[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNLinamX69btu-IJhCywOcv-2SISBLMtv4xA5zRtHxOg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":141,"fingerprints":172},"aye-aye-frame","Aye Aye Frame","1","utcwebdesign","https:\u002F\u002Fprofiles.wordpress.org\u002Futcwebdesign\u002F","\u003Cp>WordPress is such an awesome tool that it even strips some HTML, such as iframes, as a security measure. Unfortunately sometimes we need to use iframes so Aye Aye Frame gives you back that freedom with the use of a shortcode [ayeframe]. Simply wrap the url you would like to feature in the custom shortcode –\u003C\u002Fp>\n\u003Cp>[ayeframe]YOUR URL HERE[\u002Fayeframe]\u003C\u002Fp>\n\u003Cp>and hey presto! you have an iframe on your WordPress blog.\u003C\u002Fp>\n\u003Cp>The code or url you insert between the shortcode tags is the equivalent of the ‘src’ section of the iframe code.\u003C\u002Fp>\n\u003Cp>Customise your Aye Aye Frame\u003C\u002Fp>\n\u003Cp>As with normal iframes, extra parameters can be added to customise the size, borders and other elements. Any, all or none of these parametres may be used.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    Extra parameters\n    'width' = Takes a number to customise the width of the iframe. Default = 250\n    'height' = Takes a number to customise the height of the iframe. Default = 250\n    'frameborder' = Specifies whether to add a border to the iframe (0 = no, 1 = yes). Default = 0\n    'marginheight' = Specifies the top and bottom margins of an iframe. Default = 0\n    'marginwidth' = Specifies the left and right margins of an iframe. Default = 0\n    'name' = Specifies the name of the iframe. Default = No default\u003Cbr \u002F>\n    'scrolling' = Specifies whether or not to display scrollbars in an iframe (yes, no, auto). Default = auto\n    'id'= Specifies the id of your iframe. No default\n    'class' = Specifies the class name of your iframe. Default = No default\n    'title' = Specifies the title of your iframe. No default\n\n    Example usage of extra parameters\n\n   [ayeframe width=500 height=500 frameborder=1 marginheight=5 marginwidth=5 name=myFrameName scrolling=0 id=myFrameID class=myFrameClass title=myFrameTitle]http:\u002F\u002Fwww.my_ayeframe_url[\u002Fayeframe]\n\n   Any questions?\n    Aye Aye Frame was created just for fun (thats right, FUN!) by Christian Senior at www.utcwebdesign.co.uk but if you have any questions or suggestions you are welcome to get in touch using the contact information on the website.\n    Keep up to date with this plugin at http:\u002F\u002Fwww.utcwebdesign.co.uk\u002Fblog\u002Fdevelopment\u002Faye-aye-frame-wordpress-plugin\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allows the use of iframes in your blog using a custom shortcode",10,1970,0,"2011-09-20T07:01:00.000Z","3.2.1","3.0","",[19,20,21],"html","iframe","strip-tags","http:\u002F\u002Fwww.utcwebdesign.co.uk\u002Fblog\u002Fdevelopment\u002Faye-aye-frame-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faye-aye-frame.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},2,20,30,84,"2026-04-04T22:00:21.323Z",[35,56,75,94,115],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":54,"download_link":55,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"unfiltered-mu","Unfiltered MU","1.3.1","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>Unfiltered MU gives Administrators and Editors the \u003Ccode>unfiltered_html\u003C\u002Fcode> capability.  This prevents WordPress MU\u002FWordPress 3.0 multisite from stripping \u003Ccode>\u003Ciframe>\u003C\u002Fcode>, \u003Ccode>\u003Cembed>\u003C\u002Fcode>, etc. from these users’ posts. Authors and Contributors do not get this capability for security reasons.\u003C\u002Fp>\n\u003Cp>The plugin can either be used globally for your entire MU site, or it can be applied on a blog-by-blog basis.\u003C\u002Fp>\n\u003Cp>For WordPress MU or WordPress 3.0 multisite only. Regular WordPress already offers this feature and does not need this plugin.\u003C\u002Fp>\n\u003Cp>Warning! This is a very dangerous plugin to activate if you have untrusted users on your site. Any user could add Javascript code to steal the login cookies of any visitor who runs a blog on the same site. The rogue user can then inpersonate any of those users and wreak havoc. If all you want is to display videos on your WordPress MU blogs, use the native \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FEmbeds\" rel=\"nofollow ugc\">Embed Support\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fvipers-video-quicktags\u002F\" rel=\"ugc\">Viper’s Video Quicktags\u003C\u002Fa> or any of the other \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fvideo\" rel=\"ugc\">video plugins\u003C\u002Fa> on WordPress.org.\u003Cbr \u002F>\nIf you use this plugin your site will be hacked in one way or another if you allow anonymous users on the Internet to create blogs on your site. It’s very dangerous.\u003C\u002Fp>\n\u003Cp>Are you still 100% sure you want to use this plugin?\u003C\u002Fp>\n","This WordPress MU\u002FWordPress 3.0 multisite plugin gives blog Administrators and Editors the ability to post whatever HTML they want.",2000,121016,98,14,"2018-12-20T09:34:00.000Z","5.0.25","2.9.2",[51,19,20,52,53],"embed","object","script","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Funfiltered-mu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funfiltered-mu.1.3.1.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":32,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":17,"tags":70,"homepage":73,"download_link":74,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"pageview","PageView","1.6","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>PageView is a plugin that will display another web page inside the current post. This is achieved with the use of an\u003Cbr \u002F>\niframe – an HTML tag that allows a webpage to be displayed inline with the current page.\u003C\u002Fp>\n\u003Cp>To use:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[pageview url=\"http:\u002F\u002Furbangiraffe.com\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Optional arguments:\u003C\u002Fp>\n\u003Cp>title = A title to show under the iframe\u003Cbr \u002F>\ndesc = A description to show under the iframe\u003Cbr \u002F>\nwidth = Width of iframe, in px or %\u003Cbr \u002F>\nheight = Height of iframe, in px or %\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation can be found on the \u003Ca href=\"http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fpageview\u002F\" rel=\"nofollow ugc\">Pageview\u003C\u002Fa> page.\u003C\u002Fp>\n","Insert an iframe and display an external website directly in a post using just a shortcode.",1000,73637,6,"2017-11-28T20:21:00.000Z","4.1.42","2.5",[51,19,20,71,72],"page","post","http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fpageview\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpageview.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":13,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":16,"requires_php":17,"tags":87,"homepage":89,"download_link":90,"security_score":91,"vuln_count":92,"unpatched_count":92,"last_vuln_date":93,"fetched_at":26},"iframe-widget","IFrame Widget","4.1","Debashish","https:\u002F\u002Fprofiles.wordpress.org\u002Fdebashish\u002F","\u003Cp>The IFrame widget can display any external HTML page inside an \u003Ca href=\"http:\u002F\u002Fwww.w3.org\u002FTR\u002Fhtml4\u002Fpresent\u002Fframes.html#edef-IFRAME\" title=\"Know more about IFrames\" rel=\"nofollow ugc\">HTML IFrame\u003C\u002Fa> component. The need came from the Hindi Tagcloud JSP that I had once created for \u003Ca href=\"http:\u002F\u002Fweb.archive.org\u002Fweb\u002F20080821123115\u002Fhttp:\u002F\u002Fwww.myjavaserver.com\u002F~hindi\" title=\"Chittha Vishwa, Hindi for World of Blogs, is the first ever Hindi blog aggregator\" rel=\"nofollow ugc\">Chittha Vishwa\u003C\u002Fa> and I always thought that there should be some way to display that page on my blog.\u003C\u002Fp>\n\u003Ch4>What’s new in verson 4.x of this plugin?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>The Widget now offers configuration of IFrame Border and Scrolling attributes.\u003C\u002Fli>\n\u003Cli>You can now have multiple instances of Sidebar Widgets, thanks to the new Widget API to which this plugin has been re-written.\u003C\u002Fli>\n\u003Cli>A new “Markup Generator” to easily generate the markup that can simply be copy-pasted on your page.\u003C\u002Fli>\n\u003C\u002Fol>\n","IFrame widget can display any external HTML page inside an HTML IFrame component.",600,58039,"2012-09-20T11:50:00.000Z","3.4.2",[19,20,76,88],"widget","http:\u002F\u002Fnullpointer.debashish.com\u002Fiframe-widget-for-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fiframe-widget.4.1.zip",63,1,"2025-06-05 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":17,"tags":109,"homepage":113,"download_link":114,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"safe-paste","Safe Paste","1.1.9","Samuel Aguilera","https:\u002F\u002Fprofiles.wordpress.org\u002Fsamuelaguilera\u002F","\u003Cp>WordPress do a great job by default filtering potentially dangerous code inside your content. So this plugin is NOT about security.\u003C\u002Fp>\n\u003Cp>But people can break your site design without compromising your security… That’s the purpose of this little plugin.\u003C\u002Fp>\n\u003Cp>Do you have users that creates content for you?. Do you own an online Magazine?\u003C\u002Fp>\n\u003Cp>If you answer yes to at least one of the above questions, I’m sure you have minor design troubles in your site because of your users using copy\u002Fpaste (ofcourse without using TinyMCE buttons to remove code) while not being aware of all the HTML tags they are pasting…\u003C\u002Fp>\n\u003Cp>This plugin simply removes a lot of HTML tags (and non breaking space HTML entitie) from post and page content before inserting it to database. Preventing users (including you) to paste undesired HTML tags to the content.\u003C\u002Fp>\n\u003Cp>It only does his work while you’re editing your post\u002Fpage (it can be in any status). So it’ll do the job on the new post\u002Fpages you create after the activation of the plugin and in old content that you edit after the plugin activation.\u003C\u002Fp>\n\u003Cp>These are the HTML tags that stays:\u003C\u002Fp>\n\u003Cp>\u003Cp>\u003Cbr \u002F>\n\u003Ca> (allowed attributes: href, title).\u003Cbr \u002F>\n\u003Cimg> (allowed attributes: src, alt, class).\u003Cbr \u002F>\n\u003Ch1>\u003Cbr \u002F>\n\u003Ch2>\u003Cbr \u002F>\n\u003Ch3>\u003Cbr \u002F>\n\u003Ch4>\u003Cbr \u002F>\n\u003Ch5>\u003Cbr \u002F>\n\u003Ch6>\u003Cbr \u002F>\n\u003Cblockquote>\u003Cbr \u002F>\n\u003Col>\u003Cbr \u002F>\n\u003Cul>\u003Cbr \u002F>\n\u003Cli>\u003Cbr \u002F>\n\u003Cem>\u003Cbr \u002F>\n\u003Cstrong>\u003Cbr \u002F>\n\u003Cdel>\u003Cbr \u002F>\n\u003Ccode>\u003Cbr \u002F>\n\u003Cins>\u003C\u002Fp>\n\u003Cp>Any other HTML tag (or attributes) and &nbsp; (non breaking space) should be removed.\u003C\u002Fp>\n\u003Cp>Users with ‘unfiltered_html’ WP core capability (by default administrator and editor roles), will be excluded from the filter.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE: This program is distributed under \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">GPL2\u003C\u002Fa> licence in the hope that it will be useful, but WITHOUT ANY WARRANTY. I’m not responsible of ANY trouble or damage your site may have due to the use of this plugin. YOU and only YOU are responsible of your site and having backups and restoration plans. If you use this plugin you’re accepting this.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FKISS_principle\" rel=\"nofollow ugc\">KISS\u003C\u002Fa> philosofy 🙂\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.x or higher.\u003C\u002Fli>\n\u003C\u002Ful>\n","Removes a lot of HTML tags from post and page content before inserting it to database. Preventing users to paste undesired HTML tags to content.",200,5254,100,5,"2020-04-10T12:46:00.000Z","5.4.19","4.0",[110,19,111,21,112],"editor","post-content","tinymce","http:\u002F\u002Fwww.samuelaguilera.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-paste.1.1.9.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":137,"download_link":138,"security_score":125,"vuln_count":139,"unpatched_count":13,"last_vuln_date":140,"fetched_at":26},"google-sitemap-generator","XML Sitemap Generator for Google","4.1.23","Auctollo","https:\u002F\u002Fprofiles.wordpress.org\u002Fauctollo\u002F","\u003Cp>Generate XML and HTML sitemaps for your website with ease using the XML Sitemap Generator for Google. This plugin enables you to improve your SEO rankings by creating page, image, news, video, HTML, and RSS sitemaps. It also supports custom post types and taxonomies, allowing you to ensure that all of your content is being indexed by search engines. With a user-friendly interface, you can easily configure the plugin to suit your needs and generate sitemaps in just a few clicks. Keep your website up-to-date and make sure that search engines are aware of all of your content by using the XML Sitemap Generator for Google.\u003C\u002Fp>\n\u003Cp>The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.\u003C\u002Fp>\n\u003Cp>Supported for more than a decade and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbrowse\u002Fpopular\u002Fpage\u002F2\u002F#:~:text=XML%20Sitemap%20Generator%20for%20Google\" rel=\"ugc\">rated among the best\u003C\u002Fa>, it will do exactly what it’s supposed to do – providing a complete XML sitemap for search engines!\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>If you like the plugin, feel free to rate it! 🙂\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Related Links:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fread-before-opening-a-new-support-topic\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial site.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>The plugin comes with various translations, please refer to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FInstalling_WordPress_in_Your_Language\" title=\"Installing WordPress in Your Language\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa> for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the sitemap.pot file which contains all definitions and may be used with a \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fsoftware\u002Fgettext\u002F\" rel=\"nofollow ugc\">gettext\u003C\u002Fa> editor like \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002F\" rel=\"nofollow ugc\">Poedit\u003C\u002Fa> (Windows).\u003C\u002Fp>\n","Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.",1000000,42745610,96,2229,"2026-02-07T04:58:00.000Z","6.9.4","4.6","5.0",[132,133,134,135,136],"html-sitemap","news-sitemap","seo","video-sitemap","xml-sitemap","https:\u002F\u002Fauctollo.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-sitemap-generator.4.1.23.zip",3,"2025-10-31 00:00:00",{"attackSurface":142,"codeSignals":157,"taintFlows":164,"riskAssessment":165,"analyzedAt":171},{"hooks":143,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":156,"entryPointCount":92,"unprotectedCount":13},[144],{"type":145,"name":146,"callback":147,"file":148,"line":11},"action","admin_menu","aye_aye_frame_help","aye-aye-frame.php",[],[],[152],{"tag":153,"callback":154,"file":148,"line":155},"ayeframe","ayeFrame",74,[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":92,"bundledLibraries":163},[],{"prepared":13,"raw":13,"locations":160},[],{"escaped":13,"rawEcho":13,"locations":162},[],[],[],{"summary":166,"deductions":167},"The aye-aye-frame plugin v1 exhibits a generally strong security posture based on the static analysis.  It demonstrates good practices by having no dangerous functions, all SQL queries utilize prepared statements, and all outputs are properly escaped.  Furthermore, the absence of file operations and external HTTP requests minimizes common attack vectors. The plugin also appears to implement capability checks for its single entry point, which is positive.  The vulnerability history is clean, with no recorded CVEs, suggesting a history of secure development or a lack of prior security scrutiny.\n\nHowever, the analysis reveals a notable absence of nonce checks. While capability checks are present on the shortcode, the lack of nonce checks could leave this entry point susceptible to Cross-Site Request Forgery (CSRF) attacks if the shortcode's functionality involves state-changing operations. The total lack of taint analysis results is also a point of concern, as it implies that the analysis might not have been comprehensive enough to detect potential flaws, or that the plugin is indeed very simple and lacks complex data flows.  Overall, the plugin is well-coded in terms of common web vulnerabilities, but the missing nonce check is a specific area for improvement and potential risk.\n\nDespite the positive static analysis, the absence of nonce checks on the shortcode presents a moderate risk. While no critical vulnerabilities are evident from the provided data, a CSRF vulnerability could still be exploited if the shortcode performs sensitive actions. The plugin's clean vulnerability history is a positive indicator, but it does not negate the need for robust security practices like proper nonce implementation. The lack of reported taint flows is unusual and might suggest either a very simple plugin or a limitation in the analysis performed.  Therefore, the plugin is considered relatively secure, but the CSRF risk due to missing nonce checks needs to be addressed.",[168],{"reason":169,"points":170},"Missing nonce checks on shortcode",7,"2026-03-17T00:54:02.080Z",{"wat":173,"direct":178},{"assetPaths":174,"generatorPatterns":175,"scriptPaths":176,"versionParams":177},[],[],[],[],{"cssClasses":179,"htmlComments":180,"htmlAttributes":181,"restEndpoints":182,"jsGlobals":183,"shortcodeOutput":184},[],[],[],[],[],[185],"\u003Ciframe width=\"250\" height=\"250\" frameborder=\"0\" marginheight=\"0\" marginwidth=\"0\" name=\"\" scrolling=\"auto\" id=\"\" class=\"\" title=\"\" src=\""]