[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fOmBtR-xbnCkadkSOGgRhvaIYOx27d-ESSDYHJxIujMg":3,"$flYe7MIJTfn5HKsxlUpjtccb7RcD0Rzvf6VSuT0XoVCs":443,"$fq6Gz8UlpPtGawl_QRDjovcWgYK2_wSz5mTLkBB0tavk":448},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":39,"analysis":123,"fingerprints":420},"betta-boxes-cms","Betta Boxes CMS","1.1.5","shauno","https:\u002F\u002Fprofiles.wordpress.org\u002Fshauno\u002F","\u003Cp>Welcome to the Betta Boxes CMS plugin. This plugin turns your WordPress Blog into a powerful CMS, without the need to get down and dirty in the source code.\u003Cbr \u002F>\nBetta Boxes gives you a clean, simple administration user interface to create custom fields, and link them to Posts, Pages, and any Custom Post Types you have!\u003C\u002Fp>\n\u003Cp>Betta Boxes uses the default WordPress functionality of ‘post meta’. This means the plugin works with WordPress, rather than fighting against it.\u003C\u002Fp>\n\u003Cp>You can create the following types of custom fields, and link them to any post types:\u003C\u002Fp>\n\u003Ch4>Field Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Short Text\u003C\u002Fli>\n\u003Cli>Long Text\u003C\u002Fli>\n\u003Cli>HTML Text\u003C\u002Fli>\n\u003Cli>Drop Down\u003C\u002Fli>\n\u003Cli>Check Boxes\u003C\u002Fli>\n\u003Cli>Radio Buttons\u003C\u002Fli>\n\u003Cli>Color Picker\u003C\u002Fli>\n\u003Cli>Date Picker\u003C\u002Fli>\n\u003Cli>Time Picker\u003C\u002Fli>\n\u003C\u002Ful>\n","Create custom fields linked to posts, pages, or any custom post type with a point-and-click user interface.",20,7577,100,2,"2013-04-08T06:25:00.000Z","3.5.2","3.0","",[20,21,22,23,24],"boxes","custom","custom-fields","fields","meta","http:\u002F\u002Fshauno.co.za\u002Fwordpress\u002Fbetta-boxes-cms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.1.5.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},3,1030,30,84,"2026-05-20T01:33:39.591Z",[40,62,76,89,107],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":13,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"pt-theme-addon","PT Theme Addon","1.0.4","ProDesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fpreciousthemes\u002F","\u003Cp>Plugin to add team, testimonial portfolio and clients custom post type. Each post type has its widget and shortcode to use in theme. This addon is best to enhance features of themes as it is easy to use and highly secure.\u003C\u002Fp>\n\u003Cp>Find Demo \u003Ca href=\"https:\u002F\u002Fpromenadethemes.com\u002Fpt-theme-addon\" rel=\"nofollow ugc\">Here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Team Shortcodes\u003C\u002Fh4>\n\u003Cp>[ptta-team]\u003Cbr \u002F>\n[ptta-team category=”cat-id”]\u003Cbr \u002F>\n[ptta-team post_number=”x”] where x is positive number\u003Cbr \u002F>\n[ptta-team column=”x”] where x can be 2,3 or 4\u003Cbr \u002F>\n[ptta-team image_size=”size”] where size can be thumbnail, medium, large or any custom size defined by theme\u003C\u002Fp>\n\u003Ch4>Portfolio Shortcodes\u003C\u002Fh4>\n\u003Cp>[ptta-portfolio]\u003Cbr \u002F>\n[ptta-portfolio post_number=”x”]\u003Cbr \u002F>\n[ptta-portfolio column=”x”]\u003Cbr \u002F>\n[ptta-portfolio image_size=”size”]\u003C\u002Fp>\n\u003Ch4>Testimonial Shortcodes\u003C\u002Fh4>\n\u003Cp>[ptta-testimonials]\u003Cbr \u002F>\n[ptta-testimonials category=”cat-id”]\u003Cbr \u002F>\n[ptta-testimonials post_number=”x”]\u003C\u002Fp>\n\u003Ch4>Clients Shortcodes\u003C\u002Fh4>\n\u003Cp>[ptta-clients]\u003Cbr \u002F>\n[ptta-clients image_size=”size”]\u003C\u002Fp>\n","Plugin to add team, testimonial portfolio and clients custom post type. Each post type has its widget and shortcode to use in theme.",1000,50438,1,"2018-06-28T09:27:00.000Z","4.9.29","4.5.0","5.2.0",[22,56,57,58,59],"custom-post-type","extension","metaboxes","theme-addon","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpt-theme-addon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpt-theme-addon.zip",{"slug":63,"name":64,"version":65,"author":44,"author_profile":45,"description":66,"short_description":67,"active_installs":13,"downloaded":68,"rating":28,"num_ratings":28,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":74,"download_link":75,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"business-era-extension","Business Era Extension","1.0.0","\u003Cp>Plugin to extend features of Business Era Theme. This plugin registers custom post types, widgets and custom fields for the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbusiness-era\" rel=\"ugc\">Business Era\u003C\u002Fa> theme.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>MIXITUP (C) 2012-2013 Patrick Kunka (https:\u002F\u002Fgithub.com\u002Fpatrickkunka\u002Fmixitup\u002F), \u003Ca href=\"http:\u002F\u002Fcreativecommons.org\u002Flicenses\u002Fby-nd\u002F3.0\u002F\" rel=\"nofollow ugc\">Creative Commons Attribution\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin to extend features of Business Era Theme. This plugin registers custom post types, widgets and custom fields for the Business Era theme.",7795,"2017-01-24T16:28:00.000Z","4.7.33","3.4.0",[73,22,56,58],"business-era","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbusiness-era-extension\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbusiness-era-extension.zip",{"slug":77,"name":78,"version":79,"author":44,"author_profile":45,"description":80,"short_description":81,"active_installs":13,"downloaded":82,"rating":28,"num_ratings":28,"last_updated":83,"tested_up_to":52,"requires_at_least":84,"requires_php":54,"tags":85,"homepage":87,"download_link":88,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"theme-toolkit","Theme Toolkit","1.0.1","\u003Cp>Theme toolkit is a plugin to register custom post types, widgets and shortcodes to add additional feature and functionality to any WordPress theme. It supports testimonial, portfolio, team and partners custom post types.\u003C\u002Fp>\n\u003Cp>Demo Available \u003Ca href=\"https:\u002F\u002Fpreciousthemes.com\u002Fdemo\u002Ftheme-toolkit\" rel=\"nofollow ugc\">Here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Team Shortcodes\u003C\u002Fh4>\n\u003Cp>[tt-team]\u003Cbr \u002F>\n[tt-team post_number=”x”]\u003Cbr \u002F>\n[tt-team column=”x”] where x can be 2,3 or 4\u003Cbr \u002F>\n[tt-team image_size=”size”] where size can be thumbnail, medium, large, full or size defined in theme\u003C\u002Fp>\n\u003Ch4>Portfolio Shortcodes\u003C\u002Fh4>\n\u003Cp>[tt-portfolio]\u003Cbr \u002F>\n[tt-portfolio post_number=”x”]\u003Cbr \u002F>\n[tt-portfolio column=”x”] where x can be 2,3 or 4\u003Cbr \u002F>\n[tt-portfolio image_size=”size”] where size can be thumbnail, medium, large, full or size defined in theme\u003C\u002Fp>\n\u003Ch4>Testimonials Shortcodes\u003C\u002Fh4>\n\u003Cp>[tt-testimonials]\u003Cbr \u002F>\n[tt-testimonials post_number=”x”]\u003C\u002Fp>\n\u003Ch4>Partners Shortcodes\u003C\u002Fh4>\n\u003Cp>[tt-partners]\u003Cbr \u002F>\n[tt-partners post_number=”x”]\u003Cbr \u002F>\n[tt-partners image_size=”size”] where size can be thumbnail, medium, large, full or size defined in theme\u003C\u002Fp>\n","Theme toolkit is a plugin to register custom post types, widgets and shortcodes to add additional feature and functionality to any WordPress theme.",6992,"2018-03-26T14:42:00.000Z","4.8.5",[22,56,57,58,86],"theme","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-toolkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-toolkit.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":36,"downloaded":97,"rating":28,"num_ratings":28,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":105,"download_link":106,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"c7-form-builder","C7 Form Builder","1.0.0-beta.2","Chetan Chauhan","https:\u002F\u002Fprofiles.wordpress.org\u002Fchetanchauhan\u002F","\u003Cp>C7 Form Builder provides an easy to use and powerful API allowing you to build even complex forms with ease. Using this plugin, you can create custom meta boxes, custom user profile fields, custom taxonomy fields,  setting pages or even contact forms. With C7 Form Builder, you are not limited to either frontend forms or admin forms as with other WordPress form builder plugins.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Redirect to a custom WordPress page or a URL after successful submission.\u003C\u002Fli>\n\u003Cli>Break large forms into tabs.\u003C\u002Fli>\n\u003Cli>Inbuilt repeatable field support. Dynamically add or remove all the bundled field types excluding hidden, select and submit field types as repeatable field support is removed intentionally from them.\u003C\u002Fli>\n\u003Cli>Sortable Fields – drag and drop all the repeatable fields to change the order.\u003C\u002Fli>\n\u003Cli>Compatible with any CSS framework like Bootstrap, Foundation, etc.\u003C\u002Fli>\n\u003Cli>Using field storage types, save form fields anywhere you want.\u003C\u002Fli>\n\u003Cli>Create and register new form types, field types, form view types, field view types, and storage types.\u003C\u002Fli>\n\u003Cli>Easy to extend and customize.\u003C\u002Fli>\n\u003Cli>and much more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Form Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Admin\u003C\u002Fli>\n\u003Cli>Post\u003C\u002Fli>\n\u003Cli>Taxonomy\u003C\u002Fli>\n\u003Cli>Theme\u003C\u002Fli>\n\u003Cli>User\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Field Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Color\u003C\u002Fli>\n\u003Cli>Editor\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Group\u003C\u002Fli>\n\u003Cli>Hidden\u003C\u002Fli>\n\u003Cli>Number\u003C\u002Fli>\n\u003Cli>Password\u003C\u002Fli>\n\u003Cli>Select\u003C\u002Fli>\n\u003Cli>Submit\u003C\u002Fli>\n\u003Cli>Textarea\u003C\u002Fli>\n\u003Cli>Text\u003C\u002Fli>\n\u003Cli>URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Important Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchetanchauhan\u002Fc7-form-builder\u002Fwiki\u002F\" rel=\"nofollow ugc\">Documentation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchetanchauhan\u002Fc7-form-builder\u002F\" rel=\"nofollow ugc\">Github \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Provides an easy to use and powerful API for building forms that can be displayed, customized and saved any way you want.",3051,"2015-09-08T20:20:00.000Z","4.3.34","3.8.0",[22,102,24,103,104],"form","meta-boxes","repeatable","https:\u002F\u002Fgithub.com\u002Fchetanchauhan\u002Fc7-form-builder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fc7-form-builder.1.0.0-beta.2.zip",{"slug":108,"name":109,"version":6,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":13,"num_ratings":50,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":121,"download_link":122,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"flow-fields","Flow Fields","Flow Byte","https:\u002F\u002Fprofiles.wordpress.org\u002Fwojciechborowicz\u002F","\u003Cp>Flow Fields is a WordPress plugin that allows you to easily add custom fields to your posts, pages, and other custom post types. It is designed to be lightweight and intuitive, while providing a robust set of features for managing custom fields.\u003C\u002Fp>\n\u003Cp>With Flow Fields, you can create custom meta boxes with fields such as text, number, date, file, image, textarea, repeater, and more. You can also set default values, specify required fields, and add instructions for each field.\u003C\u002Fp>\n\u003Cp>In the near future, we plan to add support for custom post type management, taxonomies, and shortcodes.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>To create a custom meta box with fields, go to the “Flow Boxes” menu in the WordPress dashboard and click “Add New Box”. Give your meta box a title and select the post types that it should apply to. Submit the box, then click “Fields & Options” Then, click “Add Field” to add a field to your meta box.\u003C\u002Fp>\n\u003Cp>There are many different field types to choose from, including text, number, date, file, image, textarea, repeater, and more.\u003C\u002Fp>\n\u003Cp>Once you’ve added all of your fields, click “Save Meta Box” to save your changes. Your custom meta box will now be displayed on the edit screen for your selected post types.\u003C\u002Fp>\n\u003Cp>To get the value of a custom field in your code, you can use the get_field() function. This function takes three parameters: the field’s key and the post ID and format (sanitizes data on true\u002Ffalse). It will return the value of the field for the given post.\u003C\u002Fp>\n","Flow Fields is a WordPress plugin that allows you to easily add custom fields to your posts, pages, and other custom post types.",10,1085,"2024-01-28T22:32:00.000Z","6.2.9","5.0",[120,22,103],"acf","https:\u002F\u002Fflow.borowicz.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fflow-fields.zip",{"attackSurface":124,"codeSignals":150,"taintFlows":305,"riskAssessment":404,"analyzedAt":419},{"hooks":125,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":28,"unprotectedCount":28},[126,132,136,140],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","admin_init","adminInits","betta-boxes.php",22,{"type":127,"name":133,"callback":134,"file":130,"line":135},"admin_menu","adminMenus",23,{"type":127,"name":137,"callback":138,"file":130,"line":139},"save_post","saveCustomField",542,{"type":141,"name":142,"callback":143,"file":144,"line":145},"filter","tiny_mce_before_init","tinyMceInit","types\\scfui_html_text\\scfui_html_text.php",9,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":169,"outputEscaping":191,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":304},[152,156,160,163,165,167],{"fn":153,"file":130,"line":154,"context":155},"unserialize",844,"if(($extra = unserialize($val['extra'])) !== false) {",{"fn":153,"file":157,"line":158,"context":159},"types\\scfui_checkboxes\\scfui_checkboxes.php",15,"$extra = unserialize($field['extra']);",{"fn":153,"file":161,"line":162,"context":159},"types\\scfui_drop_down\\scfui_drop_down.php",14,{"fn":153,"file":144,"line":164,"context":159},24,{"fn":153,"file":144,"line":166,"context":159},32,{"fn":153,"file":168,"line":162,"context":159},"types\\scfui_radio_buttons\\scfui_radio_buttons.php",{"prepared":170,"raw":171,"locations":172},4,8,[173,176,178,180,182,184,186,189],{"file":130,"line":174,"context":175},56,"$wpdb->query() with variable interpolation",{"file":130,"line":177,"context":175},57,{"file":130,"line":179,"context":175},81,{"file":130,"line":181,"context":175},82,{"file":130,"line":183,"context":175},83,{"file":130,"line":185,"context":175},450,{"file":130,"line":187,"context":188},486,"$wpdb->get_results() with variable interpolation",{"file":130,"line":190,"context":175},488,{"escaped":192,"rawEcho":193,"locations":194},5,62,[195,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,257,259,261,262,264,266,268,269,270,272,273,275,277,278,279,281,283,285,287,289,290,291,292,295,296,298,299,300,301,302,303],{"file":130,"line":196,"context":197},512,"raw output",{"file":130,"line":199,"context":197},527,{"file":130,"line":201,"context":197},598,{"file":130,"line":203,"context":197},633,{"file":130,"line":205,"context":197},635,{"file":130,"line":207,"context":197},636,{"file":130,"line":209,"context":197},639,{"file":130,"line":211,"context":197},640,{"file":130,"line":213,"context":197},647,{"file":130,"line":215,"context":197},770,{"file":130,"line":217,"context":197},775,{"file":130,"line":219,"context":197},793,{"file":130,"line":221,"context":197},811,{"file":130,"line":223,"context":197},817,{"file":130,"line":225,"context":197},827,{"file":130,"line":227,"context":197},855,{"file":130,"line":229,"context":197},859,{"file":130,"line":231,"context":197},863,{"file":130,"line":233,"context":197},868,{"file":130,"line":235,"context":197},873,{"file":130,"line":237,"context":197},923,{"file":130,"line":239,"context":197},930,{"file":130,"line":241,"context":197},934,{"file":130,"line":243,"context":197},947,{"file":130,"line":245,"context":197},977,{"file":130,"line":247,"context":197},984,{"file":130,"line":249,"context":197},986,{"file":130,"line":251,"context":197},991,{"file":130,"line":253,"context":197},1004,{"file":157,"line":255,"context":197},11,{"file":157,"line":162,"context":197},{"file":157,"line":258,"context":197},17,{"file":260,"line":162,"context":197},"types\\scfui_color\\scfui_color.php",{"file":260,"line":158,"context":197},{"file":260,"line":263,"context":197},16,{"file":260,"line":265,"context":197},18,{"file":267,"line":162,"context":197},"types\\scfui_date\\scfui_date.php",{"file":267,"line":158,"context":197},{"file":267,"line":263,"context":197},{"file":267,"line":271,"context":197},19,{"file":267,"line":11,"context":197},{"file":267,"line":274,"context":197},21,{"file":161,"line":276,"context":197},13,{"file":161,"line":158,"context":197},{"file":161,"line":258,"context":197},{"file":144,"line":280,"context":197},28,{"file":144,"line":282,"context":197},36,{"file":144,"line":284,"context":197},37,{"file":144,"line":286,"context":197},40,{"file":288,"line":162,"context":197},"types\\scfui_long_text\\scfui_long_text.php",{"file":288,"line":158,"context":197},{"file":168,"line":276,"context":197},{"file":168,"line":263,"context":197},{"file":293,"line":294,"context":197},"types\\scfui_short_text\\scfui_short_text.php",12,{"file":293,"line":276,"context":197},{"file":297,"line":162,"context":197},"types\\scfui_time\\scfui_time.php",{"file":297,"line":263,"context":197},{"file":297,"line":265,"context":197},{"file":297,"line":131,"context":197},{"file":297,"line":164,"context":197},{"file":297,"line":280,"context":197},{"file":297,"line":36,"context":197},[],[306,323,349,367,383],{"entryPoint":307,"graph":308,"unsanitizedCount":170,"severity":322},"adminListBoxes (betta-boxes.php:593)",{"nodes":309,"edges":319},[310,314],{"id":311,"type":312,"label":313,"file":130,"line":201},"n0","source","$_GET['page'] (x4)",{"id":315,"type":316,"label":317,"file":130,"line":201,"wp_function":318},"n1","sink","echo() [XSS]","echo",[320],{"from":311,"to":315,"sanitized":321},false,"medium",{"entryPoint":324,"graph":325,"unsanitizedCount":348,"severity":322},"adminAddBox (betta-boxes.php:652)",{"nodes":326,"edges":344},[327,330,333,336,338,342],{"id":311,"type":312,"label":328,"file":130,"line":329},"$_GET['page'] (x2)",736,{"id":315,"type":316,"label":331,"file":130,"line":329,"wp_function":332},"wp_redirect() [Open Redirect]","wp_redirect",{"id":334,"type":312,"label":328,"file":130,"line":335},"n2",772,{"id":337,"type":316,"label":317,"file":130,"line":215,"wp_function":318},"n3",{"id":339,"type":312,"label":340,"file":130,"line":341},"n4","$_POST (x2)",766,{"id":343,"type":316,"label":317,"file":130,"line":221,"wp_function":318},"n5",[345,346,347],{"from":311,"to":315,"sanitized":321},{"from":334,"to":337,"sanitized":321},{"from":339,"to":343,"sanitized":321},6,{"entryPoint":350,"graph":351,"unsanitizedCount":34,"severity":322},"adminDeleteField (betta-boxes.php:901)",{"nodes":352,"edges":363},[353,356,357,360,361,362],{"id":311,"type":312,"label":354,"file":130,"line":355},"$_GET['page']",909,{"id":315,"type":316,"label":331,"file":130,"line":355,"wp_function":332},{"id":334,"type":312,"label":358,"file":130,"line":359},"$_GET",933,{"id":337,"type":316,"label":317,"file":130,"line":241,"wp_function":318},{"id":339,"type":312,"label":354,"file":130,"line":243},{"id":343,"type":316,"label":317,"file":130,"line":243,"wp_function":318},[364,365,366],{"from":311,"to":315,"sanitized":321},{"from":334,"to":337,"sanitized":321},{"from":339,"to":343,"sanitized":321},{"entryPoint":368,"graph":369,"unsanitizedCount":34,"severity":322},"adminDeleteBox (betta-boxes.php:955)",{"nodes":370,"edges":379},[371,373,374,376,377,378],{"id":311,"type":312,"label":354,"file":130,"line":372},963,{"id":315,"type":316,"label":331,"file":130,"line":372,"wp_function":332},{"id":334,"type":312,"label":358,"file":130,"line":375},990,{"id":337,"type":316,"label":317,"file":130,"line":251,"wp_function":318},{"id":339,"type":312,"label":354,"file":130,"line":253},{"id":343,"type":316,"label":317,"file":130,"line":253,"wp_function":318},[380,381,382],{"from":311,"to":315,"sanitized":321},{"from":334,"to":337,"sanitized":321},{"from":339,"to":343,"sanitized":321},{"entryPoint":384,"graph":385,"unsanitizedCount":263,"severity":322},"\u003Cbetta-boxes> (betta-boxes.php:0)",{"nodes":386,"edges":399},[387,389,390,391,392,393,394,397],{"id":311,"type":312,"label":388,"file":130,"line":201},"$_GET['page'] (x8)",{"id":315,"type":316,"label":317,"file":130,"line":201,"wp_function":318},{"id":334,"type":312,"label":313,"file":130,"line":329},{"id":337,"type":316,"label":331,"file":130,"line":329,"wp_function":332},{"id":339,"type":312,"label":340,"file":130,"line":341},{"id":343,"type":316,"label":317,"file":130,"line":221,"wp_function":318},{"id":395,"type":312,"label":396,"file":130,"line":359},"n6","$_GET (x2)",{"id":398,"type":316,"label":317,"file":130,"line":241,"wp_function":318},"n7",[400,401,402,403],{"from":311,"to":315,"sanitized":321},{"from":334,"to":337,"sanitized":321},{"from":339,"to":343,"sanitized":321},{"from":395,"to":398,"sanitized":321},{"summary":405,"deductions":406},"The \"betta-boxes-cms\" v1.1.5 plugin presents a mixed security picture.  On the positive side, it has a remarkably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, there is no known vulnerability history, which is a strong indicator of past security diligence.  However, the static analysis reveals significant concerns within the code itself. The presence of six instances of the `unserialize` function is a major red flag, as it is notoriously difficult to use securely and can lead to Remote Code Execution vulnerabilities if not handled with extreme care and strict input validation.  The low percentage of SQL queries using prepared statements (33%) and the very low rate of properly escaped output (7%) are also deeply concerning, suggesting potential SQL injection and Cross-Site Scripting (XSS) vulnerabilities respectively.  The taint analysis showing all five analyzed flows with unsanitized paths further amplifies these concerns, even without a critical or high severity rating, as it indicates data is not being handled securely.  The lack of any capability checks or nonce checks is also a weakness, especially given the use of `unserialize`.",[407,409,411,413,415,417],{"reason":408,"points":158},"Dangerous function: unserialize used",{"reason":410,"points":171},"Low percentage of prepared statements",{"reason":412,"points":114},"Very low rate of output escaping",{"reason":414,"points":294},"Taint flows with unsanitized paths found",{"reason":416,"points":192},"No nonce checks",{"reason":418,"points":192},"No capability checks","2026-03-16T22:46:56.309Z",{"wat":421,"direct":434},{"assetPaths":422,"generatorPatterns":427,"scriptPaths":428,"versionParams":429},[423,424,425,426],"\u002Fwp-content\u002Fplugins\u002Fbetta-boxes-cms\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fbetta-boxes-cms\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fbetta-boxes-cms\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fbetta-boxes-cms\u002Fjs\u002Ffrontend.js",[],[425,426],[430,431,432,433],"betta-boxes-cms\u002Fcss\u002Fadmin.css?ver=","betta-boxes-cms\u002Fcss\u002Fstyle.css?ver=","betta-boxes-cms\u002Fjs\u002Fadmin.js?ver=","betta-boxes-cms\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":435,"htmlComments":436,"htmlAttributes":437,"restEndpoints":439,"jsGlobals":440,"shortcodeOutput":442},[4],[],[438],"data-betta-boxes-cms-plugin-url",[],[441],"bettaBoxesCMSAdmin",[],{"error":444,"url":445,"statusCode":446,"statusMessage":447,"message":447},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fbetta-boxes-cms\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":171,"versions":449},[450,455,462,469,476,483,490,497],{"version":6,"download_url":26,"svn_tag_url":451,"released_at":29,"has_diff":321,"diff_files_changed":452,"diff_lines":29,"trac_diff_url":453,"vulnerabilities":454,"is_current":444},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.4&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.5",[],{"version":456,"download_url":457,"svn_tag_url":458,"released_at":29,"has_diff":321,"diff_files_changed":459,"diff_lines":29,"trac_diff_url":460,"vulnerabilities":461,"is_current":321},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.3&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.4",[],{"version":463,"download_url":464,"svn_tag_url":465,"released_at":29,"has_diff":321,"diff_files_changed":466,"diff_lines":29,"trac_diff_url":467,"vulnerabilities":468,"is_current":321},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.2&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.3",[],{"version":470,"download_url":471,"svn_tag_url":472,"released_at":29,"has_diff":321,"diff_files_changed":473,"diff_lines":29,"trac_diff_url":474,"vulnerabilities":475,"is_current":321},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.1&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.2",[],{"version":477,"download_url":478,"svn_tag_url":479,"released_at":29,"has_diff":321,"diff_files_changed":480,"diff_lines":29,"trac_diff_url":481,"vulnerabilities":482,"is_current":321},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.1&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.1.1",[],{"version":484,"download_url":485,"svn_tag_url":486,"released_at":29,"has_diff":321,"diff_files_changed":487,"diff_lines":29,"trac_diff_url":488,"vulnerabilities":489,"is_current":321},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.0.2&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.1",[],{"version":491,"download_url":492,"svn_tag_url":493,"released_at":29,"has_diff":321,"diff_files_changed":494,"diff_lines":29,"trac_diff_url":495,"vulnerabilities":496,"is_current":321},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fbetta-boxes-cms%2Ftags%2F1.0.1&new_path=%2Fbetta-boxes-cms%2Ftags%2F1.0.2",[],{"version":79,"download_url":498,"svn_tag_url":499,"released_at":29,"has_diff":321,"diff_files_changed":500,"diff_lines":29,"trac_diff_url":29,"vulnerabilities":501,"is_current":321},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetta-boxes-cms.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fbetta-boxes-cms\u002Ftags\u002F1.0.1\u002F",[],[]]