[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqArfyTs29HAV0XU4fLXR3wXITt5JYpEBdJAAShjJjH4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":36,"analysis":136,"fingerprints":284},"automatic-tags","Automatic Tags","0.1.0","chiefastro","https:\u002F\u002Fprofiles.wordpress.org\u002Fchiefastro\u002F","\u003Cp>Automatic Tags uses machine learning to automatically categorize and tag your posts.\u003C\u002Fp>\n\u003Cp>Major features in Automatic Tags include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Suggests tags for your post within the editor, in 3 different ways.\n\u003Col>\n\u003Cli>Existing tags mentioned in your post\u003C\u002Fli>\n\u003Cli>Keywords mentioned in your post\u003C\u002Fli>\n\u003Cli>Topics related to your post content\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Add all suggested tags with one click.\u003C\u002Fli>\n\u003Cli>Suggests a category for your post within the editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: To get suggestions, you’ll need an API key from \u003Ca href=\"https:\u002F\u002Fwpautotag.com\" rel=\"nofollow ugc\">wpautotag.com\u003C\u002Fa>.\u003Cbr \u002F>\nKeys are free and can be used on as many domains as you like.\u003Cbr \u002F>\nWhile editing posts, this plugin will send basic information about your post to the wpautotag.com API. The following information about your post is sent: post content, title, categories, tags, domain name, and (optionally) counts of how many posts you’ve published in each category. You can decline to send category counts by turning on the “blank slate” option on the settings page.\u003Cbr \u002F>\nRegistering for an API key requires agreeing to the \u003Ca href=\"https:\u002F\u002Fwpautotag.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpautotag.com\u002Fterms-of-use\u002F\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa> of wpautotag.com.\u003C\u002Fp>\n","Automatically tag and categorize your posts.",10,1348,40,1,"2021-08-06T03:47:00.000Z","5.8.0","5.0","7.3",[20,21,22,23,24],"categories","machine-learning","natural-language-processing","tags","taxonomy","https:\u002F\u002Fwpautotag.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-tags.0.1.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},30,84,"2026-04-04T17:25:00.316Z",[37,57,76,99,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":28,"num_ratings":28,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"jsm-show-term-meta","JSM Show Term Metadata","4.8.0","JS Morisset","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsmoriss\u002F","\u003Cp>The JSM Show Term Metadata plugin displays term (ie. categories, tags, and custom taxonomies) meta keys and unserialized values in a metabox at the bottom of the term editing page.\u003C\u002Fp>\n\u003Cp>There are no plugin settings – simply install and activate the plugin.\u003C\u002Fp>\n\u003Ch4>Shows Yoast SEO Term Meta\u003C\u002Fh4>\n\u003Cp>Yoast SEO stores its term (ie. categories, tags, and custom taxonomies) metadata in the WordPress options table, not the term meta table.\u003C\u002Fp>\n\u003Cp>The JSM Show Term Metadata plugin can read and display Yoast SEO’s term metadata, but it cannot be deleted (as it does not reside in the WordPress term meta table).\u003C\u002Fp>\n\u003Ch4>Available Filters for Developers\u003C\u002Fh4>\n\u003Cp>Filter the term meta shown in the metabox:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmstm_metabox_table_metadata' ( array $metadata, $term_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Array of regular expressions to exclude meta keys:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmstm_metabox_table_exclude_keys' ( array $exclude_keys, $term_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to show term meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmstm_show_metabox_capability' ( 'manage_options', $term_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show term meta for a taxonomy (defaults to true):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmstm_show_metabox_taxonomy' ( true, $taxonomy )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to delete term meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmstm_delete_meta_capability' ( 'manage_options', $term_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Icon for the delete term meta button:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmstm_delete_meta_icon_class' ( 'dashicons dashicons-table-row-delete' )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Related Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-comment-meta\u002F\" rel=\"ugc\">JSM Show Comment Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-order-meta\u002F\" rel=\"ugc\">JSM Show Order Metadata for WooCommerce HPOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-post-meta\u002F\" rel=\"ugc\">JSM Show Post Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-term-meta\u002F\" rel=\"ugc\">JSM Show Term Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-user-meta\u002F\" rel=\"ugc\">JSM Show User Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-registered-shortcodes\u002F\" rel=\"ugc\">JSM Show Registered Shortcodes\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Show term metadata in a metabox when editing terms - a great tool for debugging issues with term metadata.",800,31027,"2026-03-11T18:11:00.000Z","6.9.4","6.0","7.4.33",[20,52,23,24,53],"metadata","terms","https:\u002F\u002Fsurniaulula.com\u002Fextend\u002Fplugins\u002Fjsm-show-term-meta\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjsm-show-term-meta.4.8.0.zip",100,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":72,"download_link":75,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bulk-add-terms","Bulk Add Terms","2.0.4","Sohan Zaman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsohan5005\u002F","\u003Cp>Have you ever been frustrated adding more and more categories or tags or any other terms in a rush? Don’t worry anymore. You can add thousands of terms in one go with this plugin.\u003C\u002Fp>\n\u003Ch3>How do I do that?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install the plugin and activate. A new menu called ‘Add Bulk Terms’ will pop up.\u003C\u002Fli>\n\u003Cli>Click on the menu and you’ll be taken to a new page where you will see all the registered taxonomy either by theme or any plugin.\u003C\u002Fli>\n\u003Cli>First select a taxonomy which you want to add terms.\u003C\u002Fli>\n\u003Cli>Then insert the terms in the right side textarea. Make sure each line contains only one term.\u003C\u002Fli>\n\u003Cli>Click on ‘Add Now’ button. A little confirmation will pop up just to make sure you have inserted everything correctly. Click yes and BOOM. All terms are added.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>What about nesting parent and child?\u003C\u002Fh3>\n\u003Cp>This plugin supports to do that. You can go and do nesting. You can indent child levels with a dash (-). For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Foo\n-Bar\n-Baz\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In the example above, ‘foo’ will be parent while ‘bar’ and ‘baz’ will be child of it.\u003Cbr \u002F>\nYou can use correct indent to make even more child of child. Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Foo\n-Bar\n--Baz\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Complex nesting example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Foo\n-Child of Foo~~foo-custom-slug\n--Grand child of Foo~~grand-child-slug\n-Second child of Foo\nBaz is sibling of Foo\n-Nephew of Foo\n--Grand child of Baz\n--Second grand child\n-Son of Baz\n-Daughter of Baz~~daughter-custom-slug\nI am a lonely term\nDo not have child\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Unfortunately the maximum supported level is as deep as the SEA.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited terms per time\u003C\u002Fli>\n\u003Cli>Unlimited level of nesting\u003C\u002Fli>\n\u003Cli>Supports any registered taxonomy. (only those which can be added or removed within UI)\u003C\u002Fli>\n\u003Cli>Uses AJAX request\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Cem>version 2.0 update\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\n* Custom slugs for each terms. Use the \u003Ccode>~~\u003C\u002Fcode> symbol to seperate name and slug.\u003Cbr \u002F>\n* Get all terms from selected taxonomy as a template. Later, use that template to add them to another taxonomy.\u003Cbr \u002F>\n* Remove all terms that were added by the plugin from selected taxonomy. (Requires at least WordPress 4.4 and plugin version 2.0 when Adding and deleting the terms)\u003C\u002Fp>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You can’t add child items to those terms which are already added. If you try to do, the given parent item will add as a new term.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>GitHub repository: https:\u002F\u002Fgithub.com\u002Fsohan5005\u002Fbulk-add-terms\u003C\u002Fp>\n","A lightweight plugin to add thousands of taxonomy terms in one go.",600,15107,78,17,"2018-05-18T19:37:00.000Z","4.9.29","3.0.0","",[74,20,23,24,53],"admin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-add-terms.2.0.4.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":56,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":17,"requires_php":89,"tags":90,"homepage":95,"download_link":96,"security_score":97,"vuln_count":14,"unpatched_count":28,"last_vuln_date":98,"fetched_at":30},"term-taxonomy-converter","Term Taxonomy Converter","1.3.0","Dhanendran Rajagopal","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhanendran\u002F","\u003Cp>Initial version of this plugin is a fork of https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftaxonomy-converter\u002F.\u003C\u002Fp>\n\u003Cp>Copy or convert terms between taxonomies.\u003C\u002Fp>\n\u003Cp>Taxonomies include categories, tags and any other custom taxonomies that may be present with your active theme and plugins.\u003C\u002Fp>\n\u003Cp>This plugin, allows you to copy (duplicate) or convert (move) terms from one taxonomy to another or to multiple taxonomies, while maintaining associated posts.\u003C\u002Fp>\n","Copy or convert terms between taxonomies.",500,8562,6,"2025-11-28T13:54:00.000Z","6.8.5","7.4",[91,92,93,94,53],"categories-and-tags-converter","copy-taxonomies","duplicate-taxonomies","taxonomy-converter","https:\u002F\u002Fgithub.com\u002Fdhanendran\u002Fterm-taxonomy-converter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fterm-taxonomy-converter.1.3.0.zip",99,"2025-01-21 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":34,"num_ratings":109,"last_updated":110,"tested_up_to":88,"requires_at_least":111,"requires_php":72,"tags":112,"homepage":72,"download_link":117,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"woo-autocomplete-search-bar","E-Commerce Autocomplete Search Bar","1.5","Gabriel","https:\u002F\u002Fprofiles.wordpress.org\u002Frun-man\u002F","\u003Cp>E-Commerce Autocomplete Search Bar: This autocomplete search bar allows your users to search through all E-Commerce products, categories, tags, or taxonomy.\u003C\u002Fp>\n\u003Cp>If the taxonomy option is enable only products that belong to the selected taxonomy will display in the searchbar.\u003C\u002Fp>\n\u003Cp>This plugin will display using either a shortcode or widget.\u003C\u002Fp>\n\u003Cp>If you’ve found this plugin helpful, please leave a review. If you’ve had issues with the plugin, please leave a support request so we can give you a hand before you decide on the usefulness of it.\u003C\u002Fp>\n","E-Commerce Autocomplete Search Bar: An autocomplete searchbar for E-Commerce products, categories, tags, or taxonomy",200,11509,5,"2025-11-13T10:10:00.000Z","3.0.1",[113,114,115,116],"woocomerce-categories-search-bar","woocomerce-tags-search-bar","woocommerce-autocomplete-searchbar","woocommerce-taxonomy-search-bar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-autocomplete-search-bar.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":56,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":70,"requires_at_least":130,"requires_php":72,"tags":131,"homepage":134,"download_link":135,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"required-fields","Required Fields","1.9.5","NikosTsolakos","https:\u002F\u002Fprofiles.wordpress.org\u002Fnikostsolakos\u002F","\u003Ch3>Required Fields\u003C\u002Fh3>\n\u003Cp>You Can Require Categories, Tags, thumbnail, title if you have forgotten something We can remind you With an simple Alert.\u003C\u002Fp>\n\u003Ch3>The Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Enable \u002F Disable The Plugin\u003C\u002Fli>\n\u003Cli>Set On \u002F Off all the settings\u003C\u002Fli>\n\u003Cli>Set On\u002FOff Required Fields For Drafts\u003C\u002Fli>\n\u003Cli>Set Custom Alerts Message\u003C\u002Fli>\n\u003Cli>Set Required Fields For Pages\u003C\u002Fli>\n\u003Cli>Set Required Fields For Posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Rate This Plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Frequired-fields\" rel=\"ugc\">Required Fields\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>My Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-preloader\u002F\" rel=\"ugc\">Custom Preloader\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Required Fields can help you write your Posts, Pages without forgetting fields, if you forget something you'll be alerted about that!",45616,88,7,"2018-02-07T15:47:00.000Z","4.x",[20,132,133,23,24],"fields","required","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frequired-fields\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frequired-fields.1.9.5.zip",{"attackSurface":137,"codeSignals":205,"taintFlows":235,"riskAssessment":274,"analyzedAt":283},{"hooks":138,"ajaxHandlers":180,"restRoutes":189,"shortcodes":203,"cronEvents":204,"entryPointCount":197,"unprotectedCount":144},[139,145,148,153,157,161,164,169,172,176],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","rest_api_init","wpat_suggested_category_api","callbacks.php",2,{"type":140,"name":141,"callback":146,"file":143,"line":147},"wpat_suggested_tags_api",92,{"type":140,"name":149,"callback":150,"file":151,"line":152},"admin_print_styles","wpat_enqueue_styles","wpautotag.php",22,{"type":140,"name":154,"callback":155,"file":151,"line":156},"admin_enqueue_scripts","wpat_script_enqueue_edit_post",90,{"type":140,"name":158,"callback":159,"file":151,"line":160},"admin_menu","wpat_add_tag_suggestion_metabox",130,{"type":140,"name":158,"callback":162,"file":151,"line":163},"wpat_add_settings_page",156,{"type":165,"name":166,"callback":167,"file":151,"line":168},"filter","sanitize_option_wpat_capital_strategy_cat","sanitize_option_wpat_capital_strategy_callback",170,{"type":165,"name":170,"callback":167,"file":151,"line":171},"sanitize_option_wpat_capital_strategy_tag",174,{"type":165,"name":173,"callback":174,"file":151,"line":175},"sanitize_option_wpat_api_key","sanitize_option_wpat_api_key_callback",181,{"type":140,"name":177,"callback":178,"file":151,"line":179},"admin_notices","wpat_admin_notice_upon_activation",367,[181,187],{"action":182,"nopriv":183,"callback":184,"hasNonce":185,"hasCapCheck":185,"file":143,"line":186},"wpat_maybe_create_tags",true,"wpat_maybe_create_tags_callback",false,229,{"action":182,"nopriv":185,"callback":184,"hasNonce":185,"hasCapCheck":185,"file":143,"line":188},230,[190,198],{"namespace":191,"route":192,"methods":193,"callback":195,"permissionCallback":196,"file":143,"line":197},"wpautotag\u002Fv1","\u002Fcategory\u002Fsuggest\u002F",[194],"GET","wpat_get_suggested_category_rest","closure",4,{"namespace":191,"route":199,"methods":200,"callback":201,"permissionCallback":196,"file":143,"line":202},"\u002Ftag\u002Fsuggest\u002F",[194],"wpat_get_suggested_tags_rest",94,[],[],{"dangerousFunctions":206,"sqlUsage":207,"outputEscaping":209,"fileOperations":28,"externalRequests":144,"nonceChecks":28,"capabilityChecks":233,"bundledLibraries":234},[],{"prepared":28,"raw":28,"locations":208},[],{"escaped":210,"rawEcho":11,"locations":211},12,[212,215,217,219,221,223,225,227,229,231],{"file":151,"line":213,"context":214},261,"raw output",{"file":151,"line":216,"context":214},262,{"file":151,"line":218,"context":214},263,{"file":151,"line":220,"context":214},271,{"file":151,"line":222,"context":214},276,{"file":151,"line":224,"context":214},294,{"file":151,"line":226,"context":214},299,{"file":151,"line":228,"context":214},317,{"file":151,"line":230,"context":214},322,{"file":151,"line":232,"context":214},374,3,[],[236,263],{"entryPoint":237,"graph":238,"unsanitizedCount":28,"severity":262},"wpat_settings_page (wpautotag.php:185)",{"nodes":239,"edges":259},[240,245,251,254],{"id":241,"type":242,"label":243,"file":151,"line":244},"n0","source","$_POST (x4)",209,{"id":246,"type":247,"label":248,"file":151,"line":249,"wp_function":250},"n1","sink","update_option() [Settings Manipulation]",220,"update_option",{"id":252,"type":242,"label":253,"file":151,"line":244},"n2","$_POST",{"id":255,"type":247,"label":256,"file":151,"line":257,"wp_function":258},"n3","echo() [XSS]",264,"echo",[260,261],{"from":241,"to":246,"sanitized":183},{"from":252,"to":255,"sanitized":183},"low",{"entryPoint":264,"graph":265,"unsanitizedCount":28,"severity":262},"\u003Cwpautotag> (wpautotag.php:0)",{"nodes":266,"edges":271},[267,268,269,270],{"id":241,"type":242,"label":243,"file":151,"line":244},{"id":246,"type":247,"label":248,"file":151,"line":249,"wp_function":250},{"id":252,"type":242,"label":253,"file":151,"line":244},{"id":255,"type":247,"label":256,"file":151,"line":257,"wp_function":258},[272,273],{"from":241,"to":246,"sanitized":183},{"from":252,"to":255,"sanitized":183},{"summary":275,"deductions":276},"The \"automatic-tags\" plugin v0.1.0 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, not performing raw SQL queries, and not utilizing bundled libraries. The absence of any recorded vulnerabilities in its history is also a strong positive signal, suggesting the developers have been diligent about security or the plugin has not been extensively targeted. However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without authentication checks, creating a substantial attack surface that could be leveraged by unauthenticated users. Additionally, while there are capability checks present, the lack of nonce checks on the unprotected AJAX handlers is a critical oversight, as it leaves these endpoints vulnerable to Cross-Site Request Forgery (CSRF) attacks.  The incomplete output escaping (only 55% properly escaped) also suggests potential for Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is not handled carefully within the unescaped outputs.",[277,279,281],{"reason":278,"points":128},"Unprotected AJAX handlers",{"reason":280,"points":128},"Missing nonce checks on AJAX",{"reason":282,"points":109},"Insufficient output escaping","2026-03-17T01:40:52.480Z",{"wat":285,"direct":296},{"assetPaths":286,"generatorPatterns":288,"scriptPaths":289,"versionParams":292},[287],"\u002Fwp-content\u002Fplugins\u002Fautomatic-tags\u002Fstyle.css",[],[290,291],"\u002Fwp-content\u002Fplugins\u002Fautomatic-tags\u002Fjs\u002Fwpat-cats.js","\u002Fwp-content\u002Fplugins\u002Fautomatic-tags\u002Fjs\u002Fwpat-tags.js",[293,294,295],"automatic-tags\u002Fstyle.css?ver=","wpat-cats.js?ver=","wpat-tags.js?ver=",{"cssClasses":297,"htmlComments":301,"htmlAttributes":302,"restEndpoints":304,"jsGlobals":305,"shortcodeOutput":308},[298,299,300],"wpat_tag_container","wpat-suggest-action-header","wpat-suggest-action-link",[],[303],"data-ajaxaction",[],[306,307],"wpat_ajax_object_cats","wpat_ajax_object_tags",[]]