[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuMmMcYVEofSgJ6BEp23KfHIOg-gjCjZ7lL30sz3U9Dw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":49,"analysis":152,"fingerprints":345},"buckets","Buckets","0.3.9","matthewordie","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatthewordie\u002F","\u003Cp>This plugin is designed as a widgets alternative. However it’s uses can be expanded beyond that. It works ok on it’s own, but really flys when paired with the Advanced Custom Fields plugin.\u003C\u002Fp>\n\u003Cp>I was tired of my widgets not migrating properly. On top of not having full control over simple things. So I built this.\u003C\u002Fp>\n\u003Cp>Now you can make a reusable piece of content. Place it right in the middle of another content area. Or even inside another bucket. Additionally you can use the Advanced Custom Fields plugin to create your own sidebars and add new fields to really customize your Buckets.\u003C\u002Fp>\n\u003Cp>You can even create a fully modular site using sidebar areas and just throwing buckets in everywhere!\u003C\u002Fp>\n\u003Cp>This plugin is made for developers who like to make their client’s lives easier (and in turn, their own).\u003C\u002Fp>\n\u003Cp>Documentation is available on google docs: https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1fDhqmtKWTy-0oxTP8GUg7wdhv-VULNoBFkJbLvKNdzo\u002Fedit?usp=sharing\u003C\u002Fp>\n\u003Cp>Please feel free to let me know if you have any questions or feedback!\u003Cbr \u002F>\nYou can view the documentation here: https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1fDhqmtKWTy-0oxTP8GUg7wdhv-VULNoBFkJbLvKNdzo\u002Fedit?usp=sharing\u003C\u002Fp>\n","A widgets alternative that lets you place content anywhere easily.",500,17453,100,4,"2017-09-28T16:13:00.000Z","4.8.28","3.0","",[20,21,4,22,23],"acf","advanced-custom-fields","custom","widgets","http:\u002F\u002Fwww.matthewrestorff.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuckets.zip",63,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-57996","buckets-authenticated-contributor-stored-cross-site-scripting","Buckets \u003C= 0.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Buckets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=0.3.9","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:26:29",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fce9e5b74-dc20-4bb8-884e-bf46d2a484c1?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},30,68,"2026-04-05T00:58:08.055Z",[50,72,87,109,130],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"advanced-custom-fields-widget-area-field","Advanced Custom Fields: Widget Area Field","1.0.0","Dustin Filippini","https:\u002F\u002Fprofiles.wordpress.org\u002Fdustyf\u002F","\u003Cp>Easily add and change Widget Areas on any page template using Advanced Custom Fields and the Advanced Custom Fields: Widget Area Field plugin.  This plugin will add a field with a drop-down selection of all registered Widget Areas in your WordPress installation.  You can select which widget area you would like to display in your template files when using ACF’s get_field and the_field functions.\u003C\u002Fp>\n\u003Cp>As of version 1.0, support for ACF v5 is included.\u003C\u002Fp>\n\u003Ch4>This Plugin Requires Advanced Custom Fields Version 4 or Higher\u003C\u002Fh4>\n\u003Cp>Advanced Custom Fields can be found in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-custom-fields\u002F\" rel=\"ugc\">WordPress Plugin Repository Here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This add-on will work with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced Custom Fields version 4 and up\u003C\u002Fli>\n\u003C\u002Ful>\n","Add-on to Advanced Custom Fields giving you a field to display Widget Areas.",400,13288,96,5,"2014-10-12T01:27:00.000Z","4.0.38","3.4",[20,21,66,67,23],"custom-fields","widget","https:\u002F\u002Fgithub.com\u002Fdustyf\u002Facf-widget-area","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-widget-area-field.zip",85,0,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":13,"num_ratings":27,"last_updated":82,"tested_up_to":83,"requires_at_least":17,"requires_php":18,"tags":84,"homepage":85,"download_link":86,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"advanced-custom-fields-widget","Advanced Custom Fields: Widget","1.0.2","alexvandervegt","https:\u002F\u002Fprofiles.wordpress.org\u002Falexvandervegt\u002F","\u003Cp>For more information, code snippets or to report issues please check the urls below.\u003C\u002Fp>\n\u003Cp>Guide:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.directbasing.com\u002Fresources\u002Fwordpress\u002Fadvanced-custom-fields-widget\u002F\u003C\u002Fp>\n\u003Cp>Issues:\u003Cbr \u002F>\nhttps:\u002F\u002Fbitbucket.org\u002FDirectBasing\u002Fadvanced-custom-fields-widget\u002F\u003C\u002Fp>\n\u003Cp>Note: This plugin is adopted in ACF 5, so it is not required anymore if you are using ACF >= 5.\u003C\u002Fp>\n\u003Cp>Want to know how to use the ACF5 widget functionality? Check our guide!\u003C\u002Fp>\n","A widget that is able to use content from an ACF field group",200,7996,"2016-05-09T21:32:00.000Z","4.3.34",[20,21,67,23],"https:\u002F\u002Fwww.directbasing.com\u002Fresources\u002Fwordpress\u002Fadvanced-custom-fields-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-widget.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":107,"download_link":108,"security_score":13,"vuln_count":71,"unpatched_count":71,"last_vuln_date":36,"fetched_at":29},"acf-content-analysis-for-yoast-seo","ACF Content Analysis for Yoast SEO","3.2","Yoast","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoast\u002F","\u003Cp>This plugin ensures that Yoast SEO analyzes all ACF content including Flexible Content and Repeaters.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002F\" rel=\"nofollow ugc\">Yoast SEO for WordPress\u003C\u002Fa> content and SEO analysis does not take in to account the content of a post’s \u003Ca href=\"http:\u002F\u002Fwww.advancedcustomfields.com\u002F\" rel=\"nofollow ugc\">Advanced Custom Fields\u003C\u002Fa>. This plugin uses the plugin system of Yoast SEO for WordPress to hook into the analyser in order to add ACF content to the SEO analysis.\u003C\u002Fp>\n\u003Cp>This had previously been done by the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-seo-acf-content-analysis\u002F\" rel=\"ugc\">WordPress SEO ACF Content Analysis\u003C\u002Fa> plugin but that no longer works with Yoast 3.0. Kudos to \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fryuheixys\u002F\" rel=\"nofollow ugc\">ryuheixys\u003C\u002Fa>, the author of that plugin, for the original idea.\u003C\u002Fp>\n\u003Cp>This Plugin is compatible with the free ACF 4 Version as well as with the PRO Version 5. Please be aware that it ignores Pro Add-Ons for Version 4. In that case please upgrade to ACF PRO Version 5.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>If you have issues, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYoast\u002Fyoast-acf-analysis\u002Fissues\" rel=\"nofollow ugc\">submit them on GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Previously called Yoast ACF Analysis.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Ch4>Remove specific field from scoring\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\blacklist_name', function ( $blacklist_name ) {\n    $blacklist_name->add( 'my-field-name' );\n    return $blacklist_name;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Remove field type from scoring\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\blacklist_type', function ( $blacklist_type ) {\n    \u002F\u002F text, image etc\n    $blacklist_type->add( 'text' );\n    $blacklist_type->add( 'image' );\n    return $blacklist_type;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Define custom field a specific heading value\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\headlines', function ( $headlines ) {\n    \u002F\u002F value from 1-6, 1=h1, 6=h6\n    $headlines['field_591eb45f2be86'] = 3;\n    return $headlines;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Change refresh rate\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>add_filter( 'Yoast\\WP\\ACF\\refresh_rate', function () {\n    \u002F\u002F Refresh rates in milliseconds\n    return 1000;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n","WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.",100000,2538123,84,34,"2025-12-01T18:33:00.000Z","6.9.4","6.6","7.2.5",[20,21,104,105,106],"analysis","seo","yoast","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Facf-content-analysis-for-yoast-seo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Facf-content-analysis-for-yoast-seo.3.2.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":95,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":100,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":126,"download_link":127,"security_score":128,"vuln_count":27,"unpatched_count":71,"last_vuln_date":129,"fetched_at":29},"advanced-custom-fields-font-awesome","Advanced Custom Fields: Font Awesome Field","5.0.2","Matt Keys","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattkeys\u002F","\u003Cp>Add a \u003Ca href=\"http:\u002F\u002Ffontawesome.com\u002F\" rel=\"nofollow ugc\">Font Awesome\u003C\u002Fa> icon field type to Advanced Custom Fields.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Specify which FontAwesome icon sets to use (Solid, Regular, Light, Thin, Duotone, Duotone Sharp, Brands, and Custom Upload Icons) (Some features only available with FontAwesome 5.x or 6.x icons)\u003C\u002Fli>\n\u003Cli>Create your own custom filtered list of FontAwesome icons to use with your fields. Use different custom icon sets with different fields\u003C\u002Fli>\n\u003Cli>Returns Icon Element, Icon Class, Icon Unicode, or an Object including the element, class, unicode value, and SVG data (if applicable)\u003C\u002Fli>\n\u003Cli>Optionally enqueues Font Awesome in footer where needed (when a FontAwesome field is being used on the page))\u003C\u002Fli>\n\u003Cli>Integrates with the \u003Ca href=\"https:\u002F\u002Fdocs.fontawesome.com\u002Fapis\u002Fgraphql\" rel=\"nofollow ugc\">FontAwesome GraphQL\u003C\u002Fa> for loading your \u003Ca href=\"https:\u002F\u002Fdocs.fontawesome.com\u002Fweb\u002Fsetup\u002Fuse-kit\" rel=\"nofollow ugc\">FontAwesome Kits\u003C\u002Fa>, searching for icons, and loading the latest version of FontAwesome\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: It is recommended to let this plugin enqueue the latest version of Font Awesome on your front-end; or include the latest version yourself using your \u003Ca href=\"https:\u002F\u002Fdocs.fontawesome.com\u002Fweb\u002Fsetup\u002Fuse-kit\" rel=\"nofollow ugc\">FontAwesome Kit\u003C\u002Fa>; so that available icons in the admin area will be displayed properly on your sites front-end.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cp>This ACF field type is compatible with:\u003Cbr \u002F>\n* ACF 5.7+\u003Cbr \u002F>\n* FontAwesome 4.x, 5.x, 6.x and 7.x fonts\u003C\u002Fp>\n\u003Ch3>Optional Configuration\u003C\u002Fh3>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>ACFFA_always_enqueue_fa\u003C\u002Fstrong>: Return true to always enqueue FontAwesome on the frontend, even if no ACF FontAwesome fields are in use on the page. This will enqueue FontAwesome in the header instead of the footer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACFFA_admin_enqueue_fa\u003C\u002Fstrong>: Return false to stop enqueueing FontAwesome in the admin area. Useful if you already have FontAwesome enqueued by some other means.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACFFA_get_icons\u003C\u002Fstrong>: (Applies to FontAwesome 4.x and 5.x icons only) Filter the array of icons and icon details loaded from the database\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACFFA_get_fa_url\u003C\u002Fstrong>: Filter the URL used for enqueuing FontAwesome in the frontend and admin areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACFFA_override_major_version\u003C\u002Fstrong>: Filter to manually set the ‘major’ version of FontAwesome to load (accepts either 4, 5, or 6). NOTE: This filter must be registered before any calls to ACF get_field() function are made.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACFFA_fa_api_key\u003C\u002Fstrong>: Filter to programmatically set the FontAwesome API key.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ACFFA_fa_kit_token\u003C\u002Fstrong>: Filter to programmatically set the FontAwesome kit token.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.",1665691,98,36,"2026-01-09T09:54:00.000Z","3.5","5.6",[20,21,124,125],"font-awesome","fontawesome","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-custom-fields-font-awesome\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-font-awesome.5.0.2.zip",99,"2026-02-18 00:00:00",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":118,"num_ratings":140,"last_updated":141,"tested_up_to":100,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":148,"download_link":149,"security_score":118,"vuln_count":150,"unpatched_count":71,"last_vuln_date":151,"fetched_at":29},"advanced-custom-fields-table-field","Table Field Add-on for ACF and SCF","1.3.34","Johann Heyne","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonua\u002F","\u003Cp>The Table Field plugin is an Add-on and enhances the functionality of the \u003Ca href=\"https:\u002F\u002Fwww.advancedcustomfields.com\" rel=\"nofollow ugc\">Advanced Custom Fields (ACF) plugin\u003C\u002Fa> and the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecure-custom-fields\u002F\" rel=\"ugc\">Secure Custom Fields plugin\u003C\u002Fa> with easy-to-edit tables.\u003C\u002Fp>\n\u003Cp>This plugin requires the \u003Ca href=\"https:\u002F\u002Fwww.advancedcustomfields.com\" rel=\"nofollow ugc\">Advanced Custom Fields plugin\u003C\u002Fa> or the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecure-custom-fields\u002F\" rel=\"ugc\">Secure Custom Fields plugin\u003C\u002Fa>!\u003C\u002Fp>\n\u003Cp>The table field works also with the ACF repeater and flexible field types and supports the \u003Ca href=\"https:\u002F\u002Fwww.advancedcustomfields.com\u002Fblog\u002Facf-5-8-introducing-acf-blocks-for-gutenberg\u002F\" rel=\"nofollow ugc\">ACF Blocks for Gutenberg\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Table Header (Option)\u003C\u002Fli>\n\u003Cli>Table Caption (Option)\u003C\u002Fli>\n\u003Cli>Support for ACF Gutenberg blocks\u003C\u002Fli>\n\u003Cli>Add and remove table columns and rows\u003C\u002Fli>\n\u003Cli>Change order of columns and rows by dragging\u003C\u002Fli>\n\u003Cli>To move to the next cells editor press key: tab\u003C\u002Fli>\n\u003Cli>To move to the previous cells editor press key: shift + tab\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003Cli>German: Deutsch – immer dabei!\u003C\u002Fli>\n\u003Cli>Danish: Dansk – altid der!\u003C\u002Fli>\n\u003Cli>Polish: Polski – zawsze tam jest!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> Please \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fadvanced-custom-fields-table-field\" rel=\"nofollow ugc\">contribute your language\u003C\u002Fa> to the plugin to make it even more useful.\u003C\u002Fp>\n\u003Ch3>PRO\u003C\u002Fh3>\n\u003Cp>There is also a \u003Ca href=\"https:\u002F\u002Fwww.acf-table-field.com\" rel=\"nofollow ugc\">Table Field Pro\u003C\u002Fa> Add-on for the Advanced Custom Fields and Secure Custom Fields plugins.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setup custom default table\u003C\u002Fli>\n\u003Cli>Setup minimum and maximum amount of rows and columns\u003C\u002Fli>\n\u003Cli>Setup style choice for the table and parts of the table\u003C\u002Fli>\n\u003Cli>Restrict table editing functionalities\u003C\u002Fli>\n\u003Cli>Configurable optional WordPress editor for cell content editing\u003C\u002Fli>\n\u003Cli>Table head and foot rows\u003C\u002Fli>\n\u003Cli>Stub column\u003C\u002Fli>\n\u003Cli>Rowspan and colspan\u003C\u002Fli>\n\u003Cli>Improved way for moving rows and columns\u003C\u002Fli>\n\u003Cli>Disable moving individual columns\u003C\u002Fli>\n\u003Cli>Support for REST-API\u003C\u002Fli>\n\u003Cli>Support for WP GraphQL\u003C\u002Fli>\n\u003Cli>Support for third-party plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Pro plugin can run in parallel and you can change an existing field with field type “Table” to the field type “Table Pro” as required.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.acf-table-field.com\" rel=\"nofollow ugc\">to the plugin website\u003C\u002Fa>\u003C\u002Fp>\n","A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.",50000,1080358,59,"2026-02-01T16:56:00.000Z","5.3","7.4",[20,21,145,146,147],"scf","secure-custom-fields","table","https:\u002F\u002Fwww.acf-table-field.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-custom-fields-table-field.1.3.34.zip",2,"2026-01-05 19:00:21",{"attackSurface":153,"codeSignals":229,"taintFlows":293,"riskAssessment":330,"analyzedAt":344},{"hooks":154,"ajaxHandlers":206,"restRoutes":222,"shortcodes":223,"cronEvents":228,"entryPointCount":61,"unprotectedCount":71},[155,161,165,170,175,179,183,187,190,194,198,202],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","init","buckets_init","buckets.php",19,{"type":156,"name":162,"callback":163,"file":159,"line":164},"admin_head","buckets_admin_head",20,{"type":156,"name":166,"callback":167,"priority":168,"file":159,"line":169},"add_meta_boxes","bucket_shortcode_meta_box",10,22,{"type":171,"name":172,"callback":173,"file":159,"line":174},"filter","manage_edit-buckets_columns","bucket_columns",23,{"type":171,"name":176,"callback":177,"priority":168,"file":159,"line":178},"contextual_help","add_bucket_help_tab",24,{"type":156,"name":180,"callback":181,"priority":168,"file":159,"line":182},"manage_buckets_posts_custom_column","bucket_columns_content",25,{"type":156,"name":184,"callback":185,"file":159,"line":186},"acf\u002Finclude_field_types","include_field_types_buckets",185,{"type":156,"name":188,"callback":185,"file":159,"line":189},"acf\u002Fregister_fields",188,{"type":171,"name":191,"callback":192,"file":159,"line":193},"acf\u002Fpre_save_post","buckets_pre_save_post",226,{"type":171,"name":195,"callback":196,"file":159,"line":197},"mce_external_plugins","bucket_add_tinymce_plugin",246,{"type":171,"name":199,"callback":200,"file":159,"line":201},"mce_buttons","bucket_register_tinymce_button",247,{"type":171,"name":203,"callback":203,"priority":168,"file":204,"line":205},"posts_where","fields\\acf-buckets-v4.php",243,[207,213,215,220],{"action":208,"nopriv":209,"callback":210,"hasNonce":211,"hasCapCheck":209,"file":204,"line":212},"acf\u002Ffields\u002Fbuckets\u002Fquery_posts",false,"query_posts",true,44,{"action":208,"nopriv":211,"callback":210,"hasNonce":211,"hasCapCheck":209,"file":204,"line":214},45,{"action":216,"nopriv":209,"callback":217,"hasNonce":211,"hasCapCheck":209,"file":218,"line":219},"acf\u002Ffields\u002Frelationship\u002Fquery","ajax_query","fields\\acf-buckets-v5.php",52,{"action":216,"nopriv":211,"callback":217,"hasNonce":211,"hasCapCheck":209,"file":218,"line":221},53,[],[224],{"tag":225,"callback":226,"file":159,"line":227},"bucket","buckets_shortcode",21,[],{"dangerousFunctions":230,"sqlUsage":231,"outputEscaping":239,"fileOperations":71,"externalRequests":71,"nonceChecks":150,"capabilityChecks":150,"bundledLibraries":288},[],{"prepared":71,"raw":150,"locations":232},[233,236],{"file":234,"line":46,"context":235},"admin\\add_bucket.php","$wpdb->get_var() with variable interpolation",{"file":159,"line":237,"context":238},129,"$wpdb->get_results() with variable interpolation",{"escaped":150,"rawEcho":240,"locations":241},26,[242,245,246,247,249,251,253,255,257,258,259,261,263,265,267,269,271,273,275,277,278,280,281,284,285,286],{"file":243,"line":168,"context":244},"admin\\shortcode.php","raw output",{"file":243,"line":168,"context":244},{"file":159,"line":60,"context":244},{"file":159,"line":248,"context":244},123,{"file":159,"line":250,"context":244},140,{"file":159,"line":252,"context":244},148,{"file":204,"line":254,"context":244},344,{"file":204,"line":256,"context":244},411,{"file":204,"line":256,"context":244},{"file":204,"line":256,"context":244},{"file":204,"line":260,"context":244},415,{"file":204,"line":262,"context":244},425,{"file":204,"line":264,"context":244},527,{"file":204,"line":266,"context":244},540,{"file":204,"line":268,"context":244},570,{"file":218,"line":270,"context":244},299,{"file":218,"line":272,"context":244},495,{"file":218,"line":274,"context":244},506,{"file":218,"line":276,"context":244},538,{"file":218,"line":276,"context":244},{"file":218,"line":279,"context":244},539,{"file":218,"line":266,"context":244},{"file":282,"line":283,"context":244},"js\\tinymce\\bucketshortcode.php",57,{"file":282,"line":283,"context":244},{"file":282,"line":283,"context":244},{"file":287,"line":150,"context":244},"templates\\visual_editor.php",[289],{"name":290,"version":291,"knownCves":292},"TinyMCE","1.0",[],[294,311,321],{"entryPoint":295,"graph":296,"unsanitizedCount":71,"severity":310},"\u003Cacf-buckets-v4> (fields\\acf-buckets-v4.php:0)",{"nodes":297,"edges":308},[298,303],{"id":299,"type":300,"label":301,"file":204,"line":302},"n0","source","$_POST (x3)",158,{"id":304,"type":305,"label":306,"file":204,"line":260,"wp_function":307},"n1","sink","echo() [XSS]","echo",[309],{"from":299,"to":304,"sanitized":211},"low",{"entryPoint":312,"graph":313,"unsanitizedCount":71,"severity":310},"ajax_query (fields\\acf-buckets-v5.php:276)",{"nodes":314,"edges":319},[315,318],{"id":299,"type":300,"label":316,"file":218,"line":317},"$_POST",287,{"id":304,"type":305,"label":306,"file":218,"line":270,"wp_function":307},[320],{"from":299,"to":304,"sanitized":211},{"entryPoint":322,"graph":323,"unsanitizedCount":71,"severity":310},"\u003Cacf-buckets-v5> (fields\\acf-buckets-v5.php:0)",{"nodes":324,"edges":328},[325,327],{"id":299,"type":300,"label":326,"file":218,"line":317},"$_POST (x4)",{"id":304,"type":305,"label":306,"file":218,"line":270,"wp_function":307},[329],{"from":299,"to":304,"sanitized":211},{"summary":331,"deductions":332},"The \"buckets\" plugin v0.3.9 exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices by implementing nonce and capability checks on its entry points and has no identified critical or high severity taint flows. The attack surface, while having some entry points, appears to be protected by authorization checks.  However, significant concerns arise from the static analysis of its code.\n\nThe plugin suffers from a severe lack of output escaping, with only 7% of outputs being properly sanitized. This, combined with the fact that 100% of its SQL queries are not using prepared statements, presents a considerable risk of Cross-Site Scripting (XSS) and SQL Injection vulnerabilities. The vulnerability history reinforces these concerns, with a known medium severity XSS vulnerability that is currently unpatched. This suggests a pattern of potential weaknesses in input validation and output sanitization.  The bundling of an outdated TinyMCE library also adds to the overall risk profile.\n\nIn conclusion, while the plugin has some foundational security measures in place, the extensive lack of output escaping and reliance on raw SQL queries are critical flaws. These, coupled with an existing unpatched vulnerability, indicate that the plugin is susceptible to common web attacks. Immediate attention is required to address the output escaping and SQL query practices, as well as to patch the outstanding CVE.",[333,336,338,341],{"reason":334,"points":335},"Unpatched Medium CVE",15,{"reason":337,"points":168},"Raw SQL queries (100%)",{"reason":339,"points":340},"Low output escaping (7%)",8,{"reason":342,"points":343},"Bundled outdated library (TinyMCE)",3,"2026-03-16T19:35:23.306Z",{"wat":346,"direct":355},{"assetPaths":347,"generatorPatterns":350,"scriptPaths":351,"versionParams":352},[348,349],"\u002Fwp-content\u002Fplugins\u002Fbuckets\u002Fcss\u002Fbuckets.css","\u002Fwp-content\u002Fplugins\u002Fbuckets\u002Fjs\u002Fbuckets.js",[],[349],[353,354],"buckets\u002Fstyle.css?ver=","buckets\u002Fscript.js?ver=",{"cssClasses":356,"htmlComments":359,"htmlAttributes":363,"restEndpoints":366,"jsGlobals":367,"shortcodeOutput":369},[357,358],"bucket_select","bucket_settings",[360,361,362],"\u003C!-- Buckets Shortcode Output -->","\u003C!-- Begin Buckets Shortcode Output -->","\u003C!-- End Buckets Shortcode Output -->",[364,365],"data-bucket-id","data-bucket-title",[],[368],"buckets_ajax_object",[370,371],"\u003Cdiv class=\"buckets_output\">","\u003Cdiv class=\"bucket_title\">"]