[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ft2JCKPmLjfqvi-robz2hDA7p1yNcMzk13AupMJcq6C4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":40,"crawl_stats":31,"alternatives":48,"analysis":49,"fingerprints":190},"bard-extra","Bard Extra","1.2.8","WP Royal","https:\u002F\u002Fprofiles.wordpress.org\u002Fwproyal\u002F","\u003Cp>Adds One Click Demo Import functionality for Bard theme. When activated you will be able to import Demo Content for the Bard theme.\u003C\u002Fp>\n","Adds One Click Demo Import functionality for Bard theme.",700,16033,0,"2025-01-07T07:49:00.000Z","6.7.5","4.6","",[],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbard-extra\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbard-extra.zip",91,1,"2024-11-20 13:55:11","2026-03-15T15:16:48.613Z",[26],{"id":27,"url_slug":28,"title":29,"description":30,"plugin_slug":4,"theme_slug":31,"affected_versions":32,"patched_in_version":6,"severity":33,"cvss_score":34,"cvss_vector":35,"vuln_type":36,"published_date":23,"updated_date":37,"references":38,"days_to_patch":22},"CVE-2024-10532","bard-extra-missing-authorization-to-authenticated-subscriber-demo-import","Bard Extra \u003C= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import","The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to import demo data.",null,"\u003C=1.2.7","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-11-21 16:18:47",[39],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1ad5d2b2-fca8-46bb-8a03-02be07f2a800?source=api-prod",{"slug":41,"display_name":7,"profile_url":8,"plugin_count":42,"total_installs":43,"avg_security_score":44,"avg_patch_time_days":45,"trust_score":46,"computed_at":47},"wproyal",9,765700,89,112,71,"2026-04-04T00:36:24.399Z",[],{"attackSurface":50,"codeSignals":101,"taintFlows":180,"riskAssessment":181,"analyzedAt":189},{"hooks":51,"ajaxHandlers":76,"restRoutes":97,"shortcodes":98,"cronEvents":99,"entryPointCount":100,"unprotectedCount":13},[52,58,62,66,72],{"type":53,"name":54,"callback":55,"file":56,"line":57},"action","admin_init","init","bard-extra.php",24,{"type":53,"name":59,"callback":60,"file":56,"line":61},"admin_menu","bardxtra_options_page",26,{"type":53,"name":63,"callback":64,"file":56,"line":65},"admin_enqueue_scripts","bardxtra_widget_enqueue_scripts",38,{"type":67,"name":68,"callback":69,"file":70,"line":71},"filter","import_post_meta_key","is_valid_meta_key","includes\\importers\\class-wordpress-importer.php",100,{"type":67,"name":73,"callback":74,"file":70,"line":75},"http_request_timeout","bump_request_timeout",101,[77,82,85,88,91,94],{"action":78,"nopriv":79,"callback":78,"hasNonce":80,"hasCapCheck":80,"file":56,"line":81},"bardxtra_contact_from_7_activation",false,true,28,{"action":83,"nopriv":79,"callback":83,"hasNonce":80,"hasCapCheck":80,"file":56,"line":84},"bardxtra_instagram_feed_activation",29,{"action":86,"nopriv":79,"callback":86,"hasNonce":80,"hasCapCheck":80,"file":56,"line":87},"bardxtra_wysija_newsletter_activation",30,{"action":89,"nopriv":79,"callback":89,"hasNonce":80,"hasCapCheck":80,"file":56,"line":90},"bardxtra_recent_posts_activation",31,{"action":92,"nopriv":79,"callback":92,"hasNonce":80,"hasCapCheck":80,"file":56,"line":93},"bardxtra_remove_instagram_widget",36,{"action":95,"nopriv":79,"callback":95,"hasNonce":80,"hasCapCheck":80,"file":56,"line":96},"bardxtra_import_xml",44,[],[],[],6,{"dangerousFunctions":102,"sqlUsage":103,"outputEscaping":106,"fileOperations":177,"externalRequests":22,"nonceChecks":178,"capabilityChecks":42,"bundledLibraries":179},[],{"prepared":104,"raw":13,"locations":105},4,[],{"escaped":107,"rawEcho":108,"locations":109},57,34,[110,113,115,117,119,121,123,125,127,129,131,132,134,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175],{"file":56,"line":111,"context":112},111,"raw output",{"file":56,"line":114,"context":112},120,{"file":56,"line":116,"context":112},129,{"file":56,"line":118,"context":112},138,{"file":56,"line":120,"context":112},147,{"file":56,"line":122,"context":112},156,{"file":124,"line":93,"context":112},"includes\\importers\\class-parsers.php",{"file":124,"line":126,"context":112},39,{"file":124,"line":128,"context":112},42,{"file":124,"line":130,"context":112},43,{"file":70,"line":116,"context":112},{"file":70,"line":133,"context":112},130,{"file":70,"line":118,"context":112},{"file":70,"line":136,"context":112},173,{"file":70,"line":138,"context":112},174,{"file":70,"line":140,"context":112},189,{"file":70,"line":142,"context":112},193,{"file":70,"line":144,"context":112},202,{"file":70,"line":146,"context":112},256,{"file":70,"line":148,"context":112},258,{"file":70,"line":150,"context":112},304,{"file":70,"line":152,"context":112},314,{"file":70,"line":154,"context":112},317,{"file":70,"line":156,"context":112},325,{"file":70,"line":158,"context":112},334,{"file":70,"line":160,"context":112},385,{"file":70,"line":162,"context":112},437,{"file":70,"line":164,"context":112},482,{"file":70,"line":166,"context":112},537,{"file":70,"line":168,"context":112},730,{"file":70,"line":170,"context":112},763,{"file":70,"line":172,"context":112},1247,{"file":70,"line":174,"context":112},1269,{"file":70,"line":176,"context":112},1270,13,10,[],[],{"summary":182,"deductions":183},"The \"bard-extra\" plugin v1.2.8 exhibits a generally good security posture, with strong adherence to several secure coding practices. The absence of direct SQL injection vulnerabilities due to all queries using prepared statements is a significant strength. Furthermore, the plugin demonstrates a robust use of nonce and capability checks for its AJAX handlers, effectively limiting the attack surface to protected entry points. The total lack of taint flows with unsanitized paths is also highly commendable.\n\nDespite these strengths, there are areas for improvement. The most notable concern is the significant proportion of output that is not properly escaped (37% are unescaped). This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered directly in the output without sufficient sanitization. The plugin also has a history of a medium-severity vulnerability related to missing authorization, although it is currently unpatched. While this specific version might have remediated it, the historical pattern warrants vigilance.\n\nOverall, \"bard-extra\" v1.2.8 is a reasonably secure plugin, particularly in its handling of AJAX requests and database interactions. However, the unescaped output represents a tangible risk that should be addressed. Continued attention to vulnerability history and thorough code reviews for escaping are recommended to maintain and improve its security.",[184,186],{"reason":185,"points":100},"Significant portion of output is unescaped",{"reason":187,"points":188},"Previous medium-severity vulnerability history",7,"2026-03-16T19:21:55.750Z",{"wat":191,"direct":204},{"assetPaths":192,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[193,194,195,196,197,198],"\u002Fwp-content\u002Fplugins\u002Fbard-extra\u002Fassets\u002Fimages\u002Fcf7.png","\u002Fwp-content\u002Fplugins\u002Fbard-extra\u002Fassets\u002Fimages\u002Finstagram-feed.png","\u002Fwp-content\u002Fplugins\u002Fbard-extra\u002Fassets\u002Fimages\u002Fmailchimp.png","\u002Fwp-content\u002Fplugins\u002Fbard-extra\u002Fassets\u002Fimages\u002Frecent-posts.png","\u002Fwp-content\u002Fplugins\u002Fbard-extra\u002Fassets\u002Fimages\u002Felementor.png","\u002Fwp-content\u002Fplugins\u002Fbard-extra\u002Fassets\u002Fimages\u002Froyal-addons.png",[],[],[202,203],"bard-extra\u002Fstyle.css?ver=","bard-extra\u002Fscript.js?ver=",{"cssClasses":205,"htmlComments":213,"htmlAttributes":214,"restEndpoints":222,"jsGlobals":223,"shortcodeOutput":224},[206,207,208,209,210,211,212],"extra-options-page-wrap","extra-options","after-import-notice","visit-website","bardxtra-plugin-activation","plugin-box","before-import-notice",[],[215,216,217,218,219,220,221],"id=\"contact_from_7\"","id=\"instagram_feed\"","id=\"wysija_newsletter\"","id=\"recent_posts\"","id=\"elementor\"","id=\"royal_elementor_addons\"","id=\"bard-demo-import\"",[],[],[]]