[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fj87C5oxeRBRI3Ndv_VP5uHsCt3WaVnB5itJGgPM1fdo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":14,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":154,"fingerprints":394},"advanced-custom-css","Advanced Custom CSS","1.1.0","prasadkirpekar","https:\u002F\u002Fprofiles.wordpress.org\u002Fprasadkirpekar\u002F","\u003Cp>Add custom css in your site. Follow given simple steps to get your task done.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install Advanced Custom CSS.\u003C\u002Fli>\n\u003Cli>Activate Plugin.\u003C\u002Fli>\n\u003Cli>Insert CSS code in respected code blocks.\u003C\u002Fli>\n\u003Cli>Save settings\u003C\u002Fli>\n\u003Cli>And you done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Control when to add CSS in page source\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Set Global CSS\u003C\u002Fem>\u003Cbr \u002F>\nYou can set global CSS rules that will be added to every page of website.\u003C\u002Fp>\n\u003Cp>\u003Cem>Set Post specific CSS\u003C\u002Fem>\u003Cbr \u002F>\nYou can set seperate CSS rules that will be added only when single post is displayed.\u003C\u002Fp>\n\u003Cp>\u003Cem>Set Page specific CSS\u003C\u002Fem>\u003Cbr \u002F>\nSimilar to Post CSS, You can set seperate CSS rules that will be added only when single page is displayed.\u003C\u002Fp>\n\u003Cp>For more support \u003Ca href=\"https:\u002F\u002Fwww.fiverr.com\u002Fprasadkirpekar\u002Fcustomize-your-theme-css\" rel=\"nofollow ugc\">Buy premium support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contact me\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fprasadkirpekar.com\" rel=\"nofollow ugc\">Reach me here\u003C\u002Fa>\u003C\u002Fp>\n","Add Custom CSS to your WordPress site. Easy and Flexible.",50,3102,100,1,"2020-06-06T11:51:00.000Z","5.4.19","3.0.1","",[20,21,22,23],"css","custom","custom-css","customization","http:\u002F\u002Fprasadkirpekar.com\u002Fadvanced-custom-css","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-css.zip",63,"2025-12-26 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-68878","advanced-custom-css-reflected-cross-site-scripting","Advanced Custom CSS \u003C= 1.1.0 - Reflected Cross-Site Scripting","The Advanced Custom CSS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-05 19:00:13",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4881f21c-a8ab-4a20-aaab-4b44804d3709?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},5,91090,91,153,73,"2026-04-05T17:22:41.980Z",[52,76,98,118,136],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":17,"requires_php":66,"tags":67,"homepage":72,"download_link":73,"security_score":13,"vuln_count":14,"unpatched_count":74,"last_vuln_date":75,"fetched_at":28},"custom-css-js","Simple Custom CSS and JS","3.52","SilkyPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fdiana_burduja\u002F","\u003Cp>Customize your WordPress site’s appearance by easily adding custom CSS and JS code without even having to modify your theme or plugin files. This is perfect for adding custom CSS tweaks to your site.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Text editor\u003C\u002Fstrong> with syntax highlighting \u003C\u002Fli>\n\u003Cli>Print the code \u003Cstrong>inline\u003C\u002Fstrong> or included into an \u003Cstrong>external file\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Print the code in the \u003Cstrong>header\u003C\u002Fstrong> or the \u003Cstrong>footer\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add CSS or JS to the \u003Cstrong>frontend\u003C\u002Fstrong> or the \u003Cstrong>admin side\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Add as many codes as you want\u003C\u002Fli>\n\u003Cli>Keep your changes also when you change the theme\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily add Custom CSS or JS to your website with an awesome editor.",700000,10074700,88,101,"2026-03-06T19:56:00.000Z","6.9.4","5.2.4",[68,22,69,70,71],"add-style","custom-js","customize-theme","site-css","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-css-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-css-js.3.52.zip",0,"2017-07-24 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":13,"num_ratings":86,"last_updated":87,"tested_up_to":65,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":94,"download_link":95,"security_score":96,"vuln_count":14,"unpatched_count":74,"last_vuln_date":97,"fetched_at":28},"wp-headers-and-footers","Insert Headers And Footers","3.1.3","Adnan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhiddenpearls\u002F","\u003Cp>WP Headers and Footers plugin helps you to insert code to your WordPress website headers and footers section like Google Analytics tracking code, Facebook Pixels code, Google Optimize code for A\u002FB testing, Custom CSS code, and more. You don’t need to edit the theme files to insert the code.\u003C\u002Fp>\n\u003Cp>The simple interface of this plugin allows you to add code and different scripts from one place to your WordPress website (\u003Cstrong>Headers, Footers, and Body section\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert code to your WordPress headers & Footers\u003C\u002Fli>\n\u003Cli>Insert Google Analytics Code to any WordPress theme\u003C\u002Fli>\n\u003Cli>Insert Facebook Pixels Code\u003C\u002Fli>\n\u003Cli>Add Google Optimize Code for A\u002FB testing ( Ab Testing )\u003C\u002Fli>\n\u003Cli>Add Google search console authentication code to any theme for verification\u003C\u002Fli>\n\u003Cli>Add Custom CSS, any script, and HTML to your website\u003C\u002Fli>\n\u003Cli>Google Tag Manager code\u002Fscript insertion\u003C\u002Fli>\n\u003Cli>You can also add microsoft clarity tracking code to your website\u003C\u002Fli>\n\u003Cli>You can also insert code to your website body section\u003C\u002Fli>\n\u003Cli>Can add Bing webmaster tool code for website verification\u003C\u002Fli>\n\u003Cli>Add Google AdSense code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>If you find our plugin useful, please leave a good rating\u002Freview and check our other plugins.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fanalytify.io\u002Fref\u002F73\u002F?utm_source=wp-headers-and-footers&utm_medium=readme&utm_campaign=pro-upgrade\" rel=\"nofollow ugc\">Analytify – Google Analytics Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Floginpress.pro\u002F?utm_source=wp-headers-and-footers\" rel=\"nofollow ugc\">LoginPress\u003C\u002Fa> – For Custom login page and login page security\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsimplesocialbuttons.com?utm_source=wp-headers-and-footers&utm_medium=readme&utm_campaign=pro-upgrade\" rel=\"nofollow ugc\">Simple Social Buttons\u003C\u002Fa> – Plugin for Social share buttons and social icons\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-thumbnails\u002F\" rel=\"ugc\">Related Posts Thumbnails Plugin\u003C\u002Fa> – For related posts\u002Fproducts\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpbrigade.com\u002Frecommend\u002Fmaintenance-mode?utm_source=wp-headers-and-footers&utm_medium=readme&utm_campaign=pro-upgrade\" rel=\"nofollow ugc\">Under Construction, Coming Soon & Maintenance Mode\u003C\u002Fa> – Plugin for Under construction & Coming soon page\u003C\u002Fli>\n\u003C\u002Ful>\n","Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.",300000,2339048,127,"2026-01-05T15:03:00.000Z","5.0",[22,90,91,92,93],"facebook-pixel","footer","google-analytics","header","https:\u002F\u002Fwww.WPBrigade.com\u002Fwordpress\u002Fplugins\u002Fwp-headers-and-footers\u002F?utm_source=?utm_source=wp-headers-and-footers&utm_medium=author-uri-link","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-headers-and-footers.3.1.3.zip",98,"2025-04-18 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":17,"requires_php":18,"tags":112,"homepage":115,"download_link":116,"security_score":117,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"simple-custom-css","Simple Custom CSS Plugin","4.0.7","John Regan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnregan3\u002F","\u003Cp>Add Custom CSS to your WordPress site without any hassles.\u003C\u002Fp>\n\u003Cp>An easy-to-use WordPress Plugin to add custom CSS styles that override Plugin and Theme default styles. This plugin is designed to meet the needs of administrators who would like to add their own CSS to their WordPress website. Styles created with this plugin will render even if the theme is changed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New in Version 4.0.7\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tested for compatibility with WP 6.7.2\u003C\u002Fli>\n\u003Cli>Tested for compatibility with PHP 8.4\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>AMP Support\u003C\u002Fli>\n\u003Cli>Customizer Control (live preview)\u003C\u002Fli>\n\u003Cli>Useful Code Syntax Highlighter\u003C\u002Fli>\n\u003Cli>Code linting (error checking)\u003C\u002Fli>\n\u003Cli>No configuration needed\u003C\u002Fli>\n\u003Cli>Simple interface built on native WordPress UI\u003C\u002Fli>\n\u003Cli>Virtually no impact on site performance\u003C\u002Fli>\n\u003Cli>No complicated database queries\u003C\u002Fli>\n\u003Cli>Thorough documentation\u003C\u002Fli>\n\u003Cli>Allows Administrator access on WP Networks (Multisite)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>Navigate to Appearance > Custom CSS in the Admin Menu\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enter in valid CSS styles\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Click “Update Custom CSS”\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>View your changes in the Front End of your website\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjohnregan3\u002Fsimple-custom-css\u002Fwiki\" title=\"Simple Custom CSS Wiki\" rel=\"nofollow ugc\">Simple Custom CSS Wiki\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-custom-css\" title=\"Support Forum\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n","Add Custom CSS to your WordPress site without any hassles.",100000,3068872,94,159,"2025-03-11T16:57:00.000Z","6.7.5",[113,20,21,22,114],"code","styles","http:\u002F\u002Fjohnregan3.github.io\u002Fsimple-custom-css","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-custom-css.zip",92,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":96,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":134,"download_link":135,"security_score":13,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"simple-css","Simple CSS","1.1.1","Tom","https:\u002F\u002Fprofiles.wordpress.org\u002Fedge22\u002F","\u003Cp>Need to add some custom CSS to your site? Simple CSS gives you an awesome admin editor and a live preview editor in the Customizer so you can easily add your CSS.\u003C\u002Fp>\n\u003Cp>Want your CSS to only apply on a specific page or post? Simple CSS adds a metabox which allows you to do just that.\u003C\u002Fp>\n\u003Cp>Check out GeneratePress, our awesome WordPress theme! (https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgeneratepress)\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full featured admin CSS editor\u003C\u002Fli>\n\u003Cli>Dark and light editor themes\u003C\u002Fli>\n\u003Cli>CSS editor in the Customizer so you can live preview your changes\u003C\u002Fli>\n\u003Cli>Metabox for page\u002Fpost specific CSS\u003C\u002Fli>\n\u003C\u002Ful>\n","Add CSS to your website through an admin editor, the Customizer or a metabox for page\u002Fpost specific CSS.",80000,551667,60,"2025-09-15T15:11:00.000Z","6.8.5","4.0",[20,133,22,119,99],"css-customizer","https:\u002F\u002Fgeneratepress.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-css.1.1.1.zip",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":146,"num_ratings":147,"last_updated":148,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":149,"homepage":152,"download_link":153,"security_score":13,"vuln_count":74,"unpatched_count":74,"last_vuln_date":35,"fetched_at":28},"wp-add-custom-css","WP Add Custom CSS","1.2.1","Daniele De Santis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanieledesantis\u002F","\u003Cp>WP Add Custom CSS allows you to \u003Cstrong>add custom CSS\u003C\u002Fstrong> to the \u003Cstrong>whole website\u003C\u002Fstrong> and to \u003Cstrong>individual posts, pages and custom post types\u003C\u002Fstrong> (such as \u003Cstrong>Woocommerce products\u003C\u002Fstrong>).\u003Cbr \u002F>\nThe CSS rules applied to the whole website will override the default stylesheets of your theme and plugins, while the CSS rules applied to specific pages, posts or custom post types will override the main stylesheet too.\u003C\u002Fp>\n\u003Cp>The plugin works with the most popular builders, such as \u003Cstrong>Elementor, Gutenberg and the Classic Editor\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can edit the main stylesheet from the the “Add custom CSS” settings page.\u003Cbr \u002F>\nThe plugin also creates a new “Custom CSS” box in the editing area to \u003Cstrong>add custom CSS to specific posts, pages and custom post types\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Select the preferred CSS output method from the plugin’s settings page to ensure seamless integration with \u003Cstrong>caching and minification plugins\u003C\u002Fstrong> or to improve \u003Cstrong>above-the-fold rendering performance\u003C\u002Fstrong>.\u003C\u002Fp>\n","Add custom css to the whole website and to specific posts and pages.",60000,989310,96,90,"2025-08-14T10:21:00.000Z",[20,22,150,114,151],"style","stylesheet","http:\u002F\u002Fwww.danieledesantis.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-add-custom-css.1.2.1.zip",{"attackSurface":155,"codeSignals":175,"taintFlows":288,"riskAssessment":380,"analyzedAt":393},{"hooks":156,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":74,"unprotectedCount":74},[157,163,167],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_menu","acc_option_page","advanced-custom-css.php",105,{"type":158,"name":164,"callback":165,"file":161,"line":166},"admin_init","acc_reg_scripts",106,{"type":158,"name":168,"callback":169,"file":161,"line":170},"wp_head","acc_place_css",107,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":285,"externalRequests":74,"nonceChecks":286,"capabilityChecks":74,"bundledLibraries":287},[],{"prepared":74,"raw":74,"locations":178},[],{"escaped":180,"rawEcho":181,"locations":182},11,54,[183,186,187,188,190,191,193,195,197,199,201,203,205,207,208,210,212,214,216,218,220,222,224,226,228,230,231,233,234,236,238,240,242,244,246,248,250,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283],{"file":161,"line":184,"context":185},95,"raw output",{"file":161,"line":96,"context":185},{"file":161,"line":63,"context":185},{"file":189,"line":13,"context":185},"include\\csstidy\\css_optimiser.php",{"file":189,"line":13,"context":185},{"file":189,"line":192,"context":185},126,{"file":189,"line":194,"context":185},128,{"file":189,"line":196,"context":185},129,{"file":189,"line":198,"context":185},131,{"file":189,"line":200,"context":185},132,{"file":189,"line":202,"context":185},133,{"file":189,"line":204,"context":185},139,{"file":189,"line":206,"context":185},140,{"file":189,"line":206,"context":185},{"file":189,"line":209,"context":185},141,{"file":189,"line":211,"context":185},143,{"file":189,"line":213,"context":185},145,{"file":189,"line":215,"context":185},149,{"file":189,"line":217,"context":185},150,{"file":189,"line":219,"context":185},154,{"file":189,"line":221,"context":185},158,{"file":189,"line":223,"context":185},160,{"file":189,"line":225,"context":185},163,{"file":189,"line":227,"context":185},168,{"file":189,"line":229,"context":185},172,{"file":189,"line":229,"context":185},{"file":189,"line":232,"context":185},177,{"file":189,"line":232,"context":185},{"file":189,"line":235,"context":185},182,{"file":189,"line":237,"context":185},185,{"file":189,"line":239,"context":185},187,{"file":189,"line":241,"context":185},190,{"file":189,"line":243,"context":185},192,{"file":189,"line":245,"context":185},198,{"file":189,"line":247,"context":185},203,{"file":189,"line":249,"context":185},208,{"file":189,"line":249,"context":185},{"file":189,"line":252,"context":185},211,{"file":189,"line":254,"context":185},214,{"file":189,"line":256,"context":185},217,{"file":189,"line":258,"context":185},220,{"file":189,"line":260,"context":185},224,{"file":189,"line":262,"context":185},229,{"file":189,"line":264,"context":185},234,{"file":189,"line":266,"context":185},235,{"file":189,"line":268,"context":185},240,{"file":189,"line":270,"context":185},245,{"file":189,"line":272,"context":185},246,{"file":189,"line":274,"context":185},323,{"file":189,"line":276,"context":185},326,{"file":189,"line":278,"context":185},332,{"file":189,"line":280,"context":185},335,{"file":189,"line":282,"context":185},340,{"file":189,"line":284,"context":185},345,6,3,[],[289,358,372],{"entryPoint":290,"graph":291,"unsanitizedCount":357,"severity":37},"\u003Ccss_optimiser> (include\\csstidy\\css_optimiser.php:0)",{"nodes":292,"edges":346},[293,297,302,305,307,310,312,316,318,322,324,327,331,337,340,343],{"id":294,"type":295,"label":296,"file":189,"line":206},"n0","source","$_REQUEST['css_text']",{"id":298,"type":299,"label":300,"file":189,"line":206,"wp_function":301},"n1","sink","echo() [XSS]","echo",{"id":303,"type":295,"label":304,"file":189,"line":211},"n2","$_REQUEST['url']",{"id":306,"type":299,"label":300,"file":189,"line":211,"wp_function":301},"n3",{"id":308,"type":295,"label":309,"file":189,"line":48},"n4","$_REQUEST",{"id":311,"type":299,"label":300,"file":189,"line":219,"wp_function":301},"n5",{"id":313,"type":295,"label":314,"file":189,"line":315},"n6","$_REQUEST['custom']",161,{"id":317,"type":299,"label":300,"file":189,"line":223,"wp_function":301},"n7",{"id":319,"type":295,"label":320,"file":189,"line":321},"n8","$_COOKIE['custom_template']",164,{"id":323,"type":299,"label":300,"file":189,"line":225,"wp_function":301},"n9",{"id":325,"type":295,"label":314,"file":189,"line":326},"n10",268,{"id":328,"type":329,"label":330,"file":189,"line":326},"n11","transform","→ load_template()",{"id":332,"type":299,"label":333,"file":334,"line":335,"wp_function":336},"n12","file_get_contents() [SSRF\u002FLFI]","include\\csstidy\\class.csstidy.php",416,"file_get_contents",{"id":338,"type":295,"label":304,"file":189,"line":339},"n13",292,{"id":341,"type":329,"label":342,"file":189,"line":339},"n14","→ parse_from_url()",{"id":344,"type":299,"label":333,"file":334,"line":345,"wp_function":336},"n15",435,[347,349,350,351,352,353,354,355,356],{"from":294,"to":298,"sanitized":348},false,{"from":303,"to":306,"sanitized":348},{"from":308,"to":311,"sanitized":348},{"from":313,"to":317,"sanitized":348},{"from":319,"to":323,"sanitized":348},{"from":325,"to":328,"sanitized":348},{"from":328,"to":332,"sanitized":348},{"from":338,"to":341,"sanitized":348},{"from":341,"to":344,"sanitized":348},7,{"entryPoint":359,"graph":360,"unsanitizedCount":74,"severity":371},"acc_options (advanced-custom-css.php:57)",{"nodes":361,"edges":368},[362,365],{"id":294,"type":295,"label":363,"file":161,"line":364},"$_POST (x3)",70,{"id":298,"type":299,"label":366,"file":161,"line":49,"wp_function":367},"update_option() [Settings Manipulation]","update_option",[369],{"from":294,"to":298,"sanitized":370},true,"low",{"entryPoint":373,"graph":374,"unsanitizedCount":74,"severity":371},"\u003Cadvanced-custom-css> (advanced-custom-css.php:0)",{"nodes":375,"edges":378},[376,377],{"id":294,"type":295,"label":363,"file":161,"line":364},{"id":298,"type":299,"label":366,"file":161,"line":49,"wp_function":367},[379],{"from":294,"to":298,"sanitized":370},{"summary":381,"deductions":382},"The \"advanced-custom-css\" plugin, version 1.1.0, presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and having no critical or high-severity issues in its taint analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events also limits its direct attack surface. However, significant concerns arise from the low percentage of properly escaped output (17%) and the presence of a single flow with unsanitized paths identified during taint analysis. This suggests a potential for cross-site scripting (XSS) vulnerabilities where user-supplied data might not be adequately neutralized before being rendered.  \n\nThe plugin's vulnerability history is a notable red flag. With one known medium-severity CVE related to Cross-site Scripting that remains unpatched, it indicates a recurring weakness in input sanitization. While the current static analysis did not flag this specific vulnerability, the past pattern strongly suggests that the underlying issues might still exist or have not been fully remediated. The fact that the last vulnerability was recorded in the future (2025-12-26) is also an anomaly that warrants attention, although it may be a data input error. Overall, while the plugin has strengths in SQL handling and a limited attack surface, the unpatched XSS vulnerability and potential for unsanitized output and paths pose a significant risk that requires immediate attention and thorough auditing.",[383,386,389,391],{"reason":384,"points":385},"Unpatched medium severity CVE",15,{"reason":387,"points":388},"Flow with unsanitized paths",10,{"reason":390,"points":388},"Low percentage of properly escaped output",{"reason":392,"points":45},"1 vulnerability history entry","2026-03-16T21:54:58.359Z",{"wat":395,"direct":409},{"assetPaths":396,"generatorPatterns":406,"scriptPaths":407,"versionParams":408},[397,398,399,400,401,402,403,404,405],"\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fmaterialize\u002Fmaterialize.min.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fcodemirror\u002Fcodemirror.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fcodemirror\u002Fcss.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fcodemirror\u002Fcm_init.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fcodemirror\u002Fautorefresh.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fmaterialize\u002Fmaterialize.min.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fcodemirror\u002Fcodemirror.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Fcodemirror\u002Fdracula.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-custom-css\u002Finclude\u002Facc.css",[],[397,398,399,400,401],[],{"cssClasses":410,"htmlComments":411,"htmlAttributes":416,"restEndpoints":417,"jsGlobals":418,"shortcodeOutput":419},[],[412,413,414,415],"\u002F*CSS added here will be included everywhere on site. You can use this option to set global CSS rules for your website.*\u002F","\u002F*CSS added here will be included on single posts on site.*\u002F","\u002F*CSS added here will be included on single page on site.*\u002F","\u002F*CSS added by Advanced Custom CSS Plugin*\u002F",[],[],[],[]]