[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNYIGCyZKukANJOmEE9_aiugnQ0r__BaaIqoDdbnmh0Y":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":129,"fingerprints":368},"blip-slideshow","Blip Slideshow","1.2.7","Jason Hendriks","https:\u002F\u002Fprofiles.wordpress.org\u002Fjasonhendriks\u002F","\u003Cp>A WordPress slideshow plugin fed from a \u003Cstrong>SmugMug\u003C\u002Fstrong>, \u003Cstrong>Flickr\u003C\u002Fstrong>, \u003Cstrong>MobileMe\u003C\u002Fstrong>, \u003Cstrong>Picasa\u003C\u002Fstrong> or \u003Cstrong>Photobucket\u003C\u002Fstrong> RSS feed and displayed using pure Javascript.\u003Cbr \u002F>\nBlip does not hardcode what it finds into your blog. Instead the most recent images are loaded in real-time by the user’s web browser.\u003C\u002Fp>\n\u003Cp>See it in live use at my \u003Ca href=\"http:\u002F\u002Fwww.ambientphotography.ca\u002F\" rel=\"nofollow ugc\">wedding photography\u003C\u002Fa> website.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Please note that Blip is \u003Ca href=\"http:\u002F\u002Fmootorial.com\u002Fwiki\u002Fmootorial\u002F00a-mootoolsvsothers\" rel=\"nofollow ugc\">\u003Cem>not\u003C\u002Fem> compatible with the Javascript framework Prototype\u003C\u002Fa>. Please check for “prototype.js” in your webpage, included by your theme or other plugin, before contacting me for help.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Requires WordPress 2.7 and PHP 5.\u003C\u002Fp>\n\u003Ch3>Lightbox Plugin Compatibility Guide\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flightbox-plus\u002F\" rel=\"ugc\">Lightbox Plus\u003C\u002Fa>: OK\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjquery-colorbox\u002F\" rel=\"ugc\">jQuery Colorbox\u003C\u002Fa>: OK\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjcolorboxzoom\u002F\" rel=\"ugc\">JQuery Colorbox Zoom\u003C\u002Fa>: failed – uses jQuery, but doesn’t load it\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fgameplorers-wpcolorbox\u002F\" rel=\"ugc\">Gameplorer’s WPColorBox\u003C\u002Fa>: OK\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-cbox\u002F\" rel=\"ugc\">Simple Cbox\u003C\u002Fa>: failed – does not use jQuery in compatibility mode\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjquery-lightbox-for-native-galleries\u002F\" rel=\"ugc\">jQuery Lightbox For Native Galleries\u003C\u002Fa>: OK\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fslimbox\u002F\" rel=\"ugc\">Slimbox\u003C\u002Fa>: OK\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-slimbox-reloaded\u002F\" rel=\"ugc\">WP Slimbox Reloaded\u003C\u002Fa>: failed – compatible with MooTools 1.2, not 1.3\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fslimbox-plugin\u002F\" rel=\"ugc\">Slimbox Plugin\u003C\u002Fa>: failed – hardcoded the MooTools API, which is a no-no\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-slimbox2\u002F\" rel=\"ugc\">WP-Slimbox2 Plugin\u003C\u002Fa>: OK\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fslimbox2-for-wordpress\u002F\" rel=\"ugc\">SlimBox2 for WordPress\u003C\u002Fa>: failed – uses jQuery, but doesn’t load it\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>http:\u002F\u002Fgroups.google.com\u002Fgroup\u002Fmootools-users\u002Fbrowse_thread\u002Fthread\u002F4858bdee5b1d0f56\u002Fd6ad5aa2fcc99dba?fwc=1\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fmootools.net\u002Fdocs\u002Fmore\u002FRequest\u002FRequest.Queue\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fmootools.net\u002Fdemos\u002F?demo=Slick.Finder\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fmootools-users.660466.n2.nabble.com\u002FMoo-XML-parsing-1-3-and-today-td5187586.html\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fgist.github.com\u002F775347\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.regular-expressions.info\u002Fjavascript.html\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.rawurlencode.php\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fmootools.lighthouseapp.com\u002Fprojects\u002F2706\u002Ftickets\u002F182-request-html-only-parses-xml\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fryanflorence.com\u002Fmootools-class\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F1178511\u002Faccessing-a-mootools-class-method-from-outside-the-class\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F1091022\u002Fhow-do-i-write-a-simple-php-transparent-proxy\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.howtogeek.com\u002Fhowto\u002Fprogramming\u002Fphp-get-the-contents-of-a-web-page-rss-feed-or-xml-file-into-a-string-variable\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.tek-tips.com\u002Fviewthread.cfm?qid=1268652&page=1\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.permadi.com\u002Ftutorial\u002FurlEncoding\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.parse-url.php\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Flanguage.operators.comparison.php\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Ffunction.html-entity-decode.php\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.w3schools.com\u002FPHP\u002Fphp_sessions.asp\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fkeetology.com\u002Fblog\u002F2009\u002F10\u002F27\u002Fup-the-moo-herd-iv-theres-a-class-for-this\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F66837\u002Fwhen-is-a-cdata-section-necessary-within-a-script-tag\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fgroups.google.com\u002Fgroup\u002Fmootools-slideshow\u002Fbrowse_thread\u002Fthread\u002F9b10474b60cf7f1a\u002F564f16f97c82167a?lnk=gst&q=slimbox#564f16f97c82167a\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fcodex.wordpress.org\u002FManaging_Plugins\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fgroups.google.com\u002Fgroup\u002Fmootools-slideshow\u002Fbrowse_thread\u002Fthread\u002Fcdeededf62e6b458\u002Ff4df7e2cabb12f59?lnk=gst&q=lightbox#f4df7e2cabb12f59\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fscribu.net\u002Fwordpress\u002Foptimal-script-loading.html\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.javascriptkit.com\u002Fdhtmltutors\u002Fajaxticker\u002Fajaxticker2.shtml\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Ftech.michaelerb.net\u002Fwordpress-tutorials\u002Fhow-to-determine-absolute-path-with-a-tiny-php-script\u002F\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fhow-to-use-wordpress-functions-outside-of-the-blog?replies=7\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fcodex.wordpress.org\u002FIntegrating_WordPress_with_Your_Website\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fstriderweb.com\u002Fnerdaphernalia\u002F2008\u002F06\u002Fwp-use-action-links\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwww.mac-forums.com\u002Fforums\u002Fimages-graphic-design-digital-photography\u002F31805-photocast.html\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fforums.devshed.com\u002Fphp-development-5\u002Fcurl-get-final-url-after-inital-url-redirects-544144.html\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fcode.garyjones.co.uk\u002Fget-wordpress-plugin-version\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fwordpress.stackexchange.com\u002Fquestions\u002F7782\u002Fwp-script-versioning-breaks-cross-site-caching\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Ffgiasson.com\u002Fblog\u002Findex.php\u002F2006\u002F07\u002F19\u002Fhack_for_the_encoding_of_url_into_url_pr\u002F\u003C\u002Fli>\n\u003Cli>http:\u002F\u002Fcode.google.com\u002Fspeed\u002Fpage-speed\u002Fdocs\u002Fcaching.html\u003C\u002Fli>\n\u003C\u002Ful>\n","A WordPress slideshow plugin fed from a SmugMug, Flickr, MobileMe, Picasa or Photobucket RSS feed and displayed using pure Javascript.",30,18510,0,"2015-01-14T03:21:00.000Z","4.1.42","2.7","",[19,20,21,22,23],"feed","media","mrss","rss","slideshow","http:\u002F\u002Fwww.jasonhendriks.com\u002Fprogrammer\u002Fblip-slideshow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblip-slideshow.1.2.7.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},"jasonhendriks",2,130,84,"2026-04-04T15:08:31.695Z",[37,53,76,93,110],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":17,"requires_at_least":17,"requires_php":17,"tags":48,"homepage":51,"download_link":52,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mediarss-with-post-thumbnail","MediaRSS with Post Thumbnail","0.1","Huseyin Berberoglu","https:\u002F\u002Fprofiles.wordpress.org\u002Fhberberoglu\u002F","\u003Cp>Adds \u003Cmedia> tags to your feeds with post thumbnail support which came with WP 2.9 version. This plugin is based on Andy’s (http:\u002F\u002Fandy.wordpress.com\u002F) MediaRSS plugin. If you use that MediaRSS plugin unactivate it before activating this plugin.\u003C\u002Fp>\n\u003Cp>MediaRSS is a way of embedding media into your feeds. The specification at http:\u002F\u002Fsearch.yahoo.com\u002Fmrss\u002F provides for many kinds of media: audio, video, etc. This plugin is equipped to locate img tags in your posts and generate XML code that can be used by feed readers.\u003C\u002Fp>\n\u003Cp>Also included are code samples demonstrating how to extend the plugin’s functionality to meet your needs. Some PHP experience is assumed.\u003C\u002Fp>\n","with thumbnail, thumbnail, thumbnails, post thumbnail Requires at least: 2.7 Tested up to: 2.9 Adds \u003Cmedia> tags to your feeds with post thumbn &hellip;",20,4273,"2010-04-03T12:09:00.000Z",[19,49,50,21,22],"feeds","mediarss","http:\u002F\u002Fnxsn.com\u002Fmy-projects\u002Fmediarss-with-post-thumbnail-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmediarss-with-post-thumbnail.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-feed-post-thumbnail","Feed Post Thumbnail","3.0.0","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>With this plugin, an MRSS namespace is added to the site’s RSS feed to include each post’s thumbnail.\u003C\u002Fp>\n\u003Cp>WP Feed Post Thumbnail is very lightweight and only adds two small options under Settings -> Reading.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002Frequired-wp-feed-post-thumbnail\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" title=\"Team of experienced web professionals from Switzerland & Germany\" rel=\"nofollow ugc\">required\u003C\u002Fa>\u003C\u002Fp>\n","Adds MRSS namespace to the feed and uses post-thumbnail as media element in the feed. Settings available under Settings -> Reading.",2000,21634,100,1,"2024-11-18T14:40:00.000Z","6.7.5","6.0","7.4",[70,19,21,71,72],"featured-image","rss-feed","thumbnail","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fwp-feed-post-thumbnail\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-feed-post-thumbnail.3.0.0.zip",92,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":13,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":91,"download_link":92,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"imgtorss","Img To RSS","1.0.3","No Frills Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofrillsplugins\u002F","\u003Cp>Img To RSS is a simple, no-frills plugin that automatically adds images to your WordPress RSS feeds. With this plugin, each entry in your RSS feeds will have an image field populated with the featured image of your posts, making sure that your content is engaging and shares well on platforms that utilize RSS feeds.\u003C\u002Fp>\n\u003Cp>More info: \u003Ca href=\"https:\u002F\u002Fwww.nofrillsplugins.com\u002Fimgtorss\" rel=\"nofollow ugc\">NoFrillsPlugins Img To RSS\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>This section is used to provide additional information that does not fit into the sections listed above. If you’re using this readme for the WordPress.org repository, this section is not displayed and you can skip it.\u003C\u002Fp>\n","A simple plugin that ensures images are included within your WordPress RSS feeds.",946,"2024-06-19T10:49:00.000Z","6.5.8","5.7","7.0",[49,90,20,22],"images","https:\u002F\u002Fwww.nofrillsplugins.com\u002Fimgtorss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimgtorss.1.0.3.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":45,"downloaded":101,"rating":63,"num_ratings":32,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":108,"download_link":109,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"media-feed","Media Feed","2.15","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Ch4>Creates media feeds.\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create 5 types of feeds.(Media, Image, Audio, Video, Misc)\u003C\u002Fli>\n\u003Cli>Exclusion by ID is possible.\u003C\u002Fli>\n\u003Cli>Filtering by terms is possible.\u003C\u002Fli>\n\u003Cli>Have link and icon widgets.\u003C\u002Fli>\n\u003Cli>Playlist and icon can be set with shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n","Creates media feeds.",9521,"2025-11-25T21:55:00.000Z","6.9.4","6.6","8.0",[107,19,20,22],"block","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-feed\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-feed.2.15.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":13,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":17,"download_link":128,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mediacore-ingest-fwp-addon","Mediacore Ingest (FeedWordPress AddOn)","1.0","mburtis","https:\u002F\u002Fprofiles.wordpress.org\u002Fmburtis\u002F","\u003Cp>This plugin works as an AddOn to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffeedwordpress\u002F\" rel=\"ugc\">FeedWordPress\u003C\u002Fa> to ehnance the syndication of content from \u003Ca href=\"http:\u002F\u002Fwww.mediacore.com\" rel=\"nofollow ugc\">Mediacore\u003C\u002Fa> sites. The plugin modifies the incoming syndicated content so that the videos associated with each Mediacore feed item become embedded within the resulting WordPress post. It also allows you to determine if you want the categories used by Mediacore to be turned into tags on the resulting WordPress posts.\u003C\u002Fp>\n","This plugin works in concert with the FeedWordPress plugin to enhance syndication of content from Mediacore sites.",10,1784,"2014-04-04T19:08:00.000Z","3.7.41","3.0.1",[124,125,126,22,127],"embed","feedwordpress","mediacore","video","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmediacore-ingest-fwp-addon.zip",{"attackSurface":130,"codeSignals":166,"taintFlows":232,"riskAssessment":351,"analyzedAt":367},{"hooks":131,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":164,"entryPointCount":165,"unprotectedCount":13},[132,138,142],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","wp_footer","add_footer_scripts","blip.php",58,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_init","register_options",653,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_menu","add_admin_menu_item",654,[],[],[149,152,154,157,161],{"tag":23,"callback":150,"file":136,"line":151},"slideshow_shortcode",53,{"tag":4,"callback":150,"file":136,"line":153},54,{"tag":155,"callback":150,"file":136,"line":156},"blip_slideshow",55,{"tag":158,"callback":159,"file":136,"line":160},"blip-version","version_shortcode",56,{"tag":162,"callback":159,"file":136,"line":163},"blip_version",57,[],5,{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":165,"externalRequests":64,"nonceChecks":13,"capabilityChecks":64,"bundledLibraries":231},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":13,"rawEcho":171,"locations":172},33,[173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,202,204,206,208,210,211,213,215,217,218,219,220,221,222,224,225,227,229],{"file":136,"line":75,"context":174},"raw output",{"file":136,"line":176,"context":174},228,{"file":136,"line":178,"context":174},570,{"file":136,"line":180,"context":174},573,{"file":136,"line":182,"context":174},574,{"file":136,"line":184,"context":174},578,{"file":136,"line":186,"context":174},691,{"file":136,"line":188,"context":174},699,{"file":136,"line":190,"context":174},701,{"file":136,"line":192,"context":174},702,{"file":136,"line":194,"context":174},712,{"file":136,"line":196,"context":174},715,{"file":198,"line":171,"context":174},"sample_feed.php",{"file":198,"line":200,"context":174},36,{"file":198,"line":200,"context":174},{"file":198,"line":203,"context":174},37,{"file":198,"line":205,"context":174},39,{"file":198,"line":207,"context":174},40,{"file":198,"line":209,"context":174},44,{"file":198,"line":209,"context":174},{"file":198,"line":212,"context":174},45,{"file":198,"line":214,"context":174},48,{"file":198,"line":216,"context":174},49,{"file":198,"line":153,"context":174},{"file":198,"line":153,"context":174},{"file":198,"line":156,"context":174},{"file":198,"line":163,"context":174},{"file":198,"line":137,"context":174},{"file":198,"line":223,"context":174},63,{"file":198,"line":223,"context":174},{"file":198,"line":226,"context":174},64,{"file":198,"line":228,"context":174},67,{"file":198,"line":230,"context":174},68,[],[233,281],{"entryPoint":234,"graph":235,"unsanitizedCount":279,"severity":280},"Blip_Slideshow_Rss_Reader (blip.php:375)",{"nodes":236,"edges":271},[237,242,246,252,255,258,262,264,266],{"id":238,"type":239,"label":240,"file":136,"line":241},"n0","source","$_SERVER",386,{"id":243,"type":244,"label":245,"file":136,"line":241},"n1","transform","→ get_rss_content_from_http()",{"id":247,"type":248,"label":249,"file":136,"line":250,"wp_function":251},"n2","sink","file_get_contents() [SSRF\u002FLFI]",424,"file_get_contents",{"id":253,"type":239,"label":240,"file":136,"line":254},"n3",388,{"id":256,"type":244,"label":257,"file":136,"line":254},"n4","→ print_document()",{"id":259,"type":248,"label":260,"file":136,"line":184,"wp_function":261},"n5","echo() [XSS]","echo",{"id":263,"type":239,"label":240,"file":136,"line":254},"n6",{"id":265,"type":244,"label":257,"file":136,"line":254},"n7",{"id":267,"type":248,"label":268,"file":136,"line":269,"wp_function":270},"n8","header() [Header Injection]",548,"header",[272,274,275,276,277,278],{"from":238,"to":243,"sanitized":273},false,{"from":243,"to":247,"sanitized":273},{"from":253,"to":256,"sanitized":273},{"from":256,"to":259,"sanitized":273},{"from":263,"to":265,"sanitized":273},{"from":265,"to":267,"sanitized":273},3,"medium",{"entryPoint":282,"graph":283,"unsanitizedCount":350,"severity":280},"\u003Cblip> (blip.php:0)",{"nodes":284,"edges":334},[285,288,289,290,294,296,297,299,300,301,303,305,307,309,311,313,315,317,320,323,326,329,332],{"id":238,"type":239,"label":286,"file":136,"line":287},"$_SERVER (x2)",376,{"id":243,"type":248,"label":249,"file":136,"line":250,"wp_function":251},{"id":247,"type":239,"label":240,"file":136,"line":287},{"id":253,"type":248,"label":291,"file":136,"line":292,"wp_function":293},"fopen() [File Access]",528,"fopen",{"id":256,"type":239,"label":295,"file":136,"line":287},"$_SERVER (x6)",{"id":259,"type":248,"label":268,"file":136,"line":269,"wp_function":270},{"id":263,"type":239,"label":298,"file":136,"line":287},"$_SERVER (x4)",{"id":265,"type":248,"label":260,"file":136,"line":178,"wp_function":261},{"id":267,"type":239,"label":298,"file":136,"line":241},{"id":302,"type":244,"label":245,"file":136,"line":241},"n9",{"id":304,"type":248,"label":249,"file":136,"line":250,"wp_function":251},"n10",{"id":306,"type":239,"label":240,"file":136,"line":254},"n11",{"id":308,"type":244,"label":257,"file":136,"line":254},"n12",{"id":310,"type":248,"label":260,"file":136,"line":184,"wp_function":261},"n13",{"id":312,"type":239,"label":240,"file":136,"line":254},"n14",{"id":314,"type":244,"label":257,"file":136,"line":254},"n15",{"id":316,"type":248,"label":268,"file":136,"line":269,"wp_function":270},"n16",{"id":318,"type":239,"label":240,"file":136,"line":319},"n17",456,{"id":321,"type":244,"label":322,"file":136,"line":319},"n18","→ read_write_cache()",{"id":324,"type":248,"label":249,"file":136,"line":325,"wp_function":251},"n19",507,{"id":327,"type":239,"label":286,"file":136,"line":328},"n20",489,{"id":330,"type":244,"label":331,"file":136,"line":328},"n21","→ poulate_cache()",{"id":333,"type":248,"label":291,"file":136,"line":292,"wp_function":293},"n22",[335,337,338,339,340,341,342,343,344,345,346,347,348,349],{"from":238,"to":243,"sanitized":336},true,{"from":247,"to":253,"sanitized":336},{"from":256,"to":259,"sanitized":336},{"from":263,"to":265,"sanitized":336},{"from":267,"to":302,"sanitized":273},{"from":302,"to":304,"sanitized":273},{"from":306,"to":308,"sanitized":273},{"from":308,"to":310,"sanitized":273},{"from":312,"to":314,"sanitized":273},{"from":314,"to":316,"sanitized":273},{"from":318,"to":321,"sanitized":273},{"from":321,"to":324,"sanitized":273},{"from":327,"to":330,"sanitized":273},{"from":330,"to":333,"sanitized":273},9,{"summary":352,"deductions":353},"The blip-slideshow plugin version 1.2.7 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerability history, indicating a generally stable past. Furthermore, all SQL queries are properly prepared, and there are no known dangerous functions being used. The absence of unpatched CVEs is also a significant strength.\n\nHowever, the static analysis reveals several areas of concern. The most prominent is the complete lack of output escaping for all 33 identified outputs. This presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed in the user's browser. Additionally, the taint analysis shows two flows with unsanitized paths, which, while not reaching critical or high severity, suggest potential weaknesses in how file paths are handled. The presence of file operations without clear indication of sanitization or authorization is also a point to consider. The plugin also lacks nonce checks on its entry points, and only has one capability check across all its entry points, leaving much of its functionality potentially open to unauthorized actions.\n\nIn conclusion, while the plugin benefits from a clean vulnerability history and secure SQL practices, the widespread lack of output escaping and potential issues with path sanitization and authorization are significant weaknesses. The plugin is vulnerable to XSS attacks and potentially other injection-style attacks due to unhandled paths. It is strongly recommended that these issues be addressed to improve the overall security of the plugin.",[354,357,360,363,365],{"reason":355,"points":356},"0% output escaping",12,{"reason":358,"points":359},"2 flows with unsanitized paths",8,{"reason":361,"points":362},"0 nonce checks on entry points",7,{"reason":364,"points":165},"1 capability check across 5 entry points",{"reason":366,"points":165},"5 file operations, context unclear","2026-03-16T22:25:14.072Z",{"wat":369,"direct":385},{"assetPaths":370,"generatorPatterns":373,"scriptPaths":374,"versionParams":382},[371,372],"\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002Fblip.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002Fblip-mootools.js",[],[371,372,375,376,377,378,379,380,381],"\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fslideshow.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fslideshow.flash.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fslideshow.fold.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fslideshow.kenburns.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fslideshow.push.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fmootools-1.3.1-core.js","\u002Fwp-content\u002Fplugins\u002Fblip-slideshow\u002FSlideshow\u002Fjs\u002Fmootools-1.3.1.1-more.js",[383,384],"blip-slideshow?ver=","blip-mootools?ver=",{"cssClasses":386,"htmlComments":388,"htmlAttributes":389,"restEndpoints":391,"jsGlobals":392,"shortcodeOutput":395},[23,387],"slideshow-content",[],[390],"data-slideshow",[],[393,23,394],"blip_slideshow_options","Slideshow",[396,397,398,399,400],"[slideshow]","[blip-slideshow]","[blip_slideshow]","[blip-version]","[blip_version]"]