[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyaC6AWCWldlenrpiOCaNR93BPeqmhsOVTHhQeBIGs7g":3,"$f7P6m_AKLbvvJgQTfElistwAoXf8FE_P9vreVsz-hL2k":304,"$fGvpXKpIGzM-HrQW9I6Ga29yz0pCgbiNHk5A29LfYy5A":308},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":70,"analysis":71,"fingerprints":280},"blog-posts-and-category-for-elementor","Blog, Posts and Category Filter for Elementor","2.1.0","Plugin Devs","https:\u002F\u002Fprofiles.wordpress.org\u002Fplugindevs\u002F","\u003Cp>\u003Cstrong>Blog, Posts and Category Filter for Elementor\u003C\u002Fstrong> lets you filter your Blog posts with Category. You can now display more posts to your users. Your users can now filter posts by category without reloading the page or going to the inner category page. It will save your users time and engage them with your website posts.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">Upgrade to Pro!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Choose Between \u003Cstrong>Posts and Pages\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Filter Posts with \u003Cstrong>Categories\u003C\u002Fstrong> related to Blog Posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Category Selection\u003C\u002Fstrong> to display Posts from only specific Category\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Posts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show or Hide Image\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Choose \u003Cstrong>Image Size\u003C\u002Fstrong> from WordPress Registered \u003Cstrong>Image Sizes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Image Size\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to change \u003Cstrong>Load More, Loading Texts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Fully \u003Cstrong>Customizable Styling Options\u003C\u002Fstrong> for filter buttons to customize the \u003Cstrong>Color, Background, Border\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Other \u003Cstrong>Basic Customizable Styling Options\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Extremely \u003Cstrong>User Friendly\u003C\u002Fstrong> settings panel for coders and non-coders alike.\u003C\u002Fli>\n\u003Cli>Unique Settings for every widgets.\u003C\u002Fli>\n\u003Cli>Support all Modern Browsers: \u003Cstrong>Firefox, Chrome, IE, Safari etc\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Unlimited Widgets on One Page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom CSS\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Basic Support.\u003C\u002Fstrong>\u003Cbr \u002F>\n> \u003Cstrong>More Features are Coming Soon\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">Upgrade to Pro!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>There is also a \u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa> of this plugin. You will get more features and advantages on the \u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>. \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">Blog, Posts and Category Filter for Elementor Pro\u003C\u002Fa>\u003C\u002Fstrong> is a multi-purpose responsive \u003Cstrong>Post Showcase plugin\u003C\u002Fstrong> that allows you to show more \u003Cstrong>Posts (any post type)\u003C\u002Fstrong>. It has plenty of extremely user-friendly options and supports \u003Cstrong>Post, Custom Post, Taxonomy, Custom Taxonomy, Specific Posts, and more\u003C\u002Fstrong>. You can fully \u003Cstrong>Customize the Style\u003C\u002Fstrong> with the \u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">PRO Version\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Choose Posts from \u003Cstrong>Any Post Types (Including Custom Post Types, WooCommerce Products)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Filter Posts by \u003Cstrong>Categories, Tags and Custom Taxonomies\u003C\u002Fstrong> related to \u003Cstrong>Blog Posts, and Custom Post Types\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Filter From \u003Cstrong>Category, Tags, \u003C\u002Fstrong>and\u003Cstrong> other Custom Taxonomies\u003C\u002Fstrong> Related to the \u003Cstrong>Chosen Post Type\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Posts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show or Hide Image\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong> Introduce Ajax Filtering \u003C\u002Fstrong> ***Most Popular\u003C\u002Fli>\n\u003Cli>Choose \u003Cstrong>Image Size\u003C\u002Fstrong> from WordPress Registered \u003Cstrong>Image Sizes\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Image Size\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Include Specific Post\u003C\u002Fstrong> by Search from Chosen Post Type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exclude Specific Post\u003C\u002Fstrong> by Search from Chosen Post Type\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Order Posts\u003C\u002Fstrong> by \u003Cstrong>Publish Date, ID, Post Title, Post Name, Modified Date, Random, Comment Count, and Menu Order\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ordering Posts\u003C\u002Fstrong> in \u003Cstrong>Ascending or Descending Order\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Filter Posts and Pages with \u003Cstrong>Post Status\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ignore Sticky Posts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to Add \u003Cstrong>Multiple Rows\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show or Hide Title\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show or Hide Excerpt\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Show or Hide Read More Button\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to \u003Cstrong>Limit Words\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to \u003Cstrong>Limit Characters\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Custom \u003Cstrong>Load More Icons\u003C\u002Fstrong> from \u003Cstrong>Font Awesome Icon\u003C\u002Fstrong> and \u003Cstrong>SVG Icon\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Custom \u003Cstrong>Loading Icons\u003C\u002Fstrong> from \u003Cstrong>Font Awesome Icon\u003C\u002Fstrong> and \u003Cstrong>SVG Icon\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Customizable Color, Hover, and Background Option to match the slider look with your taste and feel\u003C\u002Fli>\n\u003Cli>Option to change \u003Cstrong>Read More Text\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to change \u003Cstrong>Load More Text\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Option to change \u003Cstrong>Loading Text\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fully Customizable Style\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Choose \u003Cstrong>Spacing Between Items\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Extremely \u003Cstrong>User-Friendly\u003C\u002Fstrong> settings panel for coders and non-coders alike.\u003C\u002Fli>\n\u003Cli>Unique Settings for every carousel.\u003C\u002Fli>\n\u003Cli>Support all Modern Browsers: \u003Cstrong>Firefox, Chrome, IE, Safari, etc\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Unlimited Widgets on One Page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom CSS\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom JS\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>All Free Features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F\" rel=\"nofollow ugc\">Upgrade to Pro!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Blog, Posts and Category Filter for Elementor lets you filter your Blog posts with Category. You can now display more posts to your users.",1000,29313,88,14,"2025-04-26T13:07:00.000Z","6.8.5","6.0","7.4",[20,21,22],"elementor-blog-filter","elementor-category-filter","elementor-post-filter","https:\u002F\u002Fplugin-devs.com\u002Fproduct\u002Felementor-post-category-filter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.2.1.0.zip",91,2,0,"2025-02-03 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32,49],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":27,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-22648","blog-posts-and-category-filter-for-elementor-authenticated-contributor-stored-cross-site-scripting","Blog, Posts and Category Filter for Elementor \u003C= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.0.1","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-30 13:44:01",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3f749054-7aeb-4d37-ba2a-5f15028b2571?source=api-prod",87,[],false,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":37,"affected_versions":54,"patched_in_version":55,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":56,"updated_date":57,"references":58,"days_to_patch":60,"patch_diff_files":61,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":27,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2024-4667","blog-posts-and-category-filter-for-elementor-authenticated-contributor-stored-cross-site-scripting-via-post-and-category","Blog, Posts and Category Filter for Elementor \u003C= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget","The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=1.0.3","2.0.0","2024-07-08 15:42:29","2024-07-09 04:32:56",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=api-prod",1,[],{"slug":63,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},"plugindevs",16,18260,83,60,76,"2026-05-19T21:41:40.754Z",[],{"attackSurface":72,"codeSignals":193,"taintFlows":238,"riskAssessment":266,"analyzedAt":279},{"hooks":73,"ajaxHandlers":173,"restRoutes":189,"shortcodes":190,"cronEvents":191,"entryPointCount":192,"unprotectedCount":192},[74,79,83,87,92,97,100,103,106,109,113,117,121,126,128,133,137,141,146,149,152,156,160,162,167,170],{"type":75,"name":76,"callback":77,"file":78,"line":26},"action","admin_menu","pd_pcf_menu_page","admin\\admin-pages.php",{"type":75,"name":80,"callback":81,"file":78,"line":82},"admin_enqueue_scripts","pd_pcf_custom_css_js_scripts",97,{"type":75,"name":84,"callback":85,"file":78,"line":86},"admin_init","pd_pcf_register_custom_css_setting",110,{"type":75,"name":88,"callback":89,"file":90,"line":91},"admin_notices","wb_nt_help_support_notice","admin\\notices\\support.php",10,{"type":75,"name":93,"callback":94,"file":95,"line":96},"plugins_loaded","init","admin\\post-category-filter-utils.php",15,{"type":75,"name":88,"callback":98,"file":95,"line":99},"admin_notice_missing_main_plugin",21,{"type":75,"name":88,"callback":101,"file":95,"line":102},"admin_notice_minimum_elementor_version",27,{"type":75,"name":88,"callback":104,"file":95,"line":105},"admin_notice_minimum_php_version",33,{"type":75,"name":80,"callback":107,"file":95,"line":108},"admin_scripts_styles",38,{"type":75,"name":110,"callback":111,"file":95,"line":112},"elementor\u002Ffrontend\u002Fafter_enqueue_styles","enqueue_styles",39,{"type":75,"name":114,"callback":115,"file":95,"line":116},"elementor\u002Ffrontend\u002Fafter_register_scripts","enqueue_scripts",42,{"type":75,"name":118,"callback":119,"file":95,"line":120},"elementor\u002Fwidgets\u002Fregister","register_widgets",45,{"type":75,"name":122,"callback":123,"file":124,"line":125},"admin_footer-plugins.php","goodbye_ajax","class-plugin-deactivate-feedback.php",62,{"type":75,"name":80,"callback":80,"file":124,"line":127},65,{"type":129,"name":130,"callback":131,"file":124,"line":132},"filter","wp_mail_content_type","set_content_type",119,{"type":75,"name":88,"callback":134,"file":135,"line":136},"leave_a_review","class-plugin-review.php",19,{"type":75,"name":138,"callback":139,"file":135,"line":140},"admin_footer","review_script",20,{"type":75,"name":142,"callback":143,"file":144,"line":145},"elementor\u002Finit","pd_pcf_create_category","post-and-category-filter-for-elementor.php",43,{"type":75,"name":93,"callback":147,"file":144,"line":148},"pd_pcf_register_function",93,{"type":75,"name":150,"callback":151,"file":144,"line":82},"wp_footer","pd_pcf_display_custom_css",{"type":129,"name":153,"callback":154,"file":144,"line":155},"custom_menu_order","pd_pcf_order_submenu",136,{"type":75,"name":157,"callback":158,"file":144,"line":159},"upgrader_process_complete","pdpcf_setup_plugin_activation_time",146,{"type":75,"name":94,"callback":158,"file":144,"line":161},147,{"type":75,"name":163,"callback":164,"file":165,"line":166},"wp_head","pd_pcf_support_form_ajax_header","support-page\\class-support-page.php",6,{"type":75,"name":80,"callback":168,"file":165,"line":169},"include_promo_page_scripts",142,{"type":75,"name":76,"callback":171,"file":165,"line":172},"show_promo_page_callback_func",172,[174,178,179,183,186],{"action":175,"nopriv":176,"callback":175,"hasNonce":48,"hasCapCheck":48,"file":177,"line":96},"load_posts",true,"class-ajax.php",{"action":175,"nopriv":48,"callback":175,"hasNonce":48,"hasCapCheck":48,"file":177,"line":64},{"action":180,"nopriv":48,"callback":181,"hasNonce":48,"hasCapCheck":48,"file":124,"line":182},"pd_pcf_goodbye_form","goodbye_form_callback",63,{"action":184,"nopriv":48,"callback":185,"hasNonce":48,"hasCapCheck":48,"file":135,"line":99},"pdpcf_review_transient","set_review_transient",{"action":187,"nopriv":48,"callback":187,"hasNonce":48,"hasCapCheck":48,"file":165,"line":188},"process_pd_pcf_promo_form",24,[],[],[],5,{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":197,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":234},[],{"prepared":27,"raw":27,"locations":196},[],{"escaped":198,"rawEcho":199,"locations":200},96,18,[201,204,205,207,209,211,213,214,216,218,220,222,225,227,229,230,231,232],{"file":78,"line":202,"context":203},53,"raw output",{"file":78,"line":182,"context":203},{"file":78,"line":206,"context":203},82,{"file":78,"line":208,"context":203},90,{"file":124,"line":210,"context":203},317,{"file":124,"line":212,"context":203},338,{"file":135,"line":25,"context":203},{"file":144,"line":215,"context":203},107,{"file":165,"line":217,"context":203},13,{"file":165,"line":219,"context":203},101,{"file":165,"line":221,"context":203},206,{"file":223,"line":224,"context":203},"templates\\style-1\\template.php",9,{"file":223,"line":226,"context":203},23,{"file":228,"line":60,"context":203},"templates\\style-2\\template.php",{"file":228,"line":224,"context":203},{"file":228,"line":136,"context":203},{"file":228,"line":188,"context":203},{"file":228,"line":233,"context":203},29,[235],{"name":236,"version":37,"knownCves":237},"jQuery",[],[239,258],{"entryPoint":240,"graph":241,"unsanitizedCount":256,"severity":257},"goodbye_form_callback (class-plugin-deactivate-feedback.php:365)",{"nodes":242,"edges":254},[243,248],{"id":244,"type":245,"label":246,"file":124,"line":247},"n0","source","$_POST (x4)",368,{"id":249,"type":250,"label":251,"file":124,"line":252,"wp_function":253},"n1","sink","update_option() [Settings Manipulation]",369,"update_option",[255],{"from":244,"to":249,"sanitized":48},4,"low",{"entryPoint":259,"graph":260,"unsanitizedCount":256,"severity":257},"\u003Cclass-plugin-deactivate-feedback> (class-plugin-deactivate-feedback.php:0)",{"nodes":261,"edges":264},[262,263],{"id":244,"type":245,"label":246,"file":124,"line":247},{"id":249,"type":250,"label":251,"file":124,"line":252,"wp_function":253},[265],{"from":244,"to":249,"sanitized":48},{"summary":267,"deductions":268},"The plugin exhibits a mixed security posture. While it demonstrates good practices regarding SQL queries, which are all prepared, and a high percentage of properly escaped output, significant concerns arise from its attack surface. All five identified AJAX handlers lack authentication checks, making them potential entry points for unauthorized actions. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential for vulnerabilities if user input is not handled carefully, although these did not reach a critical or high severity in the analysis.\n\nThe plugin has a history of two known medium-severity Cross-Site Scripting (XSS) vulnerabilities. The fact that there are no currently unpatched CVEs is positive, but the recurring nature of XSS issues in its history suggests a persistent weakness in input sanitization or output encoding for certain user-provided data. The recent vulnerability date (2025-02-03) is concerning as it implies recent issues, even if patched.\n\nIn conclusion, while the plugin has some strengths like prepared SQL statements, the substantial number of unprotected AJAX handlers and the historical XSS vulnerabilities are significant weaknesses. These factors, combined with the taint analysis findings, present a notable risk that requires attention, particularly regarding the handling of user-supplied data within the AJAX endpoints.",[269,271,273,275,277],{"reason":270,"points":91},"AJAX handlers without authentication checks",{"reason":272,"points":192},"Taint flows with unsanitized paths",{"reason":274,"points":91},"History of medium severity XSS vulnerabilities",{"reason":276,"points":192},"Lack of nonce checks on AJAX handlers",{"reason":278,"points":192},"Lack of capability checks on AJAX handlers","2026-03-16T18:50:34.822Z",{"wat":281,"direct":290},{"assetPaths":282,"generatorPatterns":285,"scriptPaths":286,"versionParams":287},[283,284],"\u002Fwp-content\u002Fplugins\u002Fblog-posts-and-category-for-elementor\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fblog-posts-and-category-for-elementor\u002Fassets\u002Fjs\u002Fpd-pcf-frontend.js",[],[284],[288,289],"\u002Fwp-content\u002Fplugins\u002Fblog-posts-and-category-for-elementor\u002Fassets\u002Fcss\u002Fmain.css?ver=","\u002Fwp-content\u002Fplugins\u002Fblog-posts-and-category-for-elementor\u002Fassets\u002Fjs\u002Fpd-pcf-frontend.js?ver=",{"cssClasses":291,"htmlComments":293,"htmlAttributes":296,"restEndpoints":301,"jsGlobals":302,"shortcodeOutput":303},[292],"pd_pcf-up-pro-link",[294,295],"\u002F*\nWelcome to the Custom CSS editor!\n\nPlease add all your custom CSS here and avoid modifying the core plugin files. Don't use \u003Cstyle> tag\n*\u002F","\u002F*\nWelcome to the Custom JS editor!\n\nPlease add all your custom JS here and avoid modifying the core plugin files. Don't use \u003Cscript> tag\n*\u002F",[297,298,299,300],"name=\"pd_pcf_custom_css\"","id=\"pd_pcf_custom_css\"","name=\"pd_pcf_custom_js\"","id=\"pd_pcf_custom_js\"",[],[],[],{"error":176,"url":305,"statusCode":306,"statusMessage":307,"message":307},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fblog-posts-and-category-for-elementor\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":91,"versions":309},[310,315,323,330,339,348,357,366,375,384],{"version":6,"download_url":24,"svn_tag_url":311,"released_at":37,"has_diff":48,"diff_files_changed":312,"diff_lines":37,"trac_diff_url":313,"vulnerabilities":314,"is_current":176},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F2.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F2.0.1&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F2.1.0",[],{"version":316,"download_url":317,"svn_tag_url":318,"released_at":37,"has_diff":48,"diff_files_changed":319,"diff_lines":37,"trac_diff_url":320,"vulnerabilities":321,"is_current":48},"2.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.2.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F2.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F2.0.0&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F2.0.1",[322],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":55,"download_url":324,"svn_tag_url":325,"released_at":37,"has_diff":48,"diff_files_changed":326,"diff_lines":37,"trac_diff_url":327,"vulnerabilities":328,"is_current":48},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.2.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F2.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F1.0.3&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F2.0.0",[329],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"version":331,"download_url":332,"svn_tag_url":333,"released_at":37,"has_diff":48,"diff_files_changed":334,"diff_lines":37,"trac_diff_url":335,"vulnerabilities":336,"is_current":48},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.5&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F1.0.3",[337,338],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55},{"version":340,"download_url":341,"svn_tag_url":342,"released_at":37,"has_diff":48,"diff_files_changed":343,"diff_lines":37,"trac_diff_url":344,"vulnerabilities":345,"is_current":48},"0.9.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.0.9.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F0.9.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.4&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.5",[346,347],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55},{"version":349,"download_url":350,"svn_tag_url":351,"released_at":37,"has_diff":48,"diff_files_changed":352,"diff_lines":37,"trac_diff_url":353,"vulnerabilities":354,"is_current":48},"0.9.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.0.9.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F0.9.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.3&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.4",[355,356],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55},{"version":358,"download_url":359,"svn_tag_url":360,"released_at":37,"has_diff":48,"diff_files_changed":361,"diff_lines":37,"trac_diff_url":362,"vulnerabilities":363,"is_current":48},"0.9.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.0.9.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F0.9.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.2&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.3",[364,365],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55},{"version":367,"download_url":368,"svn_tag_url":369,"released_at":37,"has_diff":48,"diff_files_changed":370,"diff_lines":37,"trac_diff_url":371,"vulnerabilities":372,"is_current":48},"0.9.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.0.9.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F0.9.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.1&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.2",[373,374],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55},{"version":376,"download_url":377,"svn_tag_url":378,"released_at":37,"has_diff":48,"diff_files_changed":379,"diff_lines":37,"trac_diff_url":380,"vulnerabilities":381,"is_current":48},"0.9.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.0.9.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F0.9.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.0&new_path=%2Fblog-posts-and-category-for-elementor%2Ftags%2F0.9.1",[382,383],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55},{"version":385,"download_url":386,"svn_tag_url":387,"released_at":37,"has_diff":48,"diff_files_changed":388,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":389,"is_current":48},"0.9.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-posts-and-category-for-elementor.0.9.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fblog-posts-and-category-for-elementor\u002Ftags\u002F0.9.0\u002F",[],[390,391],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":6},{"id":50,"url_slug":51,"title":52,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":55}]