[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fl54Ng5BZQv9Opl3kgIbdixrjq9Mzxuol5K_WYCyP24g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":349},"atlas-content-modeler","Atlas Content Modeler","0.26.2","StudioPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fstudiopress\u002F","\u003Cp>\u003Cstrong>IMPORTANT:\u003C\u002Fstrong> Atlas Content Modeler is entering an end-of-life phase. During this phase, we will continue to support Atlas Content Modeler to ensure it is secure and functional, giving you time to move your site to our recommended replacement. While security and critical bug fixes will continue to be provided through 2024, no new feature development will happen in Atlas Content Modeler. The plugin will be shutdown in early 2025.\u003C\u002Fp>\n\u003Cp>Atlas Content Modeler (ACM) is a content modeling solution for WordPress. Using an intuitive interface, you can create custom post types, as well as custom fields and taxonomies for those post types, with ease.\u003C\u002Fp>\n\u003Ch3>For Developers\u003C\u002Fh3>\n\u003Cp>Developers get a modern content modeling system that automatically integrates with WPGraphQL and the WordPress REST API. No need to write code or install other plugins!\u003C\u002Fp>\n\u003Ch3>For Publishers\u003C\u002Fh3>\n\u003Cp>Publishers get friendly and familiar content entry pages.\u003C\u002Fp>\n","A WordPress plugin to create custom post types, custom fields, and custom taxonomies for headless WordPress sites.",100,22549,96,4,"2024-04-02T16:26:00.000Z","6.5.8","5.7","7.2",[],"https:\u002F\u002Fdevelopers.wpengine.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatlas-content-modeler.0.26.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":13,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"studiopress",8,64600,126,76,"2026-04-04T11:09:40.487Z",[],{"attackSurface":36,"codeSignals":282,"taintFlows":306,"riskAssessment":343,"analyzedAt":348},{"hooks":37,"ajaxHandlers":219,"restRoutes":220,"shortcodes":279,"cronEvents":280,"entryPointCount":281,"unprotectedCount":23},[38,44,48,53,58,63,68,71,74,77,80,84,88,91,94,97,100,102,105,108,110,114,117,120,123,127,130,134,138,141,144,148,151,155,159,162,165,168,172,175,178,181,184,186,189,191,194,196,198,200,203,205,208,210,212,214,217],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","plugins_loaded","atlas_content_modeler_loader","atlas-content-modeler.php",29,{"type":39,"name":45,"callback":46,"file":42,"line":47},"admin_notices","acm_deprecation_notice",95,{"type":39,"name":49,"callback":50,"file":51,"line":52},"rest_api_init","register_endpoint","includes\\content-connect\\includes\\API\\Search.php",20,{"type":54,"name":55,"callback":56,"file":51,"line":57},"filter","acm_content_connect_localize_data","localize_endpoints",21,{"type":39,"name":59,"callback":60,"priority":11,"file":61,"line":62},"init","wp_init","includes\\content-connect\\includes\\Plugin.php",137,{"type":54,"name":64,"callback":64,"priority":65,"file":66,"line":67},"posts_where",10,"includes\\content-connect\\includes\\QueryIntegration\\WPQueryIntegration.php",22,{"type":54,"name":69,"callback":69,"priority":65,"file":66,"line":70},"posts_join",23,{"type":54,"name":72,"callback":72,"priority":65,"file":66,"line":73},"posts_groupby",24,{"type":54,"name":75,"callback":75,"priority":65,"file":66,"line":76},"posts_orderby",25,{"type":39,"name":78,"callback":78,"file":79,"line":57},"deleted_post","includes\\content-connect\\includes\\Relationships\\DeletedItems.php",{"type":39,"name":59,"callback":81,"file":82,"line":83},"upgrade","includes\\content-connect\\includes\\Tables\\BaseTable.php",82,{"type":39,"name":59,"callback":85,"file":86,"line":87},"anonymous","includes\\content-registration\\custom-post-types-registration.php",19,{"type":39,"name":89,"callback":85,"file":86,"line":90},"acm_content_connect_init",114,{"type":39,"name":92,"callback":85,"file":86,"line":93},"graphql_register_types",516,{"type":54,"name":95,"callback":85,"priority":65,"file":86,"line":96},"graphql_data_is_private",643,{"type":54,"name":98,"callback":85,"priority":65,"file":86,"line":99},"is_protected_meta",833,{"type":39,"name":92,"callback":85,"file":101,"line":87},"includes\\content-registration\\graphql-mutations.php",{"type":39,"name":103,"callback":85,"priority":65,"file":101,"line":104},"graphql_post_object_mutation_update_additional_data",87,{"type":39,"name":59,"callback":85,"file":106,"line":107},"includes\\content-registration\\register-taxonomies.php",15,{"type":54,"name":95,"callback":85,"priority":65,"file":106,"line":109},162,{"type":39,"name":59,"callback":111,"file":112,"line":113},"remove_post_type_supports","includes\\publisher\\class-publisher-form-editing-experience.php",67,{"type":39,"name":49,"callback":115,"file":112,"line":116},"support_title_in_api_responses",68,{"type":39,"name":118,"callback":115,"file":112,"line":119},"init_graphql_request",69,{"type":39,"name":49,"callback":121,"file":112,"line":122},"add_related_posts_to_rest_responses",70,{"type":54,"name":124,"callback":125,"priority":65,"file":112,"line":126},"use_block_editor_for_post_type","disable_block_editor",71,{"type":39,"name":128,"callback":128,"file":112,"line":129},"current_screen",72,{"type":39,"name":131,"callback":132,"file":112,"line":133},"admin_enqueue_scripts","enqueue_assets",73,{"type":39,"name":135,"callback":136,"file":112,"line":137},"edit_form_after_title","render_app_container",74,{"type":39,"name":139,"callback":139,"priority":65,"file":112,"line":140},"save_post",75,{"type":39,"name":142,"callback":143,"priority":65,"file":112,"line":32},"wp_insert_post","set_post_attributes",{"type":54,"name":145,"callback":146,"priority":65,"file":112,"line":147},"redirect_post_location","append_error_to_location",77,{"type":39,"name":45,"callback":149,"file":112,"line":150},"display_save_post_errors",78,{"type":54,"name":152,"callback":153,"priority":65,"file":112,"line":154},"the_title","filter_post_titles",79,{"type":39,"name":156,"callback":157,"file":112,"line":158},"load-post.php","feedback_notice_handler",80,{"type":39,"name":160,"callback":157,"file":112,"line":161},"load-post-new.php",81,{"type":39,"name":163,"callback":164,"file":112,"line":83},"do_meta_boxes","move_meta_boxes",{"type":39,"name":163,"callback":166,"file":112,"line":167},"remove_thumbnail_meta_box",83,{"type":39,"name":169,"callback":170,"priority":65,"file":112,"line":171},"transition_post_status","maybe_add_location_callback",84,{"type":39,"name":173,"callback":174,"priority":65,"file":112,"line":22},"updated_postmeta","sync_title_field_to_posts_table",{"type":39,"name":176,"callback":174,"priority":65,"file":112,"line":177},"added_post_meta",86,{"type":39,"name":45,"callback":179,"file":112,"line":180},"render_feedback_notice",638,{"type":54,"name":145,"callback":182,"file":112,"line":183},"add_published_query_arg_to_location",786,{"type":39,"name":142,"callback":143,"priority":65,"file":112,"line":185},863,{"type":39,"name":59,"callback":85,"file":187,"line":188},"includes\\rest-api\\init-rest-api.php",12,{"type":39,"name":49,"callback":85,"file":190,"line":73},"includes\\rest-api\\routes\\content-model-field.php",{"type":39,"name":49,"callback":85,"file":192,"line":193},"includes\\rest-api\\routes\\content-model-fields.php",17,{"type":39,"name":49,"callback":85,"file":195,"line":57},"includes\\rest-api\\routes\\content-model.php",{"type":39,"name":49,"callback":85,"file":197,"line":193},"includes\\rest-api\\routes\\content-models.php",{"type":39,"name":49,"callback":85,"file":199,"line":107},"includes\\rest-api\\routes\\dismiss-feedback-banner.php",{"type":39,"name":49,"callback":85,"file":201,"line":202},"includes\\rest-api\\routes\\taxonomy.php",16,{"type":39,"name":49,"callback":85,"file":204,"line":202},"includes\\rest-api\\routes\\validate-field.php",{"type":39,"name":206,"callback":85,"file":207,"line":107},"admin_menu","includes\\settings\\settings-callbacks.php",{"type":54,"name":209,"callback":85,"file":207,"line":113},"parent_file",{"type":39,"name":131,"callback":85,"file":207,"line":211},119,{"type":39,"name":59,"callback":85,"file":207,"line":213},181,{"type":39,"name":215,"callback":85,"file":207,"line":216},"admin_init",201,{"type":39,"name":131,"callback":85,"file":218,"line":188},"includes\\shared-assets\\wp_scripts\\shared_assets.php",[],[221,229,236,241,245,249,253,256,259,262,266,269,272,276],{"namespace":222,"route":223,"methods":224,"callback":226,"permissionCallback":227,"file":51,"line":228},"atlas","content-connect\u002Fsearch",[225],"POST","process_search","check_permission",28,{"namespace":230,"route":231,"methods":232,"callback":85,"permissionCallback":234,"file":190,"line":235},"wpe","\u002Fatlas\u002Fcontent-model-field",[233],"GET","closure",30,{"namespace":230,"route":237,"methods":238,"callback":85,"permissionCallback":234,"file":190,"line":240},"\u002Fatlas\u002Fcontent-model-field\u002F([A-Za-z0-9])\\w+\u002F",[239],"DELETE",43,{"namespace":230,"route":242,"methods":243,"callback":85,"permissionCallback":234,"file":192,"line":70},"\u002Fatlas\u002Fcontent-model-fields\u002F([a-z0-9_\\-]+)",[244],"PATCH",{"namespace":230,"route":246,"methods":247,"callback":85,"permissionCallback":234,"file":195,"line":248},"\u002Fatlas\u002Fcontent-model\u002F([a-z0-9_\\-]+)",[233],27,{"namespace":230,"route":250,"methods":251,"callback":85,"permissionCallback":234,"file":195,"line":252},"\u002Fatlas\u002Fcontent-model",[225],40,{"namespace":230,"route":246,"methods":254,"callback":85,"permissionCallback":234,"file":195,"line":255},[244],53,{"namespace":230,"route":246,"methods":257,"callback":85,"permissionCallback":234,"file":195,"line":258},[239],66,{"namespace":230,"route":260,"methods":261,"callback":234,"permissionCallback":234,"file":197,"line":70},"\u002Fatlas\u002Fcontent-models\u002F",[233],{"namespace":230,"route":260,"methods":263,"callback":85,"permissionCallback":234,"file":197,"line":265},[264],"PUT",38,{"namespace":230,"route":267,"methods":268,"callback":85,"permissionCallback":234,"file":199,"line":57},"\u002Fatlas\u002Fdismiss-feedback-banner",[225],{"namespace":230,"route":270,"methods":271,"callback":85,"permissionCallback":234,"file":201,"line":67},"\u002Fatlas\u002Ftaxonomy",[233],{"namespace":230,"route":273,"methods":274,"callback":85,"permissionCallback":234,"file":201,"line":275},"\u002Fatlas\u002Ftaxonomy\u002F(?P\u003Ctaxonomy>[\\w-]+)",[239],35,{"namespace":230,"route":277,"methods":278,"callback":85,"permissionCallback":234,"file":204,"line":67},"\u002Fatlas\u002Fvalidate-unique-email",[233],[],[],14,{"dangerousFunctions":283,"sqlUsage":289,"outputEscaping":300,"fileOperations":302,"externalRequests":303,"nonceChecks":290,"capabilityChecks":304,"bundledLibraries":305},[284],{"fn":285,"file":286,"line":287,"context":288},"shell_exec","includes\\wp-cli\\class-blueprint.php",354,"shell_exec( \"open {$temp_dir}\" ); \u002F\u002F phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_calls",{"prepared":67,"raw":290,"locations":291},2,[292,296],{"file":293,"line":294,"context":295},"includes\\blueprints\\export.php",312,"$wpdb->get_results() with variable interpolation",{"file":297,"line":298,"context":299},"includes\\wp-cli\\class-reset.php",168,"$wpdb->query() with variable interpolation",{"escaped":275,"rawEcho":23,"locations":301},[],5,1,18,[],[307,325],{"entryPoint":308,"graph":309,"unsanitizedCount":23,"severity":324},"display_save_post_errors (includes\\publisher\\class-publisher-form-editing-experience.php:619)",{"nodes":310,"edges":321},[311,316],{"id":312,"type":313,"label":314,"file":112,"line":315},"n0","source","$_GET['atlas-content-modeler-publisher-save-error']",625,{"id":317,"type":318,"label":319,"file":112,"line":315,"wp_function":320},"n1","sink","echo() [XSS]","echo",[322],{"from":312,"to":317,"sanitized":323},true,"low",{"entryPoint":326,"graph":327,"unsanitizedCount":23,"severity":324},"\u003Cclass-publisher-form-editing-experience> (includes\\publisher\\class-publisher-form-editing-experience.php:0)",{"nodes":328,"edges":340},[329,332,336,338],{"id":312,"type":313,"label":330,"file":112,"line":331},"$_POST",341,{"id":317,"type":318,"label":333,"file":112,"line":334,"wp_function":335},"get_var() [SQLi]",433,"get_var",{"id":337,"type":313,"label":314,"file":112,"line":315},"n2",{"id":339,"type":318,"label":319,"file":112,"line":315,"wp_function":320},"n3",[341,342],{"from":312,"to":317,"sanitized":323},{"from":337,"to":339,"sanitized":323},{"summary":344,"deductions":345},"The \"atlas-content-modeler\" v0.26.2 plugin exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of vulnerabilities in its historical record, indicating a potentially well-maintained and secure codebase over time. Furthermore, the plugin demonstrates excellent practices regarding output escaping, with 100% of outputs properly escaped, and a high percentage (92%) of SQL queries utilizing prepared statements, which is crucial for preventing SQL injection. The attack surface is well-secured, with all entry points having appropriate authentication and permission checks in place.\n\nHowever, a notable concern is the presence of the `shell_exec` function. While it is only one instance, the use of such a function can introduce significant security risks if not handled with extreme care, potentially allowing for remote code execution if user input is not rigorously sanitized. The taint analysis did not reveal any unsanitized paths, which is a positive sign that this specific function might be used in a controlled manner. The limited number of file operations and external HTTP requests also suggest a contained functionality, reducing potential attack vectors.\n\nIn conclusion, the plugin is largely secure with robust defenses against common web vulnerabilities. The only significant flag is the `shell_exec` function. Given the lack of historical vulnerabilities and the secure handling of other potential entry points, the risk associated with `shell_exec` might be mitigated by internal coding practices. Nevertheless, its presence warrants vigilance and thorough code review.",[346],{"reason":347,"points":65},"Presence of dangerous function 'shell_exec'","2026-03-16T20:36:52.254Z",{"wat":350,"direct":363},{"assetPaths":351,"generatorPatterns":355,"scriptPaths":356,"versionParams":359},[352,353,354],"\u002Fwp-content\u002Fplugins\u002Fatlas-content-modeler\u002Fincludes\u002Fsettings\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Fatlas-content-modeler\u002Fincludes\u002Fshared-assets\u002Fdist\u002Fjs\u002Fshared_assets.js","\u002Fwp-content\u002Fplugins\u002Fatlas-content-modeler\u002Fincludes\u002Fpublisher\u002Fdist\u002Fjs\u002Fapp.js",[],[357,358],"shared_assets","acm-app",[360,361,362],"atlas-content-modeler\u002Fincludes\u002Fsettings\u002Fsettings.css?ver=","atlas-content-modeler\u002Fincludes\u002Fshared-assets\u002Fdist\u002Fjs\u002Fshared_assets.js?ver=","atlas-content-modeler\u002Fincludes\u002Fpublisher\u002Fdist\u002Fjs\u002Fapp.js?ver=",{"cssClasses":364,"htmlComments":367,"htmlAttributes":370,"restEndpoints":373,"jsGlobals":375,"shortcodeOutput":379},[365,366],"acm-admin-notice","acm-app-container",[368,369],"\u003C!-- ACM - Start of App -->","\u003C!-- ACM - End of App -->",[371,372],"data-acm-model-slug","data-acm-post-id",[374],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fatlas-content-modeler\u002F",[376,377,378],"ACM","ACMRelationship","ACMPostType",[]]