[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fV7Nl4j2DLpJmdXspraQ2gsH0LwQZvp8SsMgTyfZx8tM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":129,"fingerprints":315},"acf-starrating","ACF: Star Rating Field","1.0.2","lienann","https:\u002F\u002Fprofiles.wordpress.org\u002Flienann\u002F","\u003Cp>Add the possibility to use rating field in ACF.\u003C\u002Fp>\n\u003Cp>Plug-in provide three calculation method for voting:\u003C\u002Fp>\n\u003Col>\n\u003Cli>calculate by cookies (any visitor);\u003C\u002Fli>\n\u003Cli>by IP (any visitor);\u003C\u002Fli>\n\u003Cli>by user id (registered users only).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If “calculated by cookies” is selected, the only users which use browser with\u003Cbr \u002F>\ncookies enabled will be able to vote\u003C\u002Fp>\n\u003Cp>In field settings you can also:\u003C\u002Fp>\n\u003Col>\n\u003Cli>open|close vote;\u003C\u002Fli>\n\u003Cli>tune the number of stars (1 to 20);\u003C\u002Fli>\n\u003Cli>specify the method of re-voting – possible(period)|never\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Use the_field($field_key, $post_id) or get_field($field_key, $post_id) function\u003Cbr \u002F>\nin page template for field output (see ACF documentation).\u003C\u002Fp>\n\u003Cp>In admin panel the rating is inactive.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Attention!\u003C\u002Fstrong> Before removing the plugin files read uninstall.php\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages:\u003C\u002Fstrong> English, Français, Русский\u003C\u002Fp>\n\u003Cp>I apologize for possible mistakes in plugin translation.\u003Cbr \u002F>\nI will be glad to accept the help with the correct translation of a plugin into\u003Cbr \u002F>\nEnglish and to correction of my mistakes.\u003C\u002Fp>\n\u003Ch4>Gratitudes:\u003C\u002Fh4>\n\u003Cp>Thanks to Ivan Shamshur for JS.\u003C\u002Fp>\n\u003Cp>French Translation – thanks to Nicolas Kern.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with: ACF 4\u003C\u002Fp>\n\u003Cp>For developers: https:\u002F\u002Fgithub.com\u002Flienann\u002Facf-starrating\u003C\u002Fp>\n","\"Star rating\" field. Add-on to Advanced Custom Fields plugin.",300,8707,88,8,"2015-03-22T08:45:00.000Z","4.1.42","3.5","",[20,21,22,23,24],"acf","acf4","advanced-custom-fields","rate","star-rating","https:\u002F\u002Fgithub.com\u002Flienann\u002Facf-starrating","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-starrating.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-05T09:09:44.914Z",[38,58,77,93,108],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":56,"download_link":57,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"advanced-custom-fields-nav-menu-field","Advanced Custom Fields: Nav Menu Field","2.0.0","Faison","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaison\u002F","\u003Cp>Add \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FNavigation_Menus\" rel=\"nofollow ugc\">Navigation Menus\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadvanced-custom-fields\u002F\" rel=\"ugc\">Advanced Custom Fields\u003C\u002Fa> (ACF) with the Nav Menu Field plugin! This plugin adds the Nav Menu Field type to ACF (version 5 & 4), allowing you to select from the menus you create in the WordPress Admin backend to use on your website’s frontend.\u003C\u002Fp>\n\u003Cp>Using ACF, you can set the Nav Menu Field to return the selected menu’s:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ID for lightweight coding,\u003C\u002Fli>\n\u003Cli>Object for more involved programming, or\u003C\u002Fli>\n\u003Cli>HTML (generated from \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_nav_menu\" rel=\"nofollow ugc\">wp_nav_menu\u003C\u002Fa>) for quickly displaying a menu.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>I created this plugin because I needed to display a secondary menu that changed depending on what page you’re on. Most of those pages were children of the same page, but then I had to throw a couple of Custom Post Types in there too. Because of the Custom Post Types, I couldn’t just grab the top most parent for the current page and use \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_list_pages\" rel=\"nofollow ugc\">wp_list_pages\u003C\u002Fa>. So I did some research and decided to extend the functionality of my favourite plugin, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadvanced-custom-fields\u002F\" rel=\"ugc\">Advanced Custom Fields\u003C\u002Fa>. Now when I create a new Page or Custom Post, I just select the menu from a drop down menu!\u003C\u002Fp>\n\u003Cp>Feel free to try this add-on on your dev site, ask questions on the support link above, and please review this add-on. By leaving a rating and review, you help this plugin become even better!\u003C\u002Fp>\n\u003Ch4>Advanced Custom Fields Compatibility\u003C\u002Fh4>\n\u003Cp>This add-on will work with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>version 5\u003C\u002Fli>\n\u003Cli>version 4\u003C\u002Fli>\n\u003C\u002Ful>\n","Add-On plugin for Advanced Custom Fields (ACF) that adds a 'Nav Menu' Field type.",9000,133924,100,33,"2017-11-28T12:59:00.000Z","4.0.38","3.4",[20,21,54,22,55],"acf5","custom-fields","http:\u002F\u002Ffaisonz.com\u002Fwordpress-plugins\u002Fadvanced-custom-fields-nav-menu-field\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-nav-menu-field.2.0.0.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":48,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":75,"download_link":76,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"advanced-custom-fields-limiter-field","Advanced Custom Fields: Limiter Field","1.1.1","Atomicsmash","https:\u002F\u002Fprofiles.wordpress.org\u002Fatomicsmash\u002F","\u003Cp>\u003Cstrong>Works with ACF v4 and v5\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin provides an Advanced Custom Field textarea that limits the number of characters a user can add. The limit is cleanly represented by a jQuery Ui progress bar. You can define the number of characters on a per field basis.\u003C\u002Fp>\n\u003Cp>This has been tested in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ACF – Repeater fields\u003C\u002Fli>\n\u003Cli>ACF – Flexible content fields\u003C\u002Fli>\n\u003Cli>ACF – Option pages\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin provides a textarea that limits the number of characters a user can add. The limit is cleanly represented by a jQuery UI progress bar.",1000,15423,3,"2014-08-20T21:40:00.000Z","3.5.2","3.0.1",[20,73,21,22,74],"acf3","limiter","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadvanced-custom-fields-limiter-field\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-limiter-field.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":48,"downloaded":85,"rating":86,"num_ratings":33,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":91,"download_link":92,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"advanced-custom-fields-markdown","Advanced Custom Fields: Markdown Field","1.1.4","jensnilsson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjensnilsson\u002F","\u003Cp>Adds a markdown-field, which is really just a textarea with some extra tools and features that makes writing markdown more visually appealing. Themes for the editor, the preview-mode and for syntax-highlighting is included and configurable in the field-group settings.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>ACF 5\u003C\u002Fli>\n\u003Cli>ACF 4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>GitHub\u003C\u002Fh3>\n\u003Cp>If you want the latest development version of this plugin it is available over at my \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjensjns\u002Facf-markdown-field\u002F\" rel=\"nofollow ugc\">github repository\u003C\u002Fa>. The github repository will always have the latest code and may occasionally be broken and not work at all.\u003C\u002Fp>\n","Adds a markdown-field.",5900,60,"2016-10-09T08:06:00.000Z","4.6.30","4.0",[20,21,54,22,55],"https:\u002F\u002Fgithub.com\u002Fjensjns\u002Facf-markdown-field","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-markdown.zip",{"slug":94,"name":95,"version":96,"author":81,"author_profile":82,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":104,"homepage":106,"download_link":107,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"advanced-custom-fields-leaflet-field","Advanced Custom Fields: Leaflet Field","1.2.1","\u003Cp>This plugin adds a \u003Ca href=\"http:\u002F\u002Fleafletjs.com\" rel=\"nofollow ugc\">Leaflet\u003C\u002Fa> map field to the \u003Ca href=\"http:\u002F\u002Fwww.advancedcustomfields.com\u002F\" rel=\"nofollow ugc\">Advanced Custom Fields\u003C\u002Fa> plugin. Use it to display maps with markers, lines and shapes along with your posts and pages.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add multiple markers with popups to the map.\u003C\u002Fli>\n\u003Cli>Draw polylines, polygons and rectangles.\u003C\u002Fli>\n\u003Cli>The field stores both your zoom-level and viewport location.\u003C\u002Fli>\n\u003Cli>Function to render the map in your theme is included in the plugin: \u003Ccode>\u003C?php the_leaflet_field( 'my_leaflet_field' ); ?>\u003C\u002Fcode>, just plug and play!\u003C\u002Fli>\n\u003Cli>Supports ACF4 and ACF5 (Pro)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Instructions\u003C\u002Fh3>\n\u003Cp>A rendering function is provided in the plugin. If you want to use it all you have to do is use \u003Ccode>the_leaflet_field( 'my_leaflet_field' );\u003C\u002Fcode> where you want to render the map.\u003C\u002Fp>\n\u003Ch3>To do\u003C\u002Fh3>\n\u003Cp>Things I plan to add to the plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Adding images to popups.\u003C\u002Fli>\n\u003Cli>Provide a tool for importing GeoJSON-structured data into the field.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>GitHub\u003C\u002Fh3>\n\u003Cp>If you want the latest development version of this plugin it is available over at my \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjensjns\u002Facf-leaflet-field\u002F\" rel=\"nofollow ugc\">github repository\u003C\u002Fa>. The github repository will always have the latest code and may occasionally be broken and not work at all.\u003C\u002Fp>\n","Addon for Advanced Custom Fields that adds a Leaflet field to the available field types.",80,7676,62,7,"2014-11-04T16:39:00.000Z",[20,21,105,22,55],"admin","https:\u002F\u002Fgithub.com\u002Fjensjns\u002Facf-leaflet-field","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-leaflet-field.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":35,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":48,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"acf-content-analysis-for-yoast-seo","ACF Content Analysis for Yoast SEO","3.2","Yoast","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoast\u002F","\u003Cp>This plugin ensures that Yoast SEO analyzes all ACF content including Flexible Content and Repeaters.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002F\" rel=\"nofollow ugc\">Yoast SEO for WordPress\u003C\u002Fa> content and SEO analysis does not take in to account the content of a post’s \u003Ca href=\"http:\u002F\u002Fwww.advancedcustomfields.com\u002F\" rel=\"nofollow ugc\">Advanced Custom Fields\u003C\u002Fa>. This plugin uses the plugin system of Yoast SEO for WordPress to hook into the analyser in order to add ACF content to the SEO analysis.\u003C\u002Fp>\n\u003Cp>This had previously been done by the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-seo-acf-content-analysis\u002F\" rel=\"ugc\">WordPress SEO ACF Content Analysis\u003C\u002Fa> plugin but that no longer works with Yoast 3.0. Kudos to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fryuheixys\u002F\" rel=\"nofollow ugc\">ryuheixys\u003C\u002Fa>, the author of that plugin, for the original idea.\u003C\u002Fp>\n\u003Cp>This Plugin is compatible with the free ACF 4 Version as well as with the PRO Version 5. Please be aware that it ignores Pro Add-Ons for Version 4. In that case please upgrade to ACF PRO Version 5.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>If you have issues, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYoast\u002Fyoast-acf-analysis\u002Fissues\" rel=\"nofollow ugc\">submit them on GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Previously called Yoast ACF Analysis.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Ch4>Remove specific field from scoring\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\blacklist_name', function ( $blacklist_name ) {\n    $blacklist_name->add( 'my-field-name' );\n    return $blacklist_name;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Remove field type from scoring\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\blacklist_type', function ( $blacklist_type ) {\n    \u002F\u002F text, image etc\n    $blacklist_type->add( 'text' );\n    $blacklist_type->add( 'image' );\n    return $blacklist_type;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Define custom field a specific heading value\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\headlines', function ( $headlines ) {\n    \u002F\u002F value from 1-6, 1=h1, 6=h6\n    $headlines['field_591eb45f2be86'] = 3;\n    return $headlines;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Change refresh rate\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\refresh_rate', function () {\n    \u002F\u002F Refresh rates in milliseconds\n    return 1000;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n","WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.",100000,2538123,34,"2025-12-01T18:33:00.000Z","6.9.4","6.6","7.2.5",[20,22,124,125,126],"analysis","seo","yoast","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-content-analysis-for-yoast-seo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-content-analysis-for-yoast-seo.3.2.zip",{"attackSurface":130,"codeSignals":179,"taintFlows":211,"riskAssessment":303,"analyzedAt":314},{"hooks":131,"ajaxHandlers":165,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":178,"unprotectedCount":28},[132,138,142,145,149,153,157,160],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","acf\u002Fregister_fields","acf_srf_register_fields","acf-starrating.php",57,{"type":133,"name":139,"callback":140,"file":136,"line":141},"wp_enqueue_scripts","acf_srf_method",145,{"type":133,"name":143,"callback":140,"file":136,"line":144},"admin_enqueue_scripts",146,{"type":133,"name":146,"callback":147,"file":136,"line":148},"init","acf_srf_init",156,{"type":133,"name":150,"callback":151,"file":136,"line":152},"delete_user","acf_srf_delete_userlog",167,{"type":133,"name":154,"callback":155,"file":136,"line":156},"delete_post","acf_srf_delete_postlog",174,{"type":133,"name":158,"callback":155,"file":136,"line":159},"delete_attachment",175,{"type":133,"name":161,"callback":162,"priority":163,"file":136,"line":164},"delete_term","acf_srf_delete_termlog",10,182,[166,173],{"action":167,"nopriv":168,"callback":169,"hasNonce":170,"hasCapCheck":168,"file":171,"line":172},"acf_srf",false,"acf_srf_callback",true,"functions.php",98,{"action":167,"nopriv":170,"callback":169,"hasNonce":170,"hasCapCheck":168,"file":171,"line":174},99,[],[],[],2,{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":190,"fileOperations":28,"externalRequests":28,"nonceChecks":33,"capabilityChecks":28,"bundledLibraries":210},[],{"prepared":182,"raw":178,"locations":183},22,[184,187],{"file":136,"line":185,"context":186},90,"$wpdb->get_var() with variable interpolation",{"file":188,"line":189,"context":186},"uninstall.php",79,{"escaped":33,"rawEcho":14,"locations":191},[192,196,198,200,202,204,206,208],{"file":193,"line":194,"context":195},"acf-starrating-v4.php",72,"raw output",{"file":193,"line":197,"context":195},91,{"file":193,"line":199,"context":195},116,{"file":193,"line":201,"context":195},144,{"file":193,"line":203,"context":195},195,{"file":171,"line":205,"context":195},37,{"file":171,"line":207,"context":195},56,{"file":171,"line":209,"context":195},94,[],[212,248,265],{"entryPoint":213,"graph":214,"unsanitizedCount":178,"severity":247},"acf_srf_callback (functions.php:9)",{"nodes":215,"edges":242},[216,221,225,231,234,237],{"id":217,"type":218,"label":219,"file":171,"line":220},"n0","source","$_REQUEST",61,{"id":222,"type":223,"label":224,"file":171,"line":220},"n1","transform","→ check_existence_object()",{"id":226,"type":227,"label":228,"file":171,"line":229,"wp_function":230},"n2","sink","get_var() [SQLi]",385,"get_var",{"id":232,"type":218,"label":219,"file":171,"line":233},"n3",64,{"id":235,"type":223,"label":236,"file":171,"line":233},"n4","→ acf_srf_check_permission()",{"id":238,"type":227,"label":239,"file":171,"line":240,"wp_function":241},"n5","get_row() [SQLi]",313,"get_row",[243,244,245,246],{"from":217,"to":222,"sanitized":168},{"from":222,"to":226,"sanitized":168},{"from":232,"to":235,"sanitized":168},{"from":235,"to":238,"sanitized":168},"high",{"entryPoint":249,"graph":250,"unsanitizedCount":178,"severity":247},"acf_srf_check_permission (functions.php:228)",{"nodes":251,"edges":262},[252,255,257,260],{"id":217,"type":218,"label":253,"file":171,"line":254},"$_COOKIE",269,{"id":222,"type":227,"label":239,"file":171,"line":256,"wp_function":241},271,{"id":226,"type":218,"label":258,"file":171,"line":259},"$_SERVER",292,{"id":232,"type":227,"label":239,"file":171,"line":261,"wp_function":241},294,[263,264],{"from":217,"to":222,"sanitized":168},{"from":226,"to":232,"sanitized":168},{"entryPoint":266,"graph":267,"unsanitizedCount":178,"severity":247},"\u003Cfunctions> (functions.php:0)",{"nodes":268,"edges":294},[269,270,271,272,273,275,276,279,282,284,286,288,290,292],{"id":217,"type":218,"label":253,"file":171,"line":254},{"id":222,"type":227,"label":239,"file":171,"line":256,"wp_function":241},{"id":226,"type":218,"label":258,"file":171,"line":259},{"id":232,"type":227,"label":239,"file":171,"line":261,"wp_function":241},{"id":235,"type":218,"label":219,"file":171,"line":274},46,{"id":238,"type":227,"label":239,"file":171,"line":240,"wp_function":241},{"id":277,"type":218,"label":278,"file":171,"line":274},"n6","$_REQUEST (x5)",{"id":280,"type":227,"label":228,"file":171,"line":281,"wp_function":230},"n7",360,{"id":283,"type":218,"label":219,"file":171,"line":220},"n8",{"id":285,"type":223,"label":224,"file":171,"line":220},"n9",{"id":287,"type":227,"label":228,"file":171,"line":229,"wp_function":230},"n10",{"id":289,"type":218,"label":219,"file":171,"line":233},"n11",{"id":291,"type":223,"label":236,"file":171,"line":233},"n12",{"id":293,"type":227,"label":239,"file":171,"line":240,"wp_function":241},"n13",[295,296,297,298,299,300,301,302],{"from":217,"to":222,"sanitized":170},{"from":226,"to":232,"sanitized":170},{"from":235,"to":238,"sanitized":170},{"from":277,"to":280,"sanitized":170},{"from":283,"to":285,"sanitized":168},{"from":285,"to":287,"sanitized":168},{"from":289,"to":291,"sanitized":168},{"from":291,"to":293,"sanitized":168},{"summary":304,"deductions":305},"The acf-starrating plugin version 1.0.2 presents a mixed security posture. On the positive side, it boasts a small attack surface with only two AJAX handlers, and crucially, none of these entry points are unprotected by authentication checks. Furthermore, the plugin demonstrates a strong commitment to data integrity by utilizing prepared statements for 92% of its SQL queries, and there's a single nonce check present, indicating some awareness of cross-site request forgery prevention. The complete absence of known CVEs and a clean vulnerability history are also significant strengths.\n\nHowever, there are notable areas of concern. The taint analysis reveals three flows with unsanitized paths, all flagged as high severity. This suggests that user-supplied data might be making its way into sensitive operations without adequate sanitization, posing a potential risk. Compounding this, the plugin exhibits very poor output escaping practices, with only 11% of outputs being properly escaped. This significantly increases the likelihood of cross-site scripting (XSS) vulnerabilities, especially when combined with the unsanitized data flows.\n\nIn conclusion, while the plugin has strengths in its limited attack surface, lack of critical CVEs, and use of prepared statements, the high-severity unsanitized taint flows and extremely low rate of output escaping represent significant security weaknesses. These issues could be exploited to achieve arbitrary code execution or inject malicious scripts, despite the existing authentication and nonce checks. Mitigation of these output escaping and data sanitization issues should be a priority.",[306,309,311],{"reason":307,"points":308},"High severity unsanitized taint flows",12,{"reason":310,"points":102},"Low output escaping rate",{"reason":312,"points":313},"No capability checks on entry points",5,"2026-03-16T20:05:56.481Z",{"wat":316,"direct":325},{"assetPaths":317,"generatorPatterns":320,"scriptPaths":321,"versionParams":322},[318,319],"\u002Fwp-content\u002Fplugins\u002Facf-starrating\u002Fcss\u002Fjquery.rating.css","\u002Fwp-content\u002Fplugins\u002Facf-starrating\u002Fjs\u002Fjquery.rating.js",[],[319],[323,324],"acf-starrating\u002Fcss\u002Fjquery.rating.css?ver=","acf-starrating\u002Fjs\u002Fjquery.rating.js?ver=",{"cssClasses":326,"htmlComments":330,"htmlAttributes":331,"restEndpoints":335,"jsGlobals":337,"shortcodeOutput":340},[327,328,329],"acf-srf-rating","acf-srf-star","acf-srf-stars-wrapper",[],[332,333,334],"data-field_key","data-post_id","data-vote_id",[336],"\u002Fwp-json\u002Facf-starrating\u002Fv1\u002Fsettings",[338,339],"srfajax","objectL10n",[]]