[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXtqNq4N5YBQuYw4HlQGdBxT3uR_dt1tL_08mNX8inYA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":20,"unpatched_count":20,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":29,"analysis":30,"fingerprints":363},"bs-banners","BS Banners","3.6.8","albanotoska","https:\u002F\u002Fprofiles.wordpress.org\u002Falbanotoska\u002F","\u003Cblockquote>\n\u003Cp>\n        \u003Cstrong>BS Banners Plugin for WordPress\u003C\u002Fstrong>\n    \u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>BS Banners is a WordPress plugin that adds 20 different Banners, with Title, description, link and Image. It is also compatible with WPBakery Page Builder(formerly Visual Composer). You can find the element on the builder named “BS Banners”. It is compatible with TinyMCE WordPress Editor. You Should find a button element that adds the shortcode and asks for atributes to be inputed!\u003C\u002Fp>\n\u003Ch3>Quick Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Falbanotoska.com\u002Fbsbanners\u002F\" rel=\"nofollow ugc\">Demo (Features)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Falbanotoska.com\u002F#contact\" rel=\"nofollow ugc\">Contact Us\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbs-banners\u002F\" rel=\"ugc\">Plugin on WordPress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cul>\n\u003Cli>20 Hover Effects\u003C\u002Fli>\n\u003Cli>Pure CSS Animations\u003C\u002Fli>\n\u003Cli>WPBakery(formerly Visual Composer) and Elementor full Support\u003C\u002Fli>\n\u003Cli>Super easy Installation\u003C\u002Fli>\n\u003Cli>Image Upload from media\u003C\u002Fli>\n\u003Cli>External link for each hover item\u003C\u002Fli>\n\u003Cli>100% Responsive\u003C\u002Fli>\n\u003Cli>Easy and Fastest to Setup\u003C\u002Fli>\n\u003Cli>Shortcode Generator\u003C\u002Fli>\n\u003Cli>All Major browser supported\u003C\u002Fli>\n\u003C\u002Ful>\n","Copyright (C) Albano Toska Tags: image hover effects for wpbakery page builder, image caption hover for wpbakery page builder, visual composer image h &hellip;",100,9660,2,"2022-06-13T16:46:00.000Z","",[],"https:\u002F\u002Falbanotoska.com\u002Fbsbanners\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbs-banners.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":25,"avg_security_score":19,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},3100,30,84,"2026-04-04T20:21:13.976Z",[],{"attackSurface":31,"codeSignals":84,"taintFlows":356,"riskAssessment":357,"analyzedAt":362},{"hooks":32,"ajaxHandlers":74,"restRoutes":75,"shortcodes":76,"cronEvents":83,"entryPointCount":13,"unprotectedCount":20},[33,39,44,49,54,58,62,66,70],{"type":34,"name":35,"callback":36,"file":37,"line":38},"action","elementor\u002Fwidgets\u002Fwidgets_registered","closure","bs_elementor-template.php",516,{"type":34,"name":40,"callback":41,"file":42,"line":43},"vc_before_init","vc_infobox_mapping","bs_vc-template.php",15,{"type":34,"name":45,"callback":46,"file":47,"line":48},"init","bs_banner_TinyMCE_registration","bunnyshortcodes.php",98,{"type":50,"name":51,"callback":52,"file":47,"line":53},"filter","mce_external_plugins","bs_banner_register_tinymce_plugin",106,{"type":50,"name":55,"callback":56,"file":47,"line":57},"mce_buttons","bs_banner_shortcodeonTINYMCE",109,{"type":34,"name":40,"callback":59,"priority":60,"file":47,"line":61},"bs_vcbanner_before_init_actions",1,127,{"type":34,"name":63,"callback":64,"file":47,"line":65},"admin_head","bs_vcbanner_element_style",136,{"type":34,"name":67,"callback":68,"file":47,"line":69},"elementor\u002Finit","bs_elementor_banner_template",163,{"type":34,"name":71,"callback":72,"file":47,"line":73},"wp_enqueue_scripts","bs_banner_shortcode_scripts",165,[],[],[77,81],{"tag":78,"callback":79,"file":42,"line":80},"bs_banner","bs_banner_shortcode",16,{"tag":78,"callback":79,"file":47,"line":82},94,[],{"dangerousFunctions":85,"sqlUsage":86,"outputEscaping":88,"fileOperations":20,"externalRequests":20,"nonceChecks":20,"capabilityChecks":13,"bundledLibraries":355},[],{"prepared":20,"raw":20,"locations":87},[],{"escaped":20,"rawEcho":89,"locations":90},208,[91,94,96,98,100,101,103,105,107,109,111,113,115,117,119,120,121,124,126,127,128,129,130,131,132,135,137,138,139,142,144,145,146,148,149,150,152,153,154,156,157,158,159,160,161,162,164,165,166,168,169,170,171,172,173,175,176,177,179,180,181,182,184,185,186,188,189,190,192,193,194,195,196,197,198,199,200,201,203,205,206,207,208,210,211,212,214,215,216,218,219,220,222,224,225,226,228,229,230,232,233,234,236,237,238,239,240,241,242,243,244,245,246,248,249,250,251,252,253,254,255,256,257,259,261,262,263,264,265,266,267,268,269,271,272,273,274,275,276,277,278,279,280,282,283,284,285,286,287,288,289,290,291,292,294,295,296,297,298,299,300,302,303,304,305,306,307,308,310,311,312,313,314,315,316,317,319,320,321,323,324,325,326,327,328,329,330,331,332,333,336,337,338,339,340,341,342,343,345,346,347,348,349,350,351,352,353,354],{"file":37,"line":92,"context":93},467,"raw output",{"file":37,"line":95,"context":93},468,{"file":37,"line":97,"context":93},472,{"file":37,"line":99,"context":93},475,{"file":37,"line":99,"context":93},{"file":37,"line":102,"context":93},477,{"file":37,"line":104,"context":93},478,{"file":37,"line":106,"context":93},483,{"file":37,"line":108,"context":93},484,{"file":37,"line":110,"context":93},488,{"file":37,"line":112,"context":93},491,{"file":37,"line":114,"context":93},503,{"file":37,"line":116,"context":93},504,{"file":37,"line":118,"context":93},508,{"file":37,"line":118,"context":93},{"file":37,"line":118,"context":93},{"file":122,"line":123,"context":93},"templates\\banner-sample-1.php",26,{"file":122,"line":125,"context":93},28,{"file":122,"line":125,"context":93},{"file":122,"line":125,"context":93},{"file":122,"line":125,"context":93},{"file":122,"line":26,"context":93},{"file":122,"line":26,"context":93},{"file":122,"line":26,"context":93},{"file":133,"line":134,"context":93},"templates\\banner-sample-10.php",14,{"file":133,"line":136,"context":93},18,{"file":133,"line":136,"context":93},{"file":133,"line":136,"context":93},{"file":140,"line":141,"context":93},"templates\\banner-sample-11.php",31,{"file":140,"line":143,"context":93},33,{"file":140,"line":143,"context":93},{"file":140,"line":143,"context":93},{"file":140,"line":147,"context":93},34,{"file":140,"line":147,"context":93},{"file":140,"line":147,"context":93},{"file":140,"line":151,"context":93},36,{"file":140,"line":151,"context":93},{"file":140,"line":151,"context":93},{"file":155,"line":141,"context":93},"templates\\banner-sample-12.php",{"file":155,"line":143,"context":93},{"file":155,"line":143,"context":93},{"file":155,"line":143,"context":93},{"file":155,"line":147,"context":93},{"file":155,"line":147,"context":93},{"file":155,"line":147,"context":93},{"file":155,"line":163,"context":93},35,{"file":155,"line":163,"context":93},{"file":155,"line":163,"context":93},{"file":167,"line":125,"context":93},"templates\\banner-sample-13.php",{"file":167,"line":141,"context":93},{"file":167,"line":147,"context":93},{"file":167,"line":151,"context":93},{"file":167,"line":151,"context":93},{"file":167,"line":151,"context":93},{"file":167,"line":174,"context":93},38,{"file":167,"line":174,"context":93},{"file":167,"line":174,"context":93},{"file":178,"line":141,"context":93},"templates\\banner-sample-14.php",{"file":178,"line":147,"context":93},{"file":178,"line":147,"context":93},{"file":178,"line":147,"context":93},{"file":178,"line":183,"context":93},37,{"file":178,"line":183,"context":93},{"file":178,"line":183,"context":93},{"file":178,"line":187,"context":93},41,{"file":178,"line":187,"context":93},{"file":178,"line":187,"context":93},{"file":191,"line":141,"context":93},"templates\\banner-sample-15.php",{"file":191,"line":143,"context":93},{"file":191,"line":143,"context":93},{"file":191,"line":143,"context":93},{"file":191,"line":143,"context":93},{"file":191,"line":143,"context":93},{"file":191,"line":143,"context":93},{"file":191,"line":163,"context":93},{"file":191,"line":163,"context":93},{"file":191,"line":163,"context":93},{"file":202,"line":151,"context":93},"templates\\banner-sample-16.php",{"file":202,"line":204,"context":93},39,{"file":202,"line":187,"context":93},{"file":202,"line":187,"context":93},{"file":202,"line":187,"context":93},{"file":202,"line":209,"context":93},42,{"file":202,"line":209,"context":93},{"file":202,"line":209,"context":93},{"file":202,"line":213,"context":93},44,{"file":202,"line":213,"context":93},{"file":202,"line":213,"context":93},{"file":217,"line":151,"context":93},"templates\\banner-sample-17.php",{"file":217,"line":204,"context":93},{"file":217,"line":209,"context":93},{"file":217,"line":221,"context":93},45,{"file":217,"line":223,"context":93},47,{"file":217,"line":223,"context":93},{"file":217,"line":223,"context":93},{"file":217,"line":227,"context":93},48,{"file":217,"line":227,"context":93},{"file":217,"line":227,"context":93},{"file":217,"line":231,"context":93},50,{"file":217,"line":231,"context":93},{"file":217,"line":231,"context":93},{"file":235,"line":147,"context":93},"templates\\banner-sample-18.php",{"file":235,"line":183,"context":93},{"file":235,"line":183,"context":93},{"file":235,"line":183,"context":93},{"file":235,"line":174,"context":93},{"file":235,"line":174,"context":93},{"file":235,"line":174,"context":93},{"file":235,"line":174,"context":93},{"file":235,"line":213,"context":93},{"file":235,"line":213,"context":93},{"file":235,"line":213,"context":93},{"file":247,"line":141,"context":93},"templates\\banner-sample-19.php",{"file":247,"line":143,"context":93},{"file":247,"line":143,"context":93},{"file":247,"line":143,"context":93},{"file":247,"line":147,"context":93},{"file":247,"line":147,"context":93},{"file":247,"line":147,"context":93},{"file":247,"line":163,"context":93},{"file":247,"line":163,"context":93},{"file":247,"line":163,"context":93},{"file":258,"line":26,"context":93},"templates\\banner-sample-2.php",{"file":258,"line":260,"context":93},32,{"file":258,"line":260,"context":93},{"file":258,"line":260,"context":93},{"file":258,"line":143,"context":93},{"file":258,"line":143,"context":93},{"file":258,"line":143,"context":93},{"file":258,"line":147,"context":93},{"file":258,"line":147,"context":93},{"file":258,"line":147,"context":93},{"file":270,"line":141,"context":93},"templates\\banner-sample-20.php",{"file":270,"line":143,"context":93},{"file":270,"line":143,"context":93},{"file":270,"line":143,"context":93},{"file":270,"line":147,"context":93},{"file":270,"line":147,"context":93},{"file":270,"line":147,"context":93},{"file":270,"line":151,"context":93},{"file":270,"line":151,"context":93},{"file":270,"line":151,"context":93},{"file":281,"line":147,"context":93},"templates\\banner-sample-3.php",{"file":281,"line":151,"context":93},{"file":281,"line":151,"context":93},{"file":281,"line":151,"context":93},{"file":281,"line":183,"context":93},{"file":281,"line":183,"context":93},{"file":281,"line":183,"context":93},{"file":281,"line":183,"context":93},{"file":281,"line":174,"context":93},{"file":281,"line":174,"context":93},{"file":281,"line":174,"context":93},{"file":293,"line":123,"context":93},"templates\\banner-sample-4.php",{"file":293,"line":125,"context":93},{"file":293,"line":125,"context":93},{"file":293,"line":125,"context":93},{"file":293,"line":26,"context":93},{"file":293,"line":26,"context":93},{"file":293,"line":26,"context":93},{"file":301,"line":123,"context":93},"templates\\banner-sample-5.php",{"file":301,"line":125,"context":93},{"file":301,"line":125,"context":93},{"file":301,"line":125,"context":93},{"file":301,"line":26,"context":93},{"file":301,"line":26,"context":93},{"file":301,"line":26,"context":93},{"file":309,"line":151,"context":93},"templates\\banner-sample-6.php",{"file":309,"line":204,"context":93},{"file":309,"line":187,"context":93},{"file":309,"line":187,"context":93},{"file":309,"line":187,"context":93},{"file":309,"line":187,"context":93},{"file":309,"line":187,"context":93},{"file":309,"line":187,"context":93},{"file":309,"line":318,"context":93},43,{"file":309,"line":318,"context":93},{"file":309,"line":318,"context":93},{"file":322,"line":151,"context":93},"templates\\banner-sample-7.php",{"file":322,"line":204,"context":93},{"file":322,"line":187,"context":93},{"file":322,"line":187,"context":93},{"file":322,"line":187,"context":93},{"file":322,"line":209,"context":93},{"file":322,"line":209,"context":93},{"file":322,"line":209,"context":93},{"file":322,"line":213,"context":93},{"file":322,"line":213,"context":93},{"file":322,"line":213,"context":93},{"file":334,"line":335,"context":93},"templates\\banner-sample-8.php",25,{"file":334,"line":123,"context":93},{"file":334,"line":125,"context":93},{"file":334,"line":125,"context":93},{"file":334,"line":125,"context":93},{"file":334,"line":26,"context":93},{"file":334,"line":26,"context":93},{"file":334,"line":26,"context":93},{"file":344,"line":151,"context":93},"templates\\banner-sample-9.php",{"file":344,"line":204,"context":93},{"file":344,"line":187,"context":93},{"file":344,"line":187,"context":93},{"file":344,"line":187,"context":93},{"file":344,"line":187,"context":93},{"file":344,"line":187,"context":93},{"file":344,"line":187,"context":93},{"file":344,"line":318,"context":93},{"file":344,"line":318,"context":93},{"file":344,"line":318,"context":93},[],[],{"summary":358,"deductions":359},"The \"bs-banners\" plugin v3.6.8 presents a mixed security posture. On the positive side, the plugin exhibits excellent security hygiene by avoiding dangerous functions, performing all SQL queries using prepared statements, and having no recorded vulnerabilities or CVEs. The absence of file operations and external HTTP requests is also a strength. However, a significant concern arises from the complete lack of output escaping, with 0% of 208 outputs being properly sanitized. This is a critical weakness that could lead to cross-site scripting (XSS) vulnerabilities if any user-supplied data is ever rendered directly to the browser.\n\nWhile the attack surface is small (2 shortcodes) and there are no unauthenticated entry points or critical taint flows detected, the lack of output escaping overshadows these positives. The vulnerability history being clean suggests diligent maintenance or a lack of targeted attacks, but it does not negate the inherent risk posed by unescaped output. In conclusion, the plugin demonstrates good practices in critical areas like SQL and vulnerability management, but the failure to implement proper output escaping creates a substantial risk that needs immediate attention.",[360],{"reason":361,"points":43},"0% properly escaped output","2026-03-16T21:11:35.121Z",{"wat":364,"direct":373},{"assetPaths":365,"generatorPatterns":368,"scriptPaths":369,"versionParams":371},[366,367],"\u002Fwp-content\u002Fplugins\u002Fbs-banners\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fbs-banners\u002Fjs\u002Fmain.js",[],[370],"https:\u002F\u002Fstackpath.bootstrapcdn.com\u002Ffont-awesome\u002F4.7.0\u002Fcss\u002Ffont-awesome.min.css",[372],"bs-banners\u002Fcss\u002Fstyle.css?ver=",{"cssClasses":374,"htmlComments":378,"htmlAttributes":379,"restEndpoints":381,"jsGlobals":382,"shortcodeOutput":384},[375,376,377],"bunny-image-class","bunny-banners-shortcodes-container","wpb_element_title",[],[380],"data-vc-shortcode-param-name=\\\"style\\\"",[],[383],"bs_banner_shortcodebtn",[385],"[bs_banner"]