint flows.  This suggests a generally well-contained and unexploited plugin.\n\nHowever, significant concerns arise from the static code analysis. The plugin exhibits a complete lack of output escaping, meaning any data displayed through the shortcode could be vulnerable to cross-site scripting (XSS) attacks if the data originates from an untrusted source. Additionally, all three SQL queries are executed without prepared statements, introducing a risk of SQL injection vulnerabilities. The absence of nonce checks and capability checks further weakens its security, as there are no built-in protections against unauthorized actions or privilege escalation through its functionalities. The vulnerability history being clean is positive, but it doesn't mitigate the immediate risks identified in the code.\n\nIn conclusion, while the plugin has a limited attack surface and no known historical vulnerabilities, the findings of unescaped output and raw SQL queries present tangible security risks that require immediate attention. The absence of any authorization checks on its single entry point amplifies these concerns.  Addressing these specific code-level vulnerabilities is crucial to improving the plugin's overall security.",[170,172,174,177],{"reason":171,"points":11},"All SQL queries use raw execution",{"reason":173,"points":144},"No output escaping found",{"reason":175,"points":176},"No nonce checks found",5,{"reason":178,"points":176},"No capability checks found","2026-03-16T23:11:23.492Z",{"wat":181,"direct":191},{"assetPaths":182,"generatorPatterns":186,"scriptPaths":187,"versionParams":188},[183,184,185],"\u002Fwp-content\u002Fplugins\u002Facf-pro-show-fields-shortcode\u002Fassets\u002Ffont-awesome-4.6.3\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Facf-pro-show-fields-shortcode\u002Fincludes\u002Ffrontend\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Facf-pro-show-fields-shortcode\u002Fincludes\u002Ffrontend\u002Fassets\u002Fjs\u002Fscript.js",[],[185],[189,190],"acf-pro-show-fields-shortcode\u002Fincludes\u002Ffrontend\u002Fassets\u002Fcss\u002Fstyle.css?ver=","acf-pro-show-fields-shortcode\u002Fincludes\u002Ffrontend\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":192,"htmlComments":193,"htmlAttributes":194,"restEndpoints":195,"jsGlobals":196,"shortcodeOutput":197},[],[],[],[],[],[198,199,200,201,202,203,204],"\u003Cpre>Debugging mode\u003Cbr>var_dump('debug = '","var_dump('get_field = '","get_field value = ","get_fields = ","\u003Cul>\u003Cli>","\u003Cul>","\u003Cli>"]