[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP28icXI_yjqDa0F8JVi8387K3nVqKz48x4hQN-9Bpz8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":14,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":141,"fingerprints":217},"calais-auto-tagger","WP Calais Auto Tagger","2.0","dangrossman","https:\u002F\u002Fprofiles.wordpress.org\u002Fdangrossman\u002F","\u003Cp>With the Calais Auto Tagger plugin, you’ll never have to think of tags for your posts again. The plugin uses the Open Calais API to perform semantic analysis of your post text and suggest tags for you. Add them to your post with just a click.\u003C\u002Fp>\n","The plugin performs semantic analysis of your posts to suggest tags using Open Calais.",40,31404,100,1,"2015-06-10T21:07:00.000Z","4.2.39","2.7","",[20,21,22,23,24],"semantic","suggest","tagger","tagging","tags","http:\u002F\u002Fwww.dangrossman.info\u002Fwp-calais-auto-tagger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalais-auto-tagger.zip",63,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-32563","wp-calais-auto-tagger-cross-site-request-forgery-to-stored-cross-site-scripting","WP Calais Auto Tagger \u003C= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The WP Calais Auto Tagger plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.0","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-15 13:22:03",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F92474cf6-2ae5-402f-8eb4-853277eac78d?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},3,70,78,30,79,"2026-04-04T13:47:42.753Z",[53,71,85,106,123],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":49,"downloaded":61,"rating":62,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":17,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":70,"vuln_count":62,"unpatched_count":62,"last_vuln_date":36,"fetched_at":29},"yql-auto-tagger","YQL Auto Tagger","1.3.1","freekrai","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreekrai\u002F","\u003Cp>With the YQL Auto Tagger plugin, you’ll never have to think of tags for your posts again. The plugin uses the Yahoo Query Language to perform semantic analysis of your post text and suggest tags for you. Add them to your post with just a click.\u003C\u002Fp>\n\u003Cp>This plugin requires PHP 5 and the cURL library (both of which are available on most web hosts).\u003C\u002Fp>\n\u003Cp>Based on the Open Calais Auto Tagger by Dan Grossman – http:\u002F\u002Fwww.dangrossman.info\u003C\u002Fp>\n","The plugin performs an analysis of your post text and suggests tags for you.",9456,0,"2010-02-02T17:16:00.000Z","2.8.5",[66,67,22,23,24],"semantic-web","semweb","http:\u002F\u002Fwww.rogerstringer.com\u002Fwp-yql-auto-tagger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyql-auto-tagger.zip",85,{"slug":72,"name":73,"version":74,"author":7,"author_profile":8,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":62,"num_ratings":62,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":18,"tags":82,"homepage":83,"download_link":84,"security_score":70,"vuln_count":62,"unpatched_count":62,"last_vuln_date":36,"fetched_at":29},"wp-calais-archive-tagger","WP Calais Archive Tagger","1.5","\u003Cp>The Calais Archive Tagger plugin automatically goes through your archives and tags every post you’ve written. The plugin uses the Open Calais API to perform semantic analysis of your post text and suggest tags. If a post already contains a suggested tag, that tag isn’t added, but other new tags found are. It takes about 5 minutes to tag 200 posts.\u003C\u002Fp>\n\u003Cp>This plugin requires PHP 5 and the cURL library (both of which are available on most web hosts).\u003C\u002Fp>\n\u003Cp>Also see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcalais-auto-tagger\u002F\" rel=\"ugc\">WP Calais Auto Tagger\u003C\u002Fa> for suggesting tags as you write new posts.\u003C\u002Fp>\n","Goes through your archives and adds tags to your posts based on semantic analysis.",10,8873,"2012-02-09T18:26:00.000Z","3.3.2","2.3",[66,67,22,23,24],"http:\u002F\u002Fwww.dangrossman.info\u002Fwp-calais-archive-tagger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-calais-archive-tagger.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":18,"tags":100,"homepage":104,"download_link":105,"security_score":70,"vuln_count":62,"unpatched_count":62,"last_vuln_date":36,"fetched_at":29},"already-existing-tags","Already Existing Tags","2.4","digitalemphasis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalemphasis\u002F","\u003Cp>This plugin detects your ‘already existing tags’ into your post each time you create or edit\u002Fsave one. The found tags will be automatically assigned.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy configuration.\u003C\u002Fli>\n\u003Cli>Allow or block manually added tags; the choice is yours.\u003C\u002Fli>\n\u003Cli>You can choose if the plugin examines the title, the content or both.\u003C\u002Fli>\n\u003Cli>You can activate a filter and select which categories will be affected and which ones will be ignored by the plugin.\u003C\u002Fli>\n\u003Cli>Clean uninstall option: If this option is enabled, the plugin will leave absolutely no traces when uninstalling.\u003C\u002Fli>\n\u003Cli>Visit \u003Ca href=\"https:\u002F\u002Fdigitalemphasis.com\" rel=\"nofollow ugc\">digitalemphasis.com\u003C\u002Fa> for more info.\u003C\u002Fli>\n\u003C\u002Ful>\n","Looks for already existing tags within your posts.",600,11266,92,7,"2021-05-23T12:07:00.000Z","5.7.15","4.0",[101,102,103,23,24],"auto-tagger","auto-tagging","automatic-tags","https:\u002F\u002Fdigitalemphasis.com\u002Fwordpress-plugins\u002Falready-existing-tags\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falready-existing-tags.2.4.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":77,"downloaded":114,"rating":62,"num_ratings":62,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":18,"tags":118,"homepage":18,"download_link":122,"security_score":70,"vuln_count":62,"unpatched_count":62,"last_vuln_date":36,"fetched_at":29},"climate-tagger","Climate Tagger","1.0.3","Aptivate","https:\u002F\u002Fprofiles.wordpress.org\u002Faptivate\u002F","\u003Cp>The Climate Tagger Plugin for WordPress is a simple, FREE and easy-to-use way to\u003Cbr \u002F>\nintegrate the well-known Climate Tagger API into your WordPress site. The\u003Cbr \u002F>\n\u003Ca href=\"api.climatetagger.net\" rel=\"nofollow ugc\">Climate Tagger API\u003C\u002Fa> has been helping knowledge-driven web\u003Cbr \u002F>\nsites better catalogue, categorize, contextualize and connect their data with\u003Cbr \u002F>\nthat from the broader climate knowledge community since 2011. The Climate Tagger\u003Cbr \u002F>\nis backed by an expansive Climate Compatible Development Thesaurus, developed by\u003Cbr \u002F>\nexperts in multiple fields and continuously updated to remain current.\u003C\u002Fp>\n\u003Cp>The tags suggested by the Climate Tagger are displayed in a word cloud, with the\u003Cbr \u002F>\nmost relevant tags appearing larger.\u003C\u002Fp>\n\u003Cp>The plugin is based on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fthoth-suggested-tags\u002F\" rel=\"ugc\">Thoth’s Suggested\u003Cbr \u002F>\nTags\u003C\u002Fa>. More information\u003Cbr \u002F>\nabout the Climate Tagger is available at\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.climatetagger.net\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.climatetagger.net\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faptivate\u002Fclimate-tagger\" rel=\"nofollow ugc\">Follow this project on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin uses \u003Ca href=\"http:\u002F\u002Fwp-cli.org\u002F\" rel=\"nofollow ugc\">wp-cli\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fphpunit.de\u002F\" rel=\"nofollow ugc\">PHPUnit\u003C\u002Fa> for testing.\u003Cbr \u002F>\nThe tests require \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fzenovich\u002Frunkit\" rel=\"nofollow ugc\">runkit\u003C\u002Fa> for mocking functions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Grab the latest source from github:\u003C\u002Fp>\n\u003Cp>$ git clone git@github.com:aptivate\u002Fclimate-tagger.git\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Install \u003Ca href=\"http:\u002F\u002Fwp-cli.org\u002F#install\" rel=\"nofollow ugc\">wp-cli\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>Install \u003Ca href=\"https:\u002F\u002Fphpunit.de\u002F\" rel=\"nofollow ugc\">PHPUnit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Set up runkit:\u003C\u002Fp>\n\u003Cp>$ git clone https:\u002F\u002Fgithub.com\u002Fzenovich\u002Frunkit.git\u003Cbr \u002F>\n$ cd runkit\u003Cbr \u002F>\n$ phpize\u003Cbr \u002F>\n$ .\u002Fconfigure\u003Cbr \u002F>\n$ sudo make install\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Add the following lines to \u003Ccode>\u002Fetc\u002Fphp5\u002Fcli\u002Fphp.ini\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>extension=runkit.so\nrunkit.internal_override=1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\n\u003Cp>Install the test WordPress environment:\u003C\u002Fp>\n\u003Cp>cd climate-tagger\u003Cbr \u002F>\nbash bin\u002Finstall-wp-tests.sh test_db_name db_user ‘db_password’ db_host version\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>where:\u003Cbr \u002F>\n** \u003Ccode>test_db_name\u003C\u002Fcode> is the name for your \u003Cstrong>temporary\u003C\u002Fstrong> test WordPress database\u003Cbr \u002F>\n** \u003Ccode>db_user\u003C\u002Fcode> is the database user name\u003Cbr \u002F>\n** \u003Ccode>db_password\u003C\u002Fcode> is the password\u003Cbr \u002F>\n** \u003Ccode>db_host\u003C\u002Fcode> is the database host (eg \u003Ccode>localhost\u003C\u002Fcode>)\u003Cbr \u002F>\n** \u003Ccode>version\u003C\u002Fcode> is the version of WordPress (eg \u003Ccode>4.2.2\u003C\u002Fcode> or \u003Ccode>latest\u003C\u002Fcode>)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run the tests\u003Cbr \u002F>\nphpunit\u003C\u002Fli>\n\u003C\u002Ful>\n","Suggests tags for your posts based on an experts-vetted climate thesaurus, using the Climate Tagger API",1670,"2016-09-23T11:57:00.000Z","4.6.30","3.7",[107,119,120,121,24],"suggestion","tag-cloud","tag-suggestion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclimate-tagger.1.0.3.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":77,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":16,"requires_at_least":135,"requires_php":18,"tags":136,"homepage":139,"download_link":140,"security_score":70,"vuln_count":62,"unpatched_count":62,"last_vuln_date":36,"fetched_at":29},"mowster-tags","tags.mowster","1.71","mowster","https:\u002F\u002Fprofiles.wordpress.org\u002Fmowster\u002F","\u003Cp>With this plugin, you will be able to use the YQL Yahoo Content Analysis API terms to get suggested tags for your posts.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Just click on \u003Ccode>Fetch tags\u003C\u002Fcode>. Title, content and optional excerpt of your post will be analyzed by Yahoo to find words that may be useful as tags. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It currently works with \u003Ccode>all languages supported by YQL Content Analysis API\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdeveloper.yahoo.com\u002Fcontentanalysis\u002F\" rel=\"nofollow ugc\">Yahoo Content Analysis API\u003C\u002Fa> platform\u003C\u002Fp>\n\u003Ch4>New in version 1.70\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Counter dropdown settings per user, not global\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Portuguese pt-PT\u003C\u002Fli>\n\u003Cli>Spanish es-ES\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>If you have any suggestion or need assistance regarding this plugin, post your query in the support \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmowster-tags\" title=\"Support\" rel=\"ugc\">Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Plugin Site\u003C\u002Fstrong> \u003Ca href=\"http:\u002F\u002Fwordpress.mowster.net\" rel=\"nofollow ugc\">wordpress.mowster.net\u003C\u002Fa> | \u003Cstrong>Credits\u003C\u002Fstrong> \u003Ca href=\"http:\u002F\u002Fjobs.mowster.net\" rel=\"nofollow ugc\">jobs.mowster.net\u003C\u002Fa>\u003C\u002Fp>\n","Tags suggestions using YQL Yahoo Content Analysis API.",5417,60,2,"2015-05-08T23:34:00.000Z","3.0",[137,21,138,23,24],"post","tag","http:\u002F\u002Fwordpress.mowster.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmowster-tags.1.71.zip",{"attackSurface":142,"codeSignals":162,"taintFlows":174,"riskAssessment":200,"analyzedAt":216},{"hooks":143,"ajaxHandlers":154,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":14,"unprotectedCount":14},[144,150],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_menu","calais_init","calais_auto_tagger.php",20,{"type":145,"name":151,"callback":152,"priority":77,"file":148,"line":153},"save_post","calais_savetags",21,[155],{"action":156,"nopriv":157,"callback":156,"hasNonce":157,"hasCapCheck":157,"file":148,"line":158},"calais_gettags",false,22,[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":62,"externalRequests":14,"nonceChecks":62,"capabilityChecks":62,"bundledLibraries":173},[],{"prepared":62,"raw":62,"locations":165},[],{"escaped":62,"rawEcho":133,"locations":167},[168,171],{"file":148,"line":169,"context":170},51,"raw output",{"file":148,"line":172,"context":170},128,[],[175,192],{"entryPoint":176,"graph":177,"unsanitizedCount":14,"severity":191},"calais_conf (calais_auto_tagger.php:109)",{"nodes":178,"edges":189},[179,184],{"id":180,"type":181,"label":182,"file":148,"line":183},"n0","source","$_POST['calais-api-key']",112,{"id":185,"type":186,"label":187,"file":148,"line":183,"wp_function":188},"n1","sink","update_option() [Settings Manipulation]","update_option",[190],{"from":180,"to":185,"sanitized":157},"low",{"entryPoint":193,"graph":194,"unsanitizedCount":14,"severity":191},"\u003Ccalais_auto_tagger> (calais_auto_tagger.php:0)",{"nodes":195,"edges":198},[196,197],{"id":180,"type":181,"label":182,"file":148,"line":183},{"id":185,"type":186,"label":187,"file":148,"line":183,"wp_function":188},[199],{"from":180,"to":185,"sanitized":157},{"summary":201,"deductions":202},"The calais-auto-tagger plugin v2.0 presents a significant security risk due to several critical vulnerabilities identified in the static analysis. The presence of an unprotected AJAX handler is a major concern, as it represents a direct entry point into the plugin's functionality without any authentication or authorization checks. This could be exploited by attackers to perform unauthorized actions. Compounding this, the code analysis indicates a complete lack of output escaping, meaning any data processed or displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks.  While the plugin shows good practices in using prepared statements for SQL queries and avoids file operations, these strengths are overshadowed by the critical weaknesses in its attack surface and output handling. The vulnerability history, including a known unpatched medium-severity CVE related to CSRF, further highlights a pattern of security negligence. This suggests that the plugin has a history of introducing exploitable flaws, and the current version has not addressed all past issues.  Overall, the plugin's security posture is poor, with immediate action required to mitigate the identified risks.",[203,205,208,211,213],{"reason":204,"points":77},"Unprotected AJAX handler",{"reason":206,"points":207},"No output escaping",8,{"reason":209,"points":210},"Missing nonce checks on AJAX",5,{"reason":212,"points":210},"Missing capability checks",{"reason":214,"points":215},"Unpatched CVE (medium severity)",15,"2026-03-16T22:17:06.008Z",{"wat":218,"direct":225},{"assetPaths":219,"generatorPatterns":222,"scriptPaths":223,"versionParams":224},[220,221],"\u002Fwp-content\u002Fplugins\u002Fcalais-auto-tagger\u002Fcalais.css","\u002Fwp-content\u002Fplugins\u002Fcalais-auto-tagger\u002Fcalais.js",[],[221],[],{"cssClasses":226,"htmlComments":227,"htmlAttributes":228,"restEndpoints":230,"jsGlobals":232,"shortcodeOutput":233},[],[],[229],"id=\"calais_taglist\"",[231],"\u002Fwp-json\u002Fcalais_gettags",[156],[]]