[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flxQtDXF4TCb658-QMdNXdqZ1EzDgRUDIO6Rh6voGXZ8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":41,"crawl_stats":32,"alternatives":48,"analysis":159,"fingerprints":276},"amr-shortcodes","amr shortcodes","1.7","anmari","https:\u002F\u002Fprofiles.wordpress.org\u002Fanmari\u002F","\u003Cp>View the shortcodes available and used on your site, with links to the pages or posts that contain the shortcode text. Check if a page has a shortcode for which the plugin is not active. A red cross indicates if the function for that shortcode is still activated.\u003C\u002Fp>\n","View the shortcodes available and used on your site, with links to the pages or posts that contain the shortcode text. Check if a page has a shortcode …",100,3271,0,"2021-05-09T08:35:00.000Z","5.7.15","4.0","",[19,20],"shortcode","shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famr-shortcodes.1.7.zip",64,1,"2024-11-18 00:00:00","2026-03-15T15:16:48.613Z",[27],{"id":28,"url_slug":29,"title":30,"description":31,"plugin_slug":4,"theme_slug":32,"affected_versions":33,"patched_in_version":32,"severity":34,"cvss_score":35,"cvss_vector":36,"vuln_type":37,"published_date":24,"updated_date":38,"references":39,"days_to_patch":32},"CVE-2024-52464","amr-shortcodes-reflected-cross-site-scripting","amr shortcodes \u003C= 1.7 - Reflected Cross-Site Scripting","The amr shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.7","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-11-26 13:57:34",[40],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F51550d42-2c75-4cb1-9bf9-da27ebf83ac0?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":42,"total_installs":43,"avg_security_score":44,"avg_patch_time_days":45,"trust_score":46,"computed_at":47},3,320,70,30,73,"2026-04-04T19:05:25.464Z",[49,71,94,115,138],{"slug":50,"name":51,"version":52,"author":53,"author_profile":54,"description":55,"short_description":56,"active_installs":57,"downloaded":58,"rating":59,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":17,"tags":64,"homepage":68,"download_link":69,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":32,"fetched_at":25},"column-shortcodes","Column Shortcodes","1.0.1","Tobias Schutter","https:\u002F\u002Fprofiles.wordpress.org\u002Ftschutter\u002F","\u003Cp>Adds shortcodes to easily create columns in your posts or pages.\u003C\u002Fp>\n\u003Cp>Sometimes you just need to divide your page into different columns. With this plugin you just select a column shortcode and it will add the column to the page. You can also change the padding of each individual column from the UI.\u003C\u002Fp>\n\u003Cp>There are 10 different column widths available from which you can make all combinations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>full width (1\u002F1)\u003C\u002Fli>\n\u003Cli>half (1\u002F2)\u003C\u002Fli>\n\u003Cli>one third (1\u002F3)\u003C\u002Fli>\n\u003Cli>two third (2\u002F3)\u003C\u002Fli>\n\u003Cli>one fourth (1\u002F4)\u003C\u002Fli>\n\u003Cli>three fourth (3\u002F4)\u003C\u002Fli>\n\u003Cli>one fifth (1\u002F5)\u003C\u002Fli>\n\u003Cli>two fifth (2\u002F5)\u003C\u002Fli>\n\u003Cli>three fifth (3\u002F5)\u003C\u002Fli>\n\u003Cli>four fifth (4\u002F5)\u003C\u002Fli>\n\u003Cli>one sixth (1\u002F6)\u003C\u002Fli>\n\u003Cli>five sixth (5\u002F6)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A preset stylesheet is included, which you can also overwrite to you liking in your theme’s stylesheet.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Related Links:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>http:\u002F\u002Fwww.codepresshq.com\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds shortcodes to easily create columns in your posts or pages.",60000,893481,96,134,"2022-10-11T12:57:00.000Z","6.0.11","4.8",[65,66,67,19,20],"column","columns","divider","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcolumn-shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcolumn-shortcodes.1.0.1.zip",85,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":11,"num_ratings":23,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":89,"download_link":90,"security_score":91,"vuln_count":92,"unpatched_count":13,"last_vuln_date":93,"fetched_at":25},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,"2025-12-04T08:12:00.000Z","6.5.8","4.7","5.4.0",[86,87,20,88],"custom-post-types","elementor-widgets","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,"2026-02-18 15:32:44",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":79,"downloaded":102,"rating":11,"num_ratings":23,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":17,"tags":106,"homepage":111,"download_link":112,"security_score":59,"vuln_count":113,"unpatched_count":13,"last_vuln_date":114,"fetched_at":25},"futurio-extra","Futurio Extra","2.0.23","FuturioWP","https:\u002F\u002Fprofiles.wordpress.org\u002Ffuturiowp\u002F","\u003Cp>Futurio Extra add extra features and options to \u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002F\" rel=\"nofollow ugc\">Futurio\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Ffuturio-storefront\u002F\" rel=\"ugc\">Futurio Storefront\u003C\u002Fa> theme.\u003Cbr \u002F>\nThis plugin require the free WP theme – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Ffuturio\u002F\" rel=\"ugc\">Futurio\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Ffuturio-storefront\u002F\" rel=\"ugc\">Futurio Storefront\u003C\u002Fa> – to be installed.\u003C\u002Fp>\n\u003Cp>Futurio Extra brings new widgets to be used in Elementor and allows you to import beautiful page templates for Elementor page builder. It also comes with 100% WooCommerce support and custom options. With the one click demo import feature you can import all our 10+ demo sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– One click demo import – import starter sites with one click. \u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002Fdemos\u002F\" rel=\"nofollow ugc\">Demos here\u003C\u002Fa>\u003Cbr \u002F>\n– Customizer options (Color presets, Google fonts, Layout desings…)\u003Cbr \u002F>\n– Page\u002Fpost custom options and features\u003Cbr \u002F>\n– Custom Elementor widgets and addons\u003Cbr \u002F>\n– Custom widgets (social icons, about me, recent & popular posts)\u003Cbr \u002F>\n– 100% WooCommerce support and custom WooCommerce options and features\u003Cbr \u002F>\n– Custom Elementor 404 page \u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002Fdocs\u002Ffuturio\u002Fcustomizer-settings\u002Ffooter-credits\u002F#custom-footer-with-elementor\" rel=\"nofollow ugc\">How to?\u003C\u002Fa>\u003Cbr \u002F>\n– Custom Elementor header \u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002Fdocs\u002Ffuturio\u002Fcustomizer-settings\u002Fcustom-header\u002F\" rel=\"nofollow ugc\">How to?\u003C\u002Fa>\u003Cbr \u002F>\n– Custom Elementor footer credits \u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002Fdocs\u002Ffuturio\u002Fcustomizer-settings\u002Fcustom-404-error-page\u002F\" rel=\"nofollow ugc\">How to?\u003C\u002Fa>\u003Cbr \u002F>\n– Custom Elementor blog feed builder \u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002Fdocs\u002Ffuturio\u002Fcustomizer-settings\u002Fcustom-404-error-page\u002F\" rel=\"nofollow ugc\">How to?\u003C\u002Fa>\u003Cbr \u002F>\n– And much more….\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffuturiowp.com\u002Fdocs\u002Ffuturio\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Page Builders Friend\u003C\u002Fh4>\n\u003Cp>Futurio & Futurio Extra is best friend with the popular pagebuilders like Elementor, Beaver Builder, King Composer, Brizy, Visual Composer, SiteOrigin, Divi or Gutenberg.\u003C\u002Fp>\n\u003Ch4>Custom look with Elementor\u003C\u002Fh4>\n\u003Cp>With Elementor you can design your header, footer, 404 error page or the blog page look\u003C\u002Fp>\n\u003Ch4>20+ free demos sites\u003C\u002Fh4>\n\u003Cp>20+ free demo websites ready to import are included. Importing is easy with a few clicks.\u003C\u002Fp>\n\u003Ch4>100% WooCommerce support\u003C\u002Fh4>\n\u003Cp>Extend the WooCommerce with new options and features. Import full WooCommerce demo websites with few clicks and be ready to start your new store in few minutes.\u003C\u002Fp>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Typed.js, Copyright 2014 Matt Bold\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fmattboldt\u002Ftyped.js\u003C\u002Fp>\n\u003Ch4>Kirki, Copyright (c) 2017, Aristeides Stathopoulos\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Faristath\u002Fkirki\u003C\u002Fp>\n\u003Ch4>Dilaz Metabox, by WebDilaz Team\u003C\u002Fh4>\n\u003Cp>Licenses: GPL-2.0+\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002FRodgath\u002FDilaz-Metaboxes-Plugin\u003C\u002Fp>\n","Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.",740491,"2026-03-05T07:31:00.000Z","6.9.4","4.4",[107,108,109,20,110],"demo","elementor","page-builder","woocommerce","https:\u002F\u002Ffuturiowp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffuturio-extra.2.0.23.zip",7,"2024-12-02 00:00:00",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":79,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":17,"tags":129,"homepage":133,"download_link":134,"security_score":135,"vuln_count":136,"unpatched_count":13,"last_vuln_date":137,"fetched_at":25},"nd-shortcodes","ND Shortcodes","7.8","nicdark","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicdark\u002F","\u003Ch4>Some components in the preview below\u003C\u002Fh4>\n\u003Cp>The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ) that can be integrated very easily with your own theme.\u003C\u002Fp>\n","The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …",412507,66,13,"2025-03-18T11:08:00.000Z","6.7.5","4.5",[130,108,131,20,132],"components","elementor-library","wp-bakery-page-builder","https:\u002F\u002Fnicdark.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnd-shortcodes.7.8.zip",89,5,"2024-05-24 11:33:21",{"slug":139,"name":140,"version":141,"author":142,"author_profile":143,"description":144,"short_description":145,"active_installs":146,"downloaded":147,"rating":148,"num_ratings":149,"last_updated":150,"tested_up_to":151,"requires_at_least":152,"requires_php":17,"tags":153,"homepage":156,"download_link":157,"security_score":158,"vuln_count":13,"unpatched_count":13,"last_vuln_date":32,"fetched_at":25},"contact-form-7-shortcode-enabler","Contact Form 7 Shortcode Enabler","1.1","Tobias Zimpel","https:\u002F\u002Fprofiles.wordpress.org\u002Ftz-media\u002F","\u003Cp>Many themes, as well as other plugins, provide shortcodes for layout options like multi-column-layouts, tabs, etc.\u003C\u002Fp>\n\u003Cp>By default, Contact Form 7 forms can not include shortcodes provided by WordPress or third-party-plugins or -themes.\u003Cbr \u002F>\nIt only processes its own shortcodes used to generate form elements.\u003C\u002Fp>\n\u003Cp>This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.\u003C\u002Fp>\n","This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.",10000,68161,98,12,"2024-10-18T12:44:00.000Z","6.6.5","2.6.0",[154,155,19,20],"cf7","contact-form-7","#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-shortcode-enabler.1.1.zip",92,{"attackSurface":160,"codeSignals":180,"taintFlows":210,"riskAssessment":264,"analyzedAt":275},{"hooks":161,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":13,"unprotectedCount":13},[162,168,172],{"type":163,"name":164,"callback":165,"file":166,"line":167},"action","admin_menu","register_tools_page","amr_shortcodes.php",24,{"type":163,"name":169,"callback":170,"file":166,"line":171},"plugins_loaded","amr_shortcodes_load_text",278,{"type":163,"name":173,"callback":174,"file":166,"line":175},"template_redirect","available_shortcodes_template_redirect",298,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":184,"fileOperations":13,"externalRequests":13,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":209},[],{"prepared":23,"raw":13,"locations":183},[],{"escaped":185,"rawEcho":186,"locations":187},4,11,[188,191,193,194,196,197,199,201,203,205,207],{"file":166,"line":189,"context":190},54,"raw output",{"file":166,"line":192,"context":190},56,{"file":166,"line":46,"context":190},{"file":166,"line":195,"context":190},77,{"file":166,"line":91,"context":190},{"file":166,"line":198,"context":190},101,{"file":166,"line":200,"context":190},179,{"file":166,"line":202,"context":190},180,{"file":166,"line":204,"context":190},207,{"file":166,"line":206,"context":190},213,{"file":166,"line":208,"context":190},255,[],[211,244],{"entryPoint":212,"graph":213,"unsanitizedCount":242,"severity":243},"where_one_shortcode (amr_shortcodes.php:249)",{"nodes":214,"edges":237},[215,220,225,228,232],{"id":216,"type":217,"label":218,"file":166,"line":219},"n0","source","$_REQUEST",252,{"id":221,"type":222,"label":223,"file":166,"line":208,"wp_function":224},"n1","sink","echo() [XSS]","echo",{"id":226,"type":217,"label":218,"file":166,"line":227},"n2",261,{"id":229,"type":230,"label":231,"file":166,"line":227},"n3","transform","→ where_shortcode()",{"id":233,"type":222,"label":234,"file":166,"line":235,"wp_function":236},"n4","get_results() [SQLi]",245,"get_results",[238,240,241],{"from":216,"to":221,"sanitized":239},false,{"from":226,"to":229,"sanitized":239},{"from":229,"to":233,"sanitized":239},2,"high",{"entryPoint":245,"graph":246,"unsanitizedCount":23,"severity":243},"\u003Camr_shortcodes> (amr_shortcodes.php:0)",{"nodes":247,"edges":258},[248,250,251,252,253,254,256],{"id":216,"type":217,"label":218,"file":166,"line":249},234,{"id":221,"type":222,"label":234,"file":166,"line":235,"wp_function":236},{"id":226,"type":217,"label":218,"file":166,"line":219},{"id":229,"type":222,"label":223,"file":166,"line":208,"wp_function":224},{"id":233,"type":217,"label":218,"file":166,"line":227},{"id":255,"type":230,"label":231,"file":166,"line":227},"n5",{"id":257,"type":222,"label":234,"file":166,"line":235,"wp_function":236},"n6",[259,261,262,263],{"from":216,"to":221,"sanitized":260},true,{"from":226,"to":229,"sanitized":260},{"from":233,"to":255,"sanitized":239},{"from":255,"to":257,"sanitized":239},{"summary":265,"deductions":266},"The 'amr-shortcodes' plugin v1.7 exhibits a mixed security posture.  While it demonstrates good practices by utilizing prepared statements for all SQL queries, including nonce and capability checks, and has a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, there are significant concerns.  The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user input could be used in an unsafe manner.  Furthermore, only 27% of output escaping is properly done, which is a notable weakness and a common precursor to cross-site scripting vulnerabilities.  The plugin's vulnerability history is also a cause for concern, with one medium-severity Cross-site Scripting (XSS) vulnerability being recently discovered and currently unpatched. This pattern suggests a recurring issue with input sanitization and output escaping, despite some efforts to implement security checks.",[267,270,272],{"reason":268,"points":269},"Unpatched CVE",15,{"reason":271,"points":149},"High severity taint flow (x2)",{"reason":273,"points":274},"Low output escaping rate (27%)",8,"2026-03-16T20:57:24.638Z",{"wat":277,"direct":287},{"assetPaths":278,"generatorPatterns":282,"scriptPaths":283,"versionParams":284},[279,280,281],"\u002Fwp-content\u002Fplugins\u002Famr-shortcodes\u002Famr-shortcodes.php","\u002Fwp-content\u002Fplugins\u002Famr-shortcodes\u002Famr-shortcodes-admin.js","\u002Fwp-content\u002Fplugins\u002Famr-shortcodes\u002Famr-shortcodes-admin.css",[],[280],[285,286],"amr-shortcodes\u002Famr-shortcodes-admin.css?ver=","amr-shortcodes\u002Famr-shortcodes-admin.js?ver=",{"cssClasses":288,"htmlComments":291,"htmlAttributes":292,"restEndpoints":294,"jsGlobals":295,"shortcodeOutput":297},[289,290],"wrap","icon32",[],[293],"data-shortcode-text",[],[296],"amr_shortcodes_admin_ajax_object",[298,299],"[","]"]