[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXdlKC_-dfDvTu-F6i0K3owAi8Let-K5CMIqwjWtosLA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":139,"fingerprints":229},"boss-banner-ad","Boss Banner Ad","1.2","kaser","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaser\u002F","\u003Cp>This pluging simply allows you to link an image together with out the knowledge of html and simply be able to put the code where ever you want your image to show up.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>you can use it in a widget area\u003C\u002Fli>\n\u003Cli>you can use it in any area that accepts shortcodes\u003C\u002Fli>\n\u003Cli>you can even put it right into the template file itself!\u003C\u002Fli>\n\u003C\u002Ful>\n","Put A Banner image any where you want with ease!",10,4203,0,"2013-07-19T00:30:00.000Z","3.5.2","",[18,19,20,21,22],"advertisement","banner","image-link","post","widget","http:\u002F\u002Fwww.CSSBoss.com\u002Fboss_banner_ad","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fboss-banner-ad.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,410,30,84,"2026-04-03T23:38:17.939Z",[36,55,73,93,117],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":30,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":16,"tags":50,"homepage":53,"download_link":54,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"banner-upload","Banner Upload","1.6","M A Vinoth Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinoth06\u002F","\u003Cp>Easy way to display the different size of banner advertisements in WordPress using widgets\u003C\u002Fp>\n\u003Cp>Through this plugin admin can,\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload the banner ads through widget.\u003C\u002Fli>\n\u003Cli>Specify the banner ads width and height size using px.\u003C\u002Fli>\n\u003Cli>Create multiple banner ads using widgets.\u003C\u002Fli>\n\u003Cli>Specific the link for that advertisement, so that when users click the banner, the link will be opened in new window.\u003C\u002Fli>\n\u003Cli>Add the custom title for their widget.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbuffercode.com\u002Fplugin\u002Fbanner-upload-wordpress-plugin\" rel=\"nofollow ugc\">For Support\u003C\u002Fa>\u003C\u002Fp>\n","Easy way to display the different size of banner advertisements in WordPress using widgets",500,34354,100,"2017-03-14T08:24:00.000Z","4.7.32","4.3",[51,18,19,52,22],"ads","banner-ads","http:\u002F\u002Fbuffercode.com\u002Fproject\u002Fbanner-upload\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbanner-upload.1.6.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":46,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":16,"tags":68,"homepage":71,"download_link":72,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"mhr-banner","MHR-Banner [Show banner\u002Fadvertisement on page footer]","2.0","mahadirz","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahadirz\u002F","\u003Cp>Floating footer banner\u003C\u002Fp>\n\u003Cp>Publish your banner\u002Fadvertisement in unique way, on page footer.Support all images format including bmp,jpeg,\u003Cbr \u002F>\njpg,png,gif,etc.\u003C\u002Fp>\n\u003Cp>visit plugin site: http:\u002F\u002Fwww.mahadirlab.com\u002Fen\u002Fmhr-banner\u003C\u002Fp>\n\u003Ch4>Please note\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>After activating this plugin please go to \u003Cem>Settings\u003C\u002Fem> menu and select enable MHR-Banner to enable it.\u003C\u002Fli>\n\u003Cli>For Banner URL you must use full address with ‘http:\u002F\u002F’. \u003C\u002Fli>\n\u003Cli>Make sure your banner width setting did not exceed your width screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Did you like it?\u003C\u002Fh3>\n\u003Cp>Did it help? If you like this plugin and find it useful, please consider donating\u003Cbr \u002F>\nConsider donating: http:\u002F\u002Fwww.mahadirlab.com\u002Fen\u002Fmhr-banner\u002F\u003C\u002Fp>\n\u003Cp>And \u003Cem>please\u003C\u002Fem> rate this plugin –> 🙂  Thanks!\u003C\u002Fp>\n\u003Cp>Follow me on Twitter @mahadirz\u003Cbr \u002F>\nhttp:\u002F\u002Ftwitter.com\u002Fmahadirz\u003C\u002Fp>\n","Floating footer banner",10358,1,"2011-06-12T12:18:00.000Z","3.1.4","2",[18,19,69,21,70],"google","posts","http:\u002F\u002Fwww.mahadirlab.com\u002Fen\u002Fmhr-banner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmhr-banner.2.0.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":82,"num_ratings":64,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":16,"tags":86,"homepage":90,"download_link":91,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":92},"post-introduction-disclaimer-announcements-widget","Post Intro Disclaimer Announcements","1.0.1","Nate Finch","https:\u002F\u002Fprofiles.wordpress.org\u002Ffinchps\u002F","\u003Cp>Use this plugin to place a disclaimer widget into a custom widget area, which will display on all posts or in specific categories.\u003C\u002Fp>\n\u003Cp>After activating the plugin, you will find a new widget area and a new widget available in the Appearance>>Widgets section of your WordPress admin. Both the new widget and widget area are called \\”Post Intro Disclaimer Announcements\\” (hereafter PIDA). Drag the new PIDA widget to the new PIDA widget area. Once it is in the widget area, you can add content to the text area and select the colors you want to use.\u003C\u002Fp>\n\u003Cp>The PIDA widget comes with default highlight, text color and background color settings. If you change the colors, save, and want to revert to the defaults, just delete the current colors in the input fields, and upon saving, the widget will revert the colors to the defaults.\u003C\u002Fp>\n\u003Cp>If you have any questions, suggestions or would like to report a bug, you can do so at the plugin\\’s repo on GitHub by opening a new issue: https:\u002F\u002Fgithub.com\u002Fn8finch\u002Fpost-intro-disclaimer-announcement-widget\u002Fissues\u003C\u002Fp>\n","Place a disclaimer widget into a custom widget area, which will display on all posts or in specific categories.",1395,20,"2016-09-01T00:40:00.000Z","4.6.30","4.4",[87,19,88,89,21,22],"announcement","blog","disclaimer","https:\u002F\u002Fgithub.com\u002Fn8finch\u002Fpost-intro-disclaimer-announcement-widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-introduction-disclaimer-announcements-widget.zip","2026-03-15T14:54:45.397Z",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":16,"tags":108,"homepage":114,"download_link":115,"security_score":116,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"ele-custom-skin","Elementor Custom Skin","3.1.9","dudaster","https:\u002F\u002Fprofiles.wordpress.org\u002Fdudaster\u002F","\u003Cp>This plugin adds new skin to Elementor Page Builder Posts and Posts Archive widget.\u003C\u002Fp>\n\u003Cp>You can design a loop item just like a single template and it would be used as a skin so you can be able to create a post grid the way you like.\u003C\u002Fp>\n\u003Cp>All you have to do is to create a Custom Grid Template and place the Post Item Widget (placeholder) in your template made with sections and columns, and why not other widgets.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FDwLFdaZ69KU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=94&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>For a quick tutorial see Frequently Asked Questions!\u003C\u002Fp>\n\u003Cp>For more details and demo check our official site https:\u002F\u002Fdudaster.com\u002F\u003C\u002Fp>\n\u003Cp>Note: This plugin is an addon of Elementor Page Builder (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor\u002F) and will only work with Elementor Page Builder installed.\u003C\u002Fp>\n\u003Cp>Also check \u003Ca href=\"https:\u002F\u002Fdudaster.com\u002Fecs-pro\u002F\" rel=\"nofollow ugc\">Elementor Custom Skin Pro\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>You can expand your freedom in more ways than you can imagine. Check it out at https:\u002F\u002Fdudaster.com\u002Fecs-pro\u002F !\u003C\u002Fp>\n","Create new skins for Elementor PRO 3.x page builder. Design your own skins for Post and Post Archive Widgets using Elementor Loop Templates.",100000,1491073,94,116,"2024-04-11T09:40:00.000Z","6.5.8","5.0",[109,110,111,112,113],"archive-list","elementor","loop","page-builder","post-widget","https:\u002F\u002Fdudaster.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fele-custom-skin.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":101,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":16,"tags":131,"homepage":135,"download_link":136,"security_score":137,"vuln_count":64,"unpatched_count":13,"last_vuln_date":138,"fetched_at":27},"image-widget","Image Widget","4.4.11","StellarWP","https:\u002F\u002Fprofiles.wordpress.org\u002Fstellarwp\u002F","\u003Cp>Image Widget is a simple plugin that uses the native WordPress media manager to add image widgets to your site.\u003C\u002Fp>\n\u003Ch4>Image Widget Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Responsive\u003C\u002Fli>\n\u003Cli>MU Compatible\u003C\u002Fli>\n\u003Cli>Handles image resizing and alignment\u003C\u002Fli>\n\u003Cli>Link the image\u003C\u002Fli>\n\u003Cli>Add title and description\u003C\u002Fli>\n\u003Cli>Versatile – all fields are optional\u003C\u002Fli>\n\u003Cli>Upload, link to external image, or select an image from your media collection\u003C\u002Fli>\n\u003Cli>Customize the look & feel with filter hooks or theme overrides\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Quality You Can Trust\u003C\u002Fh4>\n\u003Cp>Image Widget is developed and maintained by \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F1aor\" rel=\"nofollow ugc\">The Events Calendar\u003C\u002Fa>, the same folks behind \u003Ca href=\"https:\u002F\u002Fevnt.is\u002F19me\" rel=\"nofollow ugc\">The Events Calendar, Event Tickets, and a full suite of premium plugins\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is actively supported by our team and contributions from community members. If you see a question in the forum you can help with or have a great idea and want to code it up or submit a patch, that would be awesome! Not only will we shower you with praise and thanks, it’s also a good way to get to know us and lead into options for paid work if you freelance.\u003C\u002Fp>\n\u003Ch4>Pull Requests & Translations\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthe-events-calendar\u002Fimage-widget\" rel=\"nofollow ugc\">Check us out on GitHub\u003C\u002Fa> to pull request changes.\u003C\u002Fp>\n\u003Cp>Translations can be submitted \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fimage-widget\" rel=\"nofollow ugc\">here on WordPress.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The built in template can be overridden by files within your template.\u003C\u002Fp>\n\u003Ch4>Default vs. Custom Templates\u003C\u002Fh4>\n\u003Cp>The Image Widget comes with a default template for the widget output. If you would like to alter the widget display code, create a new folder called “image-widget” in your template directory and copy over the “views\u002Fwidget.php” file.\u003C\u002Fp>\n\u003Cp>Edit the new file to your hearts content. Please do not edit the one in the plugin folder as that will cause conflicts when you update the plugin to the latest release.\u003C\u002Fp>\n\u003Cp>New in 3.2: You may now also use the “sp_template_image-widget_widget.php” filter to override the default template behavior for .php template files. Eg: if you wanted widget.php to reside in a folder called my-custom-templates\u002F and wanted it to be called my-custom-name.php:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('sp_template_image-widget_widget.php', 'my_template_filter');\nfunction my_template_filter($template) {\n    return get_template_directory() . '\u002Fmy-custom-templates\u002Fmy-custom-name.php';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>There are a number of filters in the code that will allow you to override data as you see fit. The best way to learn what filters are available is always by simply searching the code for ‘apply_filters’. But all the same, here are a few of the more essential filters:\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_title\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>This is actually a pretty typical filter in widgets and is applied to the widget title.\u003C\u002Fp>\n\u003Cp>\u003Cem>widget_text\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Another very typical widget filter that is applied to the description body text. This filter also takes 2 additional arguments for $args and $instance so that you can learn more about the specific widget instance in the process of filtering the content.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attachment_id\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the attachment id of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_url\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url of the image displayed in the widget.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nTHIS IS DEPRECATED AND WILL EVENTUALLY BE DELETED\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_width\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display width of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_height\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display height of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxwidth\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-width style of the image. Hint: override this to use this in responsive designs 🙂\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to ‘100%’).\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_maxheight\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the inline max-height style of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003Cbr \u002F>\nReturn null to remove this css from the image output (defaults to null)\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_size\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the selected image ‘size’ corresponding to WordPress registered sizes.\u003Cbr \u002F>\nIf this is set to ‘tribe_image_widget_custom’ then the width and height are used instead.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_align\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the display alignment of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_alt\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the alt text of the image.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the url that the image links to.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_link_target\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters the link target of the image link.\u003Cbr \u002F>\nAccepts additional $args and $instance arguments.\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_image_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of image attributes used in the image output. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Cp>\u003Cem>image_widget_link_attributes\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Filters a list of attributes used in the image link. Similar to ‘wp_get_attachment_image_attributes’\u003Cbr \u002F>\nAccepts $instance arguments\u003C\u002Fp>\n\u003Ch4>Have You Supported the Image Widget?\u003C\u002Fh4>\n\u003Cp>If so, then THANK YOU! Also, feel free to add this line to your wp-config.php file to prevent the image widget from displaying a message after upgrades.\u003C\u002Fp>\n\u003Cp>define( ‘I_HAVE_SUPPORTED_THE_IMAGE_WIDGET’, true );\u003C\u002Fp>\n\u003Cp>For more info on the philosophy here, check out our \u003Ca href=\"http:\u002F\u002Ftri.be\u002Fdefine-i-have-donated-true\u002F\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>\u003C\u002Fp>\n","A simple image widget that uses the native WordPress media manager to add image widgets to your site.",4620377,98,287,"2024-11-20T20:44:00.000Z","6.7.5","3.5",[132,19,133,134,22],"ad","image","sidebar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-widget.4.4.11.zip",91,"2024-11-22 00:00:00",{"attackSurface":140,"codeSignals":157,"taintFlows":213,"riskAssessment":214,"analyzedAt":228},{"hooks":141,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":156,"entryPointCount":64,"unprotectedCount":13},[142],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","widgets_init","anonymous","includes\\widget.php",108,[],[],[151],{"tag":152,"callback":153,"file":154,"line":155},"boss_banner","boss_banner_shortcode","includes\\shortcode.php",23,[],{"dangerousFunctions":158,"sqlUsage":162,"outputEscaping":164,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":212},[159],{"fn":160,"file":146,"line":147,"context":161},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget( \"boss_banner_ad_widget\" );' ) );",{"prepared":13,"raw":13,"locations":163},[],{"escaped":165,"rawEcho":166,"locations":167},14,27,[168,171,173,174,176,178,179,181,183,184,186,188,189,191,193,194,196,198,199,201,203,204,205,207,208,209,210],{"file":146,"line":169,"context":170},38,"raw output",{"file":146,"line":172,"context":170},39,{"file":146,"line":172,"context":170},{"file":146,"line":175,"context":170},42,{"file":146,"line":177,"context":170},43,{"file":146,"line":177,"context":170},{"file":146,"line":180,"context":170},46,{"file":146,"line":182,"context":170},47,{"file":146,"line":182,"context":170},{"file":146,"line":185,"context":170},50,{"file":146,"line":187,"context":170},51,{"file":146,"line":187,"context":170},{"file":146,"line":190,"context":170},54,{"file":146,"line":192,"context":170},55,{"file":146,"line":192,"context":170},{"file":146,"line":195,"context":170},58,{"file":146,"line":197,"context":170},59,{"file":146,"line":197,"context":170},{"file":146,"line":200,"context":170},63,{"file":146,"line":202,"context":170},64,{"file":146,"line":202,"context":170},{"file":146,"line":46,"context":170},{"file":146,"line":206,"context":170},102,{"file":146,"line":206,"context":170},{"file":146,"line":206,"context":170},{"file":146,"line":206,"context":170},{"file":146,"line":211,"context":170},104,[],[],{"summary":215,"deductions":216},"The boss-banner-ad plugin v1.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices in its SQL query handling, exclusively using prepared statements, and shows no external HTTP requests or file operations.  The vulnerability history is also clean, with no known CVEs, suggesting a well-maintained or less-targeted plugin.\n\nHowever, significant concerns arise from the static code analysis. The presence of a dangerous `create_function` call is a red flag, as this function is deprecated and can lead to code injection vulnerabilities if not handled with extreme care. Furthermore, the plugin has a concerningly low rate of output escaping (only 34% properly escaped). This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly in the browser without proper sanitization.\n\nWhile the attack surface is currently small and appears to have no direct unprotected entry points identified, the lack of explicit capability checks and nonce checks across its limited entry points (a single shortcode) is worrisome. In conjunction with the poor output escaping, this could allow for privilege escalation or unauthorized actions if an attacker can control the input to the shortcode and bypass any implicit WordPress checks. The absence of any recorded past vulnerabilities is a positive indicator, but it should not overshadow the critical issues identified in the current code.",[217,220,223,226],{"reason":218,"points":219},"Dangerous function used (create_function)",15,{"reason":221,"points":222},"Low percentage of output escaping",12,{"reason":224,"points":225},"Missing nonce checks",7,{"reason":227,"points":225},"Missing capability checks","2026-03-17T00:22:34.415Z",{"wat":230,"direct":235},{"assetPaths":231,"generatorPatterns":232,"scriptPaths":233,"versionParams":234},[],[],[],[],{"cssClasses":236,"htmlComments":237,"htmlAttributes":238,"restEndpoints":239,"jsGlobals":240,"shortcodeOutput":241},[],[],[],[],[],[242],"\u003Ca href=\"http:\u002F\u002Fwww.cssboss.com\" target=\"_blank\" rel=\"nofollow\">\u003Cimg src=\"http:\u002F\u002Fcssboss.com\u002Fwp-content\u002Fuploads\u002F2012\u002F02\u002Fcssbosslogo.png\" width=\"300\" height=\"200\" alt=\"cssboss\"\u002F>\u003C\u002Fa>"]