[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbEgXyzbQIXDE55_2yWVbpLlLS8747ErbSy-TqcsJP6Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":54,"analysis":145,"fingerprints":602},"breadcrumbs-shortcode","Breadcrumbs Shortcode","1.48","Puvox Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuvoxsoftware\u002F","\u003Ch4>[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍] :\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>• Revised for security to be reliable and free of vulnerability holes.\u003Cbr \u002F>\n  • Efficient, not to add any extra load\u002Fslowness to site.\u003Cbr \u002F>\n  • Don’t collect private data.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>Show breadcrumbs for posts & categories, with a shortcode \u003Ccode>[breadcrumbs]\u003C\u002Fcode>. You can use that in template files or hooks with plugins.\u003C\u002Fp>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See all available options and their description on plugin’s settings page.\u003C\u002Fp>\n","[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ] Show breadcrumbs for posts, pages and categories",100,6422,3,"2024-10-30T11:24:00.000Z","6.5.8","6.0","",[19,20,21,22],"breadcrumbs","category","post","shortcode","https:\u002F\u002Fpuvox.software\u002Fsoftware\u002Fwordpress-plugins\u002F?plugin=breadcrumbs-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbreadcrumbs-shortcode.zip",92,1,0,"2022-08-01 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"WF-986957ab-7394-457e-9a6f-f6b96b56cd15-breadcrumbs-shortcode","breadcrumbs-shortcode-reflected-cross-site-scripting","Breadcrumbs Shortcode \u003C= 1.44 - Reflected Cross-Site Scripting","The Breadcrumbs Shortcode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.44 due to the use of add_query_arg\u002Fremove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.44","1.45","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F986957ab-7394-457e-9a6f-f6b96b56cd15?source=api-prod",540,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":46,"trust_score":52,"computed_at":53},"puvoxsoftware",16,51190,94,75,"2026-04-04T12:52:51.489Z",[55,72,89,110,128],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":27,"num_ratings":27,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":69,"download_link":70,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"category-posts-shortcode","Category Posts Shortcode","1.2.0","Punit Patel","https:\u002F\u002Fprofiles.wordpress.org\u002Fpunitpatelofficial\u002F","\u003Cp>The Category Posts Shortcode plugin allows you to easily display a list of posts within a specified category on your WordPress website. The plugin adds a new shortcode that can be used within your posts, pages, or widgets. The list of posts is styled to be visually appealing and responsive for various screen sizes.\u003C\u002Fp>\n\u003Cp>To use the shortcode, simply add the following to your WordPress page or post editor, replacing “your-category-slug” with the desired category slug:\u003C\u002Fp>\n\u003Cp>[category_posts category=”your-category-slug”]\u003C\u002Fp>\n\u003Cp>For Multiple Categories:\u003C\u002Fp>\n\u003Cp>[category_posts category=”uncategorized”]\u003Cbr \u002F>\n[category_posts category=”blog”]\u003C\u002Fp>\n","A simple plugin that adds a shortcode to display posts from a specified category.",1883,"2023-10-31T08:39:00.000Z","6.4.8","4.0",[20,68,22],"posts","https:\u002F\u002Fpunitpatel.in\u002Fcategory-posts-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcategory-posts-shortcode.1.2.0.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":27,"num_ratings":27,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":17,"tags":84,"homepage":87,"download_link":88,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"posts-by-category","Posts by Category","1.0.0","Shellbot","https:\u002F\u002Fprofiles.wordpress.org\u002Fshellbot\u002F","\u003Cp>Posts by Category lets you display a list of posts pulled from a particular category or tag, and optionally\u003Cbr \u002F>\ngroup them by year, month or first letter of the post title.\u003C\u002Fp>\n\u003Cp>Current features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set a title to be displayed above list of posts\u003C\u002Fli>\n\u003Cli>Shortcode allows post list to be inserted anywhere\u003C\u002Fli>\n\u003Cli>Limit how many posts should be displayed\u003C\u002Fli>\n\u003Cli>Group posts by year, month or first letter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To display the list of posts, add the following shortcode to your post or page.\u003C\u002Fp>\n\u003Cp>Default settings:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[sb_category_posts]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Custom settings:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[sb_category_posts show=\"10\" cat=\"3\" group_by=\"year\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For full list of parameters see \u003Ca href=\"http:\u002F\u002Fcodebyshellbot.com\u002Fwordpress-plugins\u002Fposts-by-category\u002F\" title=\"Posts by Category\" rel=\"nofollow ugc\">the plugin release page\u003C\u002Fa>\u003C\u002Fp>\n","Display a list of posts from a specific category or tag.",4026,"2018-06-07T13:07:00.000Z","4.9.29","2.9",[20,85,68,22,86],"list","tag","http:\u002F\u002Fcodebyshellbot.com\u002Fwordpress-plugins\u002Fposts-by-category\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-by-category.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":27,"num_ratings":27,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":17,"download_link":109,"security_score":25,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"ks-elementor-shortcode-slider","KS Elementor Shortcode Slider","1.2","coolkul","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoolkul\u002F","\u003Cp>\u003Cstrong>KS Elementor Shortcode Slider\u003C\u002Fstrong> is a \u003Cstrong>flexible and lightweight\u003C\u002Fstrong> WordPress plugin that allows you to create a \u003Cstrong>custom slider\u003C\u002Fstrong> within Elementor using \u003Cstrong>shortcodes or posts\u003C\u002Fstrong>. You can select post categories, customize the transition speed, and enable navigation arrows or numbered pagination dots.\u003C\u002Fp>\n\u003Cp>🎯 \u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Slide Elementor shortcodes or any other shortcodes\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Display WordPress posts as slides\u003C\u002Fstrong> with category selection\u003Cbr \u002F>\n– \u003Cstrong>Enable\u002Fdisable navigation arrows\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Numbered pagination dots for better user experience\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Adjustable transition speed\u003C\u002Fstrong> for smooth animations\u003Cbr \u002F>\n– \u003Cstrong>Lightweight & optimized for performance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>🚀 Perfect for testimonials, product showcases, custom Elementor sections, and more!\u003C\u002Fp>\n\u003Ch3>Video\u003C\u002Fh3>\n\u003Cp>See the plugin in action! Watch our complete setup tutorial and demo:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=cYcsBnF7--g\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=cYcsBnF7–g\u003C\u002Fa>\u003C\u002Fp>\n","KS Elementor Shortcode Slider is a plugin for creating custom sliders in Elementor using shortcodes or posts, with category selection.",40,452,"2025-02-27T10:15:00.000Z","6.7.5","5.6","7.2",[104,105,106,107,108],"category-slider","custom-slider","elementor-shortcode-slider","elementor-slider","post-slider","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fks-elementor-shortcode-slider.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":27,"num_ratings":27,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":17,"tags":123,"homepage":126,"download_link":127,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"display-category-posts-via-shortcode-lite","Display Category Posts Via Shortcode Lite","1.0","vk011","https:\u002F\u002Fprofiles.wordpress.org\u002Fvk011\u002F","\u003Cp>Displays posts with their featured images from a specified category in a responsive grid using a simple shortcode.\u003C\u002Fp>\n\u003Cp>Easily show and display posts from specific categories using a simple shortcode.\u003C\u002Fp>\n\u003Cp>After installation simply go to Settings > DCP Lite to find the plugins page with the shortcode options.\u003C\u002Fp>\n\u003Cp>If you require more features, there is also a premium version of this plugin, \u003Cstrong>Display Category Posts Via Shortcode Pro\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can see the extra features it offers on the  Settings > DCP Lite page.\u003C\u002Fp>\n\u003Cp>Some of those features are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pagination\u003C\u002Fli>\n\u003Cli>Ability to add character limit to your posts which automatically adds the “read more” link at that point, instead of adding the “read more” break yourself to each and every post.\u003C\u002Fli>\n\u003Cli>Ordering of the posts\u003C\u002Fli>\n\u003Cli>How many posts to show in a row (2,3 or 4)\u003C\u002Fli>\n\u003Cli>Ability to turn post titles into links\u003C\u002Fli>\n\u003Cli>Ability to turn posts’ featured images into links\u003C\u002Fli>\n\u003Cli>Show date\u003C\u002Fli>\n\u003Cli>Add “load all” ajax button which loads all the posts at once\u003C\u002Fli>\n\u003Cli>Fetch posts from multiple categories\u003C\u002Fli>\n\u003Cli>Fetch specific posts regardless of their categories\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>You may provide arbitrary sections, in the same format as the ones above.  This may be of use for extremely complicated\u003Cbr \u002F>\nplugins where more information needs to be conveyed that doesn’t fit into the categories of “description” or\u003Cbr \u002F>\n“installation.”  Arbitrary sections will be shown below the built-in sections outlined above.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Some feature\u003C\u002Fli>\n\u003Cli>Another feature\u003C\u002Fli>\n\u003Cli>Something else about the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>something\u003C\u002Fli>\n\u003Cli>something else\u003C\u002Fli>\n\u003Cli>third thing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here’s a link to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" title=\"Your favorite software\" rel=\"ugc\">WordPress\u003C\u002Fa> and one to \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" title=\"Markdown is what the parser uses to process much of the readme file\" rel=\"nofollow ugc\">Markdown’s Syntax Documentation\u003C\u002Fa>.\u003Cbr \u002F>\nTitles are optional, naturally.\u003C\u002Fp>\n\u003Cp>Markdown uses email style notation for blockquotes and I’ve been told:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Asterisks for \u003Cem>emphasis\u003C\u002Fem>. Double it up  for \u003Cstrong>strong\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cpre>\u003Ccode>\u003C?php code(); \u002F\u002F goes in backticks ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Displays posts with their featured images from a specified category in a responsive grid using a simple shortcode. After installation simply go to Se …",20,4014,"2015-08-28T09:27:00.000Z","4.3.34","3.0.1",[20,124,125,68,22],"display","display-posts","http:\u002F\u002Fjultranet.com\u002Fwp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-category-posts-via-shortcode-lite.1.0.zip",{"slug":129,"name":130,"version":113,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":27,"downloaded":135,"rating":27,"num_ratings":27,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":143,"download_link":144,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"md-taxonomy-totals","MD Taxonomy Totals","Mustapha Samios","https:\u002F\u002Fprofiles.wordpress.org\u002Fmotiondigital\u002F","\u003Cp>MD Taxonomy Totals provides a simple and efficient way to display the total number of published posts on your site. Use the \u003Ccode>[mdtt_total_posts]\u003C\u002Fcode> shortcode anywhere on your site to show post counts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Display total published posts count\u003Cbr \u002F>\n* Filter by category (name, slug, or ID)\u003Cbr \u002F>\n* Filter by tag (name, slug, or ID)\u003Cbr \u002F>\n* Combine category and tag filters\u003Cbr \u002F>\n* Automatic number formatting based on locale\u003Cbr \u002F>\n* Admin instructions page accessible via Tools menu\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Showing total blog posts on your homepage\u003Cbr \u002F>\n* Displaying category-specific post counts\u003Cbr \u002F>\n* Tag-based post statistics\u003Cbr \u002F>\n* Portfolio or gallery post counts\u003Cbr \u002F>\n* Any content that needs post count displays\u003C\u002Fp>\n","Display total published posts count using the [mdtt_total_posts] shortcode, with optional filtering by category or tag.",212,"2025-09-12T01:00:00.000Z","6.8.5","5.0","7.4",[20,141,68,22,142],"count","taxonomy","https:\u002F\u002Fmotiondigital.com.au\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmd-taxonomy-totals.1.0.zip",{"attackSurface":146,"codeSignals":265,"taintFlows":456,"riskAssessment":585,"analyzedAt":601},{"hooks":147,"ajaxHandlers":261,"restRoutes":262,"shortcodes":263,"cronEvents":264,"entryPointCount":27,"unprotectedCount":27},[148,154,160,163,169,172,175,178,181,183,186,189,192,194,197,200,202,205,208,211,214,217,221,225,230,232,236,239,242,246,249,252,254,258],{"type":149,"name":150,"callback":151,"file":152,"line":153},"filter","the_content","the_content_filter","index.php",80,{"type":155,"name":156,"callback":157,"priority":26,"file":158,"line":159},"action","wp_head","closure","library.php",4768,{"type":155,"name":161,"callback":157,"priority":26,"file":158,"line":162},"admin_head",4769,{"type":155,"name":164,"callback":165,"priority":166,"file":167,"line":168},"wp_enqueue_scripts","my_styles_hook",9,"library_wp.php",73,{"type":155,"name":170,"callback":165,"priority":166,"file":167,"line":171},"admin_enqueue_scripts",74,{"type":155,"name":173,"callback":157,"file":167,"line":174},"admin_footer",148,{"type":155,"name":176,"callback":157,"file":167,"line":177},"init",163,{"type":155,"name":179,"callback":157,"file":167,"line":180},"admin_init",210,{"type":149,"name":182,"callback":157,"file":167,"line":135},"mce_external_plugins",{"type":149,"name":184,"callback":157,"file":167,"line":185},"mce_buttons_2",213,{"type":149,"name":187,"callback":157,"file":167,"line":188},"tiny_mce_version",215,{"type":155,"name":190,"callback":157,"priority":26,"file":167,"line":191},"wp",231,{"type":155,"name":193,"callback":157,"priority":26,"file":167,"line":46},"plugins_loaded",{"type":155,"name":190,"callback":195,"file":167,"line":196},"my_flush__rewrite",550,{"type":155,"name":198,"callback":157,"file":167,"line":199},"wp_footer",700,{"type":155,"name":176,"callback":157,"file":167,"line":201},711,{"type":155,"name":203,"callback":157,"file":167,"line":204},"wp_loaded",854,{"type":155,"name":206,"callback":157,"file":167,"line":207},"shutdown",859,{"type":155,"name":176,"callback":209,"file":167,"line":210},"load_textdomain",1732,{"type":155,"name":161,"callback":212,"file":167,"line":213},"admin_head_func",1743,{"type":155,"name":215,"callback":157,"file":167,"line":216},"current_screen",1744,{"type":155,"name":190,"callback":218,"priority":219,"file":167,"line":220},"flush_checkpoint",999,1753,{"type":149,"name":222,"callback":223,"priority":26,"file":167,"line":224},"upload_mimes","upload_mimes_filter",1759,{"type":149,"name":226,"callback":227,"priority":228,"file":167,"line":229},"wp_handle_upload","wp_handle_upload_filter",10,1760,{"type":155,"name":176,"callback":157,"file":167,"line":231},1822,{"type":155,"name":233,"callback":234,"file":167,"line":235},"network_admin_menu","plugin__add_menu_or_submenu",1912,{"type":155,"name":237,"callback":234,"file":167,"line":238},"admin_menu",1914,{"type":155,"name":240,"callback":157,"file":167,"line":241},"activated_plugin",1916,{"type":155,"name":243,"callback":244,"file":167,"line":245},"network_admin_notices","admin_error_notice_pro",2103,{"type":155,"name":247,"callback":244,"file":167,"line":248},"admin_notices",2104,{"type":149,"name":250,"callback":157,"priority":228,"file":167,"line":251},"wp_php_error_message",2187,{"type":155,"name":198,"callback":157,"file":167,"line":253},2375,{"type":149,"name":255,"callback":256,"file":167,"line":257},"widget_text","do_shortcode",2399,{"type":149,"name":259,"callback":157,"file":167,"line":260},"site_transient_update_plugins",3266,[],[],[],[],{"dangerousFunctions":266,"sqlUsage":271,"outputEscaping":306,"fileOperations":451,"externalRequests":452,"nonceChecks":453,"capabilityChecks":454,"bundledLibraries":455},[267],{"fn":268,"file":158,"line":269,"context":270},"unserialize",3813,"if ( @unserialize($serialized_string) !== false ) \treturn $serialized_string;",{"prepared":272,"raw":273,"locations":274},46,14,[275,278,280,282,284,287,289,291,293,295,298,300,302,304],{"file":158,"line":276,"context":277},645,"$wpdb->query() with variable interpolation",{"file":167,"line":279,"context":277},784,{"file":167,"line":281,"context":277},785,{"file":167,"line":283,"context":277},1023,{"file":167,"line":285,"context":286},1224,"$wpdb->get_var() with variable interpolation",{"file":167,"line":288,"context":277},1353,{"file":167,"line":290,"context":277},1355,{"file":167,"line":292,"context":277},1368,{"file":167,"line":294,"context":277},1420,{"file":167,"line":296,"context":297},1421,"$wpdb->get_results() with variable interpolation",{"file":167,"line":299,"context":277},1430,{"file":167,"line":301,"context":277},1434,{"file":167,"line":303,"context":297},3058,{"file":167,"line":305,"context":277},3074,{"escaped":153,"rawEcho":168,"locations":307},[308,311,313,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,357,358,360,362,364,366,368,370,372,374,376,378,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449],{"file":152,"line":309,"context":310},321,"raw output",{"file":152,"line":312,"context":310},330,{"file":152,"line":312,"context":310},{"file":158,"line":315,"context":310},480,{"file":158,"line":317,"context":310},2316,{"file":158,"line":319,"context":310},2915,{"file":158,"line":321,"context":310},3231,{"file":158,"line":323,"context":310},3238,{"file":158,"line":325,"context":310},3278,{"file":158,"line":327,"context":310},3391,{"file":158,"line":329,"context":310},3646,{"file":158,"line":331,"context":310},4194,{"file":158,"line":333,"context":310},4195,{"file":158,"line":335,"context":310},4245,{"file":158,"line":337,"context":310},4247,{"file":158,"line":339,"context":310},4442,{"file":158,"line":341,"context":310},4451,{"file":158,"line":343,"context":310},4453,{"file":158,"line":345,"context":310},4602,{"file":158,"line":347,"context":310},4694,{"file":158,"line":349,"context":310},4698,{"file":158,"line":351,"context":310},4705,{"file":158,"line":353,"context":310},4716,{"file":158,"line":355,"context":310},4722,{"file":158,"line":159,"context":310},{"file":158,"line":162,"context":310},{"file":158,"line":359,"context":310},5119,{"file":158,"line":361,"context":310},5121,{"file":167,"line":363,"context":310},396,{"file":167,"line":365,"context":310},401,{"file":167,"line":367,"context":310},410,{"file":167,"line":369,"context":310},442,{"file":167,"line":371,"context":310},576,{"file":167,"line":373,"context":310},655,{"file":167,"line":375,"context":310},660,{"file":167,"line":377,"context":310},674,{"file":167,"line":377,"context":310},{"file":167,"line":380,"context":310},1312,{"file":167,"line":382,"context":310},1317,{"file":167,"line":384,"context":310},1328,{"file":167,"line":386,"context":310},2320,{"file":167,"line":388,"context":310},2499,{"file":167,"line":390,"context":310},2513,{"file":167,"line":392,"context":310},2551,{"file":167,"line":394,"context":310},2553,{"file":167,"line":396,"context":310},2554,{"file":167,"line":398,"context":310},2582,{"file":167,"line":400,"context":310},2586,{"file":167,"line":402,"context":310},2589,{"file":167,"line":404,"context":310},2636,{"file":167,"line":406,"context":310},2656,{"file":167,"line":408,"context":310},2666,{"file":167,"line":410,"context":310},2671,{"file":167,"line":412,"context":310},2673,{"file":167,"line":414,"context":310},2700,{"file":167,"line":416,"context":310},2707,{"file":167,"line":418,"context":310},2754,{"file":167,"line":420,"context":310},2769,{"file":167,"line":422,"context":310},2782,{"file":167,"line":424,"context":310},2789,{"file":167,"line":426,"context":310},2790,{"file":167,"line":428,"context":310},2791,{"file":167,"line":430,"context":310},2796,{"file":167,"line":432,"context":310},2798,{"file":167,"line":434,"context":310},2806,{"file":167,"line":436,"context":310},2867,{"file":167,"line":438,"context":310},2981,{"file":167,"line":440,"context":310},2997,{"file":167,"line":442,"context":310},3006,{"file":167,"line":444,"context":310},3148,{"file":167,"line":446,"context":310},3393,{"file":167,"line":448,"context":310},3420,{"file":167,"line":450,"context":310},3423,19,4,5,2,[],[457,474,483,494,504,544,555,576],{"entryPoint":458,"graph":459,"unsanitizedCount":26,"severity":39},"force_redirect_to_https (library.php:103)",{"nodes":460,"edges":471},[461,466],{"id":462,"type":463,"label":464,"file":158,"line":465},"n0","source","$_SERVER['REQUEST_URI']",104,{"id":467,"type":468,"label":469,"file":158,"line":465,"wp_function":470},"n1","sink","header() [Header Injection]","header",[472],{"from":462,"to":467,"sanitized":473},false,{"entryPoint":475,"graph":476,"unsanitizedCount":26,"severity":39},"password_site (library.php:2312)",{"nodes":477,"edges":481},[478,480],{"id":462,"type":463,"label":464,"file":158,"line":479},2315,{"id":467,"type":468,"label":469,"file":158,"line":479,"wp_function":470},[482],{"from":462,"to":467,"sanitized":473},{"entryPoint":484,"graph":485,"unsanitizedCount":26,"severity":39},"redirect_to_https (library.php:3790)",{"nodes":486,"edges":492},[487,490],{"id":462,"type":463,"label":488,"file":158,"line":489},"$_SERVER",3793,{"id":467,"type":468,"label":469,"file":158,"line":491,"wp_function":470},3795,[493],{"from":462,"to":467,"sanitized":473},{"entryPoint":495,"graph":496,"unsanitizedCount":26,"severity":39},"redirect_to_nonwww (library.php:3800)",{"nodes":497,"edges":502},[498,500],{"id":462,"type":463,"label":488,"file":158,"line":499},3802,{"id":467,"type":468,"label":469,"file":158,"line":501,"wp_function":470},3804,[503],{"from":462,"to":467,"sanitized":473},{"entryPoint":505,"graph":506,"unsanitizedCount":166,"severity":39},"\u003Clibrary> (library.php:0)",{"nodes":507,"edges":538},[508,510,511,514,519,521,526,529,531,534],{"id":462,"type":463,"label":509,"file":158,"line":465},"$_SERVER['REQUEST_URI'] (x2)",{"id":467,"type":468,"label":469,"file":158,"line":465,"wp_function":470},{"id":512,"type":463,"label":488,"file":158,"line":513},"n2",256,{"id":515,"type":468,"label":516,"file":158,"line":517,"wp_function":518},"n3","wp_remote_get() [SSRF]",3066,"wp_remote_get",{"id":520,"type":463,"label":488,"file":158,"line":513},"n4",{"id":522,"type":468,"label":523,"file":158,"line":524,"wp_function":525},"n5","wp_remote_post() [SSRF]",3072,"wp_remote_post",{"id":527,"type":463,"label":528,"file":158,"line":489},"n6","$_SERVER (x2)",{"id":530,"type":468,"label":469,"file":158,"line":491,"wp_function":470},"n7",{"id":532,"type":463,"label":533,"file":158,"line":513},"n8","$_SERVER (x3)",{"id":535,"type":468,"label":536,"file":158,"line":335,"wp_function":537},"n9","echo() [XSS]","echo",[539,540,541,542,543],{"from":462,"to":467,"sanitized":473},{"from":512,"to":515,"sanitized":473},{"from":520,"to":522,"sanitized":473},{"from":527,"to":530,"sanitized":473},{"from":532,"to":535,"sanitized":473},{"entryPoint":545,"graph":546,"unsanitizedCount":27,"severity":554},"ajax_backend_call (library_wp.php:432)",{"nodes":547,"edges":551},[548,550],{"id":462,"type":463,"label":549,"file":167,"line":369},"$_POST['PRO_check_key']",{"id":467,"type":468,"label":536,"file":167,"line":369,"wp_function":537},[552],{"from":462,"to":467,"sanitized":553},true,"low",{"entryPoint":556,"graph":557,"unsanitizedCount":27,"severity":554},"\u003Clibrary_wp> (library_wp.php:0)",{"nodes":558,"edges":572},[559,560,561,564,568,571],{"id":462,"type":463,"label":549,"file":167,"line":369},{"id":467,"type":468,"label":536,"file":167,"line":369,"wp_function":537},{"id":512,"type":463,"label":562,"file":167,"line":563},"$_POST (x2)",1454,{"id":515,"type":468,"label":565,"file":167,"line":566,"wp_function":567},"get_var() [SQLi]",1456,"get_var",{"id":520,"type":463,"label":569,"file":167,"line":570},"$_POST",2527,{"id":522,"type":468,"label":536,"file":167,"line":420,"wp_function":537},[573,574,575],{"from":462,"to":467,"sanitized":553},{"from":512,"to":515,"sanitized":553},{"from":520,"to":522,"sanitized":553},{"entryPoint":577,"graph":578,"unsanitizedCount":454,"severity":584},"change_slug_2_old (library_wp.php:1451)",{"nodes":579,"edges":582},[580,581],{"id":462,"type":463,"label":562,"file":167,"line":563},{"id":467,"type":468,"label":565,"file":167,"line":566,"wp_function":567},[583],{"from":462,"to":467,"sanitized":473},"high",{"summary":586,"deductions":587},"The \"breadcrumbs-shortcode\" plugin v1.48 exhibits a mixed security posture. While it boasts a zero attack surface, zero shortcodes, and a notable percentage of SQL queries using prepared statements, there are significant areas of concern. The presence of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution if user-controlled data is unserialized without proper validation. This is further exacerbated by taint analysis revealing flows with unsanitized paths, including one of high severity. The plugin's history shows one medium severity Cross-Site Scripting (XSS) vulnerability discovered in August 2022, indicating a past struggle with output sanitization. Although there are no currently unpatched CVEs, the past XSS vulnerability and the current code signals, particularly the `unserialize` function and unsanitized taint flows, suggest a non-negligible risk. The plugin demonstrates some good practices like capability checks and nonces, but these are undermined by the potential for deserialization vulnerabilities and inadequate input sanitization in critical flows.",[588,591,594,597,599],{"reason":589,"points":590},"Presence of unserialize function",15,{"reason":592,"points":593},"High severity taint flow found",12,{"reason":595,"points":596},"Flows with unsanitized paths found",8,{"reason":598,"points":228},"Past medium severity XSS vulnerability",{"reason":600,"points":453},"Only 52% of output properly escaped","2026-03-16T20:52:46.324Z",{"wat":603,"direct":610},{"assetPaths":604,"generatorPatterns":606,"scriptPaths":607,"versionParams":608},[605],"\u002Fwp-content\u002Fplugins\u002Fbreadcrumbs-shortcode\u002Fassets\u002Fbreadcrumbs.css",[],[],[609],"breadcrumbs-shortcode\u002Fassets\u002Fbreadcrumbs.css?ver=",{"cssClasses":611,"htmlComments":614,"htmlAttributes":615,"restEndpoints":618,"jsGlobals":619,"shortcodeOutput":620},[612,613],"delimiter","delimiter1",[],[616,617],"data-shortcode","data-shortcode-id",[],[],[621,622,623],"[breadcrumbs","\u003Cspan class=\"delimiter\">","\u003Cspan class=\"delimiter1\">"]