[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqrj-qRlTClTOE9QtOekhR_CsvKuZtIgpbecz-V-Zl7k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":5,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":157,"fingerprints":222},"acf-yandex-maps-field","ACF: Yandex Maps Field","1.1","Unreal Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fromchyk16\u002F","\u003Cp>Allow use Yandex Map in Advanced Custom Fields, as standalone field or in REPEATER field\u003C\u002Fp>\n\u003Cp>It is possible to output a different type of format.\u003C\u002Fp>\n\u003Cp>This works for both ACF and ACF Pro, version 5 and 6.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with:\u003Cbr \u002F>\n* ACF 5\u003Cbr \u002F>\n* ACF 6\u003C\u002Fp>\n",800,2681,100,3,"2023-01-23T16:16:00.000Z","6.1.10","6.1.1","",[19,20,21,22,23],"advanced-custom-fields","fields","map","yandex","yandex-map","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-yandex-map-fields\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-yandex-maps-field.1.1.zip",63,1,"2025-06-05 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-30930","acf-yandex-maps-field-authenticated-administrator-stored-cross-site-scripting","ACF: Yandex Maps Field \u003C= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting","The ACF: Yandex Maps Field plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-06-11 19:38:29",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff8b8e13d-3270-4fb1-aee1-db2cf728ac55?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":10,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"romchyk16",2,74,30,76,"2026-04-04T11:12:21.003Z",[53,72,96,116,136],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":12,"num_ratings":47,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":66,"homepage":17,"download_link":69,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"simple-image-xml-sitemap","Simple Image XML Sitemap","3.5","Janine","https:\u002F\u002Fprofiles.wordpress.org\u002Fblapps\u002F","\u003Cp>The Simple Image XML Sitemap plugin will generate a XML sitemap for all your images uploaded within pages and posts (added as attachments).\u003C\u002Fp>\n\u003Cp>Therefore, the specific Image XML Sitemap will contain the URL to the post or page and URLs to all attached images and image meta data (caption and title).\u003C\u002Fp>\n\u003Cp>The plugin is written by Janine, and is based on Herbert van-Vliet’s image sitemap plugin.\u003C\u002Fp>\n","The Simple Image XML Sitemap plugin will generate a XML Sitemap for specifically for all images including images uploaded as Advanced Custom Fields (P &hellip;",1000,11546,"2024-07-28T13:06:00.000Z","6.6.5","4.0",[19,67,68],"google-image-sitemaps","xml-image-sitemap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-image-xml-sitemap.zip",92,0,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":94,"vuln_count":13,"unpatched_count":27,"last_vuln_date":95,"fetched_at":29},"maps-for-wp","Maps for WP","1.2.5","icopydoc","https:\u002F\u002Fprofiles.wordpress.org\u002Ficopydoc\u002F","\u003Cp>A handy plugin for inserting Yandex and Google maps using shortcode.\u003C\u002Fp>\n\u003Ch4>Adds Yandex or Google Map with one point\u003C\u002Fh4>\n\u003Cp>[MapOnePoint id=”” type=”” lon=”” lat=”” zoom=”” h=”” img=”” thover=”” tclick=””]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“id” (required) – unique id\u003C\u002Fli>\n\u003Cli>“type” (not required) – map layer (roadmap, satellite, hybrid, terrain)\u003C\u002Fli>\n\u003Cli>“lon” (required) – longitude of the center of the map\u003C\u002Fli>\n\u003Cli>“lat” (required) – latitude of the center of the map\u003C\u002Fli>\n\u003Cli>“mstyle” (not required) – style of maps (default, blackwhite, blackout, сolorinversion)\u003C\u002Fli>\n\u003Cli>“h” (not required) – Map height in pixels\u003C\u002Fli>\n\u003Cli>“img” (not required) – URL image markers\u003C\u002Fli>\n\u003Cli>“thover” (not required) – Text when pointing to a point\u003C\u002Fli>\n\u003Cli>“tclick” (not required) – Text when clicking on a point\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[MapOnePoint id=\"m1\" type=\"hybrid\" lon=\"55.75197479670444\" lat=\"37.617726067459024\" zoom=\"5\" h=\"200\" img=\"http:\u002F\u002Fsite.ru\u002F1.png\" thover=\"Text when pointing to a point\" tclick=\"Text when clicking on a poin. Some text\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Adds Yandex or Google map with many points\u003C\u002Fh4>\n\u003Cp>[MapManyPoints id=”” type=”” lat=”” lon=”” zoom=”” h=”” img=”” points=””]\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“id” (required) – unique id\u003C\u002Fli>\n\u003Cli>“type” (not required) – map layer (roadmap, satellite, hybrid, terrain)\u003C\u002Fli>\n\u003Cli>“lon” (required) – longitude of the center of the map\u003C\u002Fli>\n\u003Cli>“lat” (required) – latitude of the center of the map\u003C\u002Fli>\n\u003Cli>“mstyle” (not required) – style of maps (default, blackwhite, blackout, сolorinversion)\u003C\u002Fli>\n\u003Cli>“h” (not required) – Map height in pixels\u003C\u002Fli>\n\u003Cli>“img” (not required) – URL image markers\u003C\u002Fli>\n\u003Cli>“points” – [lat point 1],[lon point 1],[text on hover 1],[text on click 1];[lat point 2],[lon point 2],[text on hover 2],[text on click 2] and so on…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[[MapManyPoints id=\"m2\" type=\"roadmap\" lat=\"25\" lon=\"30\" zoom=\"2\" h=\"250\" points=\"25,-1,Text on hover this point, Text on click this point;-5,13,Text on hover this point, Text on click this point\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A handy plugin for inserting Yandex and Google maps using shortcode.",400,19394,80,4,"2025-02-17T20:31:00.000Z","6.7.5","4.5","7.4.0",[89,21,90,22,91],"google","maps","yandex-maps","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmaps-for-wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmaps-for-wp.1.2.5.zip",67,"2025-09-22 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":47,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":17,"download_link":114,"security_score":115,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"yamap-block-gutenberg","Yandex Maps for Gutenberg","1.0.1","Anton Lokotkov","https:\u002F\u002Fprofiles.wordpress.org\u002Fal5dy\u002F","\u003Cp>The plugin adds a simple Yandex Maps to your page. Do not forget to install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgutenberg\u002F\" title=\"Gutenberg\" rel=\"ugc\">Gutenberg plugin\u003C\u002Fa> (WordPress version 4.9.8 and below).\u003Cbr \u002F>\nIf you have WordPress version 5.0 and above, you don’t need to install anything. Enjoy 🙂\u003C\u002Fp>\n\u003Ch4>Main Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Yandex Map API\u003C\u002Fli>\n\u003Cli>Width\u002FHeight, Zoom, Latitude\u002FLongitude\u003C\u002Fli>\n\u003Cli>Custom Placemarks\u003C\u002Fli>\n\u003Cli>Well organized source code\u003C\u002Fli>\n\u003Cli>WP Hooks\u002FFilters\u003C\u002Fli>\n\u003Cli>Russian and English language support\u003C\u002Fli>\n\u003C\u002Ful>\n","The plugin adds a simple Yandex Maps to your page. Do not forget to install the Gutenberg plugin (WordPress version 4.9.8 and below).",300,4115,90,"2018-12-08T18:16:00.000Z","5.0.25","4.7","5.3",[112,113,21,22,23],"block","gutenberg","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyamap-block-gutenberg.zip",85,{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":12,"num_ratings":47,"last_updated":126,"tested_up_to":127,"requires_at_least":109,"requires_php":128,"tags":129,"homepage":134,"download_link":135,"security_score":115,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"acf-google-map-field-multiple-markers","ACF: Google Maps Field (Multiple Markers)","1.0.5","rajivlodhia","https:\u002F\u002Fprofiles.wordpress.org\u002Frajivlodhia\u002F","\u003Cp>A new field type for Advanced Custom Fields (ACF) that allows you to place multiple markers and choose multiple locations all on a single map field, resulting in a cleaner admin UI, better user experience for the CMS user and fewer Google Map API loads. The field will display the address for each map marker below the map so it’s even more manageable.\u003C\u002Fp>\n\u003Cp>This field type solves the problem of only being able to select one location with the standard ACF Google Map field.\u003Cbr \u002F>\nTo choose multiple locations, you’d normally be required to use a repeater field with a Google Map field in it. This can quickly become chaotic and difficult to keep track of\u002Fmanage.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with:\u003Cbr \u002F>\n* ACF 5\u003C\u002Fp>\n\u003Ch3>Usage Instructions\u003C\u002Fh3>\n\u003Cp>On the new Google Maps (Multiple Markers) field, you can:\u003Cbr \u002F>\n– LEFT CLICK on the map to place a new marker\u003Cbr \u002F>\n– RIGHT CLICK on a marker to remove it\u003Cbr \u002F>\n– CLICK AND DRAG a marker around on the map\u003Cbr \u002F>\n– SEARCH for a place or address in the search box\u003Cbr \u002F>\n– HOVER over an address in the address list below the map to see which pin it corresponds to\u003Cbr \u002F>\n– LEFT CLICK on the trash icon on a row in the address list to remove it’s corresponding marker.\u003C\u002Fp>\n\u003Ch3>Google Maps API\u003C\u002Fh3>\n\u003Cp>Your Google Maps API key will need the following APIs enabled:\u003Cbr \u002F>\n– Geocoding API\u003Cbr \u002F>\n– Places API\u003Cbr \u002F>\n– Maps JavaScript API\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This is a modified\u002Fenhanced version of the standard ACF Google Map plugin, so some of the Javascript code derives from the original field. Credit for the original of this ACF field goes to the developers of Advanced Custom Fields.\u003C\u002Fp>\n","An advanced Google Maps field for ACF that allows you to add multiple markers\u002Fpins to a single map field.",200,3623,"2022-06-08T20:17:00.000Z","6.0.11","5.6",[130,131,19,132,133],"acf","acf-addon","custom-fields","google-maps","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-google-map-field-multiple-markers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-google-map-field-multiple-markers.1.0.5.zip",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":12,"downloaded":144,"rating":12,"num_ratings":145,"last_updated":146,"tested_up_to":85,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":153,"download_link":154,"security_score":155,"vuln_count":47,"unpatched_count":71,"last_vuln_date":156,"fetched_at":29},"shmapper-by-teplitsa","ShMapper by Teplitsa","1.5.1","Denis Cherniatev","https:\u002F\u002Fprofiles.wordpress.org\u002Fdenischerniatev\u002F","\u003Cp>The shMapper plugin allows you to create simple crowdsourcing maps on OpenStreetMap with an option of feedback messages form. This plugin gives you an alternative to current online map services such as Yandex.Maps, Google Maps etc which don’t provide the option for users to add new objects.\u003C\u002Fp>\n\u003Cp>Most of the code written by Gennadiy Glazunov aka \u003Ca href=\"http:\u002F\u002Fgenagl.ru\" rel=\"nofollow ugc\">Genagl\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Core features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure and display maps with markers on pages.\u003C\u002Fli>\n\u003Cli>Display maps using shortcodes.\u003C\u002Fli>\n\u003Cli>Receive new map markers via feedback form.\u003C\u002Fli>\n\u003Cli>Pre or post-moderation of new markers.\u003C\u002Fli>\n\u003Cli>reCaptcha form protection.\u003C\u002Fli>\n\u003Cli>Custom markers icons.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PHP at least 5.6 is required for plugin to work correctly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Help the project\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We will be very grateful if you will help us to make ShMapper better.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You can add a bugreport or a feature request on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTeplitsa\u002Fshmapper\u002Fissues\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Send us your pull request to share a code impovement.\u003C\u002Fli>\n\u003Cli>You can make a new plugin translation for your language or send us a fixes for an existing translation, if needed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have a questions for the plugin work in any aspect, please address our support service on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTeplitsa\u002Fshmapper\u002Fissues\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","shMapper is a plugin, that allows you to create simple crowdsourcing maps based on OpenStreetMap and Yandex.Maps.",7394,5,"2025-01-14T10:19:00.000Z","5.0","7.4",[150,21,151,152,23],"crowdsourcing","openstreetmap","osm","http:\u002F\u002Fgenagl.ru\u002F?p=652","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshmapper-by-teplitsa.zip",91,"2025-01-24 00:00:00",{"attackSurface":158,"codeSignals":181,"taintFlows":212,"riskAssessment":213,"analyzedAt":221},{"hooks":159,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":71,"unprotectedCount":71},[160,166,169,173],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","acf\u002Finclude_field_types","include_field","acf-yandex-map-fields.php",39,{"type":161,"name":167,"callback":163,"file":164,"line":168},"acf\u002Fregister_fields",40,{"type":161,"name":170,"callback":171,"file":164,"line":172},"admin_init","ymf_settings_init",42,{"type":161,"name":174,"callback":175,"file":164,"line":176},"admin_menu","options_page",43,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":71,"externalRequests":71,"nonceChecks":71,"capabilityChecks":27,"bundledLibraries":211},[],{"prepared":71,"raw":71,"locations":184},[],{"escaped":186,"rawEcho":187,"locations":188},52,10,[189,193,195,197,199,201,203,205,207,209],{"file":190,"line":191,"context":192},"fields\\class-acf-yandex-map-v4.php",94,"raw output",{"file":190,"line":194,"context":192},95,{"file":190,"line":196,"context":192},113,{"file":190,"line":198,"context":192},135,{"file":190,"line":200,"context":192},136,{"file":190,"line":202,"context":192},155,{"file":190,"line":204,"context":192},176,{"file":190,"line":206,"context":192},197,{"file":190,"line":208,"context":192},216,{"file":190,"line":210,"context":192},235,[],[],{"summary":214,"deductions":215},"The acf-yandex-maps-field plugin, version 1.1, presents a mixed security posture.  While the static analysis reveals a lack of exposed entry points like AJAX handlers, REST API routes, or shortcodes, and demonstrates a strong adherence to prepared statements for SQL queries, there are areas of concern. The presence of one unpatched medium severity vulnerability (Cross-site Scripting) is a significant risk, especially given its recent discovery. The output escaping, while high at 84%, still leaves a small percentage of outputs potentially vulnerable to XSS if an attacker can influence them. The lack of observed taint flows could be due to the limited attack surface or the nature of the analysis, but it doesn't negate the historical vulnerability pattern.",[216,219],{"reason":217,"points":218},"Unpatched medium severity CVE (XSS)",15,{"reason":220,"points":83},"Potential for XSS due to unescaped output (16%)","2026-03-16T19:19:56.797Z",{"wat":223,"direct":233},{"assetPaths":224,"generatorPatterns":226,"scriptPaths":227,"versionParams":230},[225],"\u002Fwp-content\u002Fplugins\u002Facf-yandex-maps-field\u002Fjs\u002Facf-yandex-map-frontend.js",[],[228,229],"\u002F\u002Fapi-maps.yandex.com\u002F2.1\u002F?lang=","\u002Fjs\u002Facf-yandex-map-frontend.js",[231,232],"acf-yandex-map-frontend.js?ver=","acf-yandex-map-api?ver=",{"cssClasses":234,"htmlComments":235,"htmlAttributes":236,"restEndpoints":240,"jsGlobals":241,"shortcodeOutput":243},[23],[],[237,238,239],"data-zoom-controll","data-scroll-zoom","ymf_custom_data",[],[242],"ymf_options",[244],"\u003Cdiv class=\"yandex-map\" id=\""]