[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f317jXiKciUKRfy5DXpJ_s_qX_mM-aVahHVPTvfCRauc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":60,"crawl_stats":38,"alternatives":67,"analysis":161,"fingerprints":358},"cc-bmi-calculator","CC BMI Calculator","2.1.1","CC","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalculatorscanadaca\u002F","\u003Cp>This is basic \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator\u003C\u002Fa> for Body Mass Index calculation.\u003Cbr \u002F>\nCalculation can be done in imperial or metric units. Here is \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-chart-men-women-metric\u002F\" rel=\"nofollow ugc\">metric BMI chart\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-chart-men-women-imperial\u002F\" rel=\"nofollow ugc\">imperial BMI chart\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Body Mass Index calculator is for adults only. For kids and youths check these calculators: \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fgirls-bmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator for 5-19 age girls\u003C\u002Fa> or\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fboys-bmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator for 5-19 age boys\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Calculator is very easy customizable: you can change color of background, borders and text to match your web site’s theme and change widget title, make prefered default unit (imperial or metric).\u003Cbr \u002F>\nIt can be placed on sidebar as widget or incorporated into post or page using shortcode.\u003C\u002Fp>\n","Add a free simple customizable BMI Calculator to your web site.",900,17451,66,4,"2025-11-14T10:48:00.000Z","6.8.5","3.0","",[20,21,22,23,24],"bmi-calculator","calculator","shortcode","sidebar","widget","https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-calculator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-bmi-calculator.2.1.1.zip",98,2,0,"2025-05-07 00:00:00","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-47442","cc-bmi-calculator-authenticated-contributor-stored-cross-site-scripting-2","CC BMI Calculator \u003C= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The CC BMI Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-05-13 14:06:35",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff959289c-ad24-4768-b62d-a9f35a84ea93?source=api-prod",7,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2024-23516","cc-bmi-calculator-authenticated-contributor-stored-cross-site-scripting","CC BMI Calculator \u003C= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The CC BMI Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.0.1","2.1.0","2024-01-30 00:00:00","2024-04-29 17:53:27",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fed0e7717-d9ac-4333-8e79-fc030a410dab?source=api-prod",91,{"slug":61,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},"calculatorscanadaca",1150,100,33,88,"2026-04-04T13:48:23.772Z",[68,83,103,123,146],{"slug":69,"name":70,"version":6,"author":7,"author_profile":8,"description":71,"short_description":72,"active_installs":63,"downloaded":73,"rating":63,"num_ratings":74,"last_updated":75,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":76,"homepage":79,"download_link":80,"security_score":81,"vuln_count":74,"unpatched_count":29,"last_vuln_date":82,"fetched_at":31},"cc-canadian-mortgage-calculator","CC Canadian Mortgage Calculator","\u003Cp>This simple \u003Ca href=\"https:\u002F\u002Fcalculatorscanada.ca\u002Fmortgage-calculator\u002F\" rel=\"nofollow ugc\">Canadian mortgage calculator\u003C\u002Fa> calculates mortgage monthly payments.\u003C\u002Fp>\n\u003Cp>Calculator is very easy customizable: you can change colour of background, borders and text to match your web site’s theme and change widget title.\u003C\u002Fp>\n\u003Cp>Note: check \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcc-mortgage-calculator\u002F\" rel=\"ugc\">this mortgage calculator plugin\u003C\u002Fa> if you are looking for mortgage calculator for other country then Canada.\u003C\u002Fp>\n","Add a free simple customizable Canadian mortgage calculator to your web site.",6525,1,"2025-11-14T10:52:00.000Z",[77,78,22,23,24],"canada","mortgage-calculator","https:\u002F\u002Fcalculatorscanada.ca\u002Fmortgage-calculator-wordpress-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-canadian-mortgage-calculator.2.1.1.zip",99,"2025-01-06 16:19:47",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":27,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":17,"requires_php":18,"tags":96,"homepage":100,"download_link":101,"security_score":102,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"disable-author-pages","Disable Author Pages","0.11","Frank Neumann-Staude","https:\u002F\u002Fprofiles.wordpress.org\u002Ffstaude\u002F","\u003Cp>Disable the author pages ( \u002Fauthor=? ) in wordpress and redirect the user to another page.\u003C\u002Fp>\n","Disable the author pages",6000,50618,17,"2017-11-28T17:13:00.000Z","4.7.32",[97,98,22,23,99],"page","post","widgets","https:\u002F\u002Fstaude.net\u002Fwordpress\u002Fplugins\u002Fdisable-author-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-author-pages.0.11.zip",85,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":63,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":18,"tags":117,"homepage":121,"download_link":122,"security_score":102,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"thinker-sidebar-shortcode","Sidebar Shortcode","1.0.0","thinkerwebdesign","https:\u002F\u002Fprofiles.wordpress.org\u002Fthinkerwebdesign\u002F","\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add sidebars to WP Posts and Pages with shortcodes using a sidebar Name or sidebar ID.\u003C\u002Fli>\n\u003Cli>Add one or more optional custom classes to match your theme styles or custom CSS styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to Use:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Method 1 – (Recommended Use: Add a sidebar using a sidebar Name.)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A sidebar Name can be found in the \u003Ccode>Appearance > Widgets\u003C\u002Fcode> section of your WordPress Admin Area.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example uses:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[sidebar name=\"your-sidebar-name\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar name=\"your-sidebar-name\" class=\"custom-class\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar name=\"your-sidebar-name\" class=\"custom-class-1 custom-class-2 custom-class-3\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Method 2 – (Advanced WP Users: Add a sidebar using a sidebar ID.)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A sidebar ID can be found in your theme’s \u003Ccode>register_sidebar\u003C\u002Fcode> functions, usually in the theme’s \u003Ccode>functions.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example uses:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[sidebar id=\"your-sidebar-id\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar id=\"your-sidebar-id\" class=\"custom-class\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar id=\"your-sidebar-id\" class=\"custom-class-1 custom-class-2 custom-class-3\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>General Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The spelling and capitalization of a shortcode Name or ID must exactly match that of the desired sidebar.\u003C\u002Fli>\n\u003Cli>Definition of an active sidebar: An active sidebar is a sidebar that contains widgets.\u003C\u002Fli>\n\u003Cli>A \u003Ccode>[sidebar]\u003C\u002Fcode> shortcode without an active sidebar Name or active sidebar ID displays nothing.\u003C\u002Fli>\n\u003Cli>An active sidebar ID overrides a sidebar Name if both are present in the same shortcode.\u003C\u002Fli>\n\u003Cli>There is no limit to the number of shortcodes that can be used on the same page or post.\u003C\u002Fli>\n\u003Cli>The same sidebar shortcode can be used multiple times on the same page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>HTML Class Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Separate multiple custom classes using a space character. Examples shown in \u003Ccode>Method\u003C\u002Fcode> sections above.\u003C\u002Fli>\n\u003Cli>There is no limit to the number of custom classes that can be used.\u003C\u002Fli>\n\u003Cli>Each custom class must only contain (letter,number,-,_) characters, otherwise all custom classes are omitted.\u003C\u002Fli>\n\u003Cli>The sidebar ID is always added to the HTML class attribute if it contains only (letter,number,-,_) characters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.thinkerwebdesign.com\u002Fthinker-sidebar-shortcode-plugin\u002F\" rel=\"nofollow ugc\">Visit Plugin URI\u003C\u002Fa>\u003C\u002Fp>\n","Add sidebars to WordPress posts and pages using shortcodes with a sidebar Name or ID.",1000,8425,3,"2021-12-08T16:00:00.000Z","5.8.13","3.4",[22,23,118,119,120],"sidebar-shortcode","widget-area","widget-area-shortcode","http:\u002F\u002Fwww.thinkerwebdesign.com\u002Fthinker-sidebar-shortcode-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthinker-sidebar-shortcode.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":95,"requires_at_least":136,"requires_php":18,"tags":137,"homepage":142,"download_link":143,"security_score":144,"vuln_count":74,"unpatched_count":74,"last_vuln_date":145,"fetched_at":31},"wp-widgets-shortcode","WordPress Widgets Shortcode","1.0.3","Brajesh Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbrajesh\u002F","\u003Cp>The plugin allows you to embed any WordPress Widget area\u002FDynamic Sidebar to your WordPress posts\u003C\u002Fp>\n\u003Cp>What you can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the shortcode to embed widget areas in posts\u003C\u002Fli>\n\u003Cli>Use the shortcode to embed Widget areas in Pages\u003C\u002Fli>\n\u003Cli>The widgets can be embedded anywhere, at the begining of content, middle, bottom or where ever you want. Just put the shortcode there.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please leave a comment here at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fwordpress\u002Fembed-wordpress-widget-areasdynamic-sidebars-in-posts-or-pages-using-simple-shortcodes\u002F\" title=\"Post about this plugin\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Others\u003C\u002Fh3>\n\u003Cp>For more info, please visit us at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002F\" title=\"The best place for all BuddyPress based plugins, themes tutorials\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n","Embed any widget area\u002Fdynamic sidebar to your pages\u002Fposts using the shortcode [dynamic-sidebar id='Your Widget Area\u002FSidebar name']",500,17170,90,8,"2016-05-14T08:01:00.000Z","3.5",[138,139,140,141,99],"dynamic-sidebar","embed","embed-widgets","shortcodes","http:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fwp-widgets-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widgets-shortcode.1.0.3.zip",63,"2025-09-22 00:00:00",{"slug":147,"name":148,"version":17,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":63,"num_ratings":28,"last_updated":155,"tested_up_to":95,"requires_at_least":156,"requires_php":18,"tags":157,"homepage":159,"download_link":160,"security_score":102,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"shortcodes-in-sidebar","Shortcodes in Sidebar","Pankaj Anupam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpankajanupam\u002F","\u003Cp>Shortcodes in Sidebar plugin allow shortcodes to execute when used in sidebar text widgets.  All that is needed is to download, install and activate. This is very useful for placing things like contact forms and other shortcode enabled features in sidebars.\u003C\u002Fp>\n","Shortcodes in Sidebar allows shortcodes to execute in sidebars.",400,14783,"2017-02-01T15:24:00.000Z","2.5",[22,141,23,158,99],"sidebars","http:\u002F\u002Fpankajanupam.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-in-sidebar.zip",{"attackSurface":162,"codeSignals":186,"taintFlows":342,"riskAssessment":343,"analyzedAt":357},{"hooks":163,"ajaxHandlers":178,"restRoutes":179,"shortcodes":180,"cronEvents":185,"entryPointCount":74,"unprotectedCount":29},[164,170,174],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","widgets_init","cc_bmi_calculator_init","cc-bmi-calculator.php",190,{"type":165,"name":171,"callback":172,"file":168,"line":173},"wp_enqueue_scripts","cc_bmi_scripts",202,{"type":165,"name":175,"callback":176,"file":168,"line":177},"admin_enqueue_scripts","cc_bmi_admin",212,[],[],[181],{"tag":182,"callback":183,"file":168,"line":184},"cc-bmi","cc_bmi_shortcode",234,[],{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":190,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":341},[],{"prepared":29,"raw":29,"locations":189},[],{"escaped":191,"rawEcho":192,"locations":193},36,94,[194,198,200,201,203,204,206,207,209,211,213,214,216,218,219,221,223,225,226,228,230,232,234,235,237,238,239,240,242,244,246,248,250,252,254,255,257,259,261,262,264,265,267,269,270,271,273,275,276,278,280,281,282,283,284,286,288,289,290,291,292,294,295,297,298,299,301,303,304,306,308,309,310,312,313,314,315,316,318,320,321,322,323,324,326,328,329,331,332,333,335,337,338,340],{"file":195,"line":196,"context":197},"cc-bmi-calculator-layout.php",34,"raw output",{"file":195,"line":199,"context":197},35,{"file":195,"line":191,"context":197},{"file":195,"line":202,"context":197},40,{"file":195,"line":202,"context":197},{"file":195,"line":205,"context":197},42,{"file":195,"line":205,"context":197},{"file":195,"line":208,"context":197},46,{"file":195,"line":210,"context":197},48,{"file":195,"line":212,"context":197},52,{"file":195,"line":212,"context":197},{"file":195,"line":215,"context":197},53,{"file":195,"line":217,"context":197},58,{"file":195,"line":217,"context":197},{"file":195,"line":220,"context":197},59,{"file":195,"line":222,"context":197},65,{"file":195,"line":224,"context":197},68,{"file":195,"line":224,"context":197},{"file":195,"line":227,"context":197},69,{"file":195,"line":229,"context":197},74,{"file":195,"line":231,"context":197},76,{"file":195,"line":233,"context":197},79,{"file":195,"line":233,"context":197},{"file":195,"line":236,"context":197},80,{"file":195,"line":102,"context":197},{"file":195,"line":65,"context":197},{"file":195,"line":65,"context":197},{"file":195,"line":241,"context":197},89,{"file":195,"line":243,"context":197},96,{"file":195,"line":245,"context":197},97,{"file":195,"line":247,"context":197},104,{"file":195,"line":249,"context":197},107,{"file":195,"line":251,"context":197},112,{"file":195,"line":253,"context":197},135,{"file":195,"line":253,"context":197},{"file":195,"line":256,"context":197},136,{"file":195,"line":258,"context":197},142,{"file":195,"line":260,"context":197},149,{"file":195,"line":260,"context":197},{"file":195,"line":263,"context":197},155,{"file":195,"line":263,"context":197},{"file":195,"line":266,"context":197},159,{"file":195,"line":268,"context":197},164,{"file":195,"line":268,"context":197},{"file":195,"line":268,"context":197},{"file":195,"line":272,"context":197},165,{"file":195,"line":274,"context":197},170,{"file":195,"line":274,"context":197},{"file":168,"line":277,"context":197},55,{"file":168,"line":279,"context":197},56,{"file":168,"line":279,"context":197},{"file":168,"line":220,"context":197},{"file":168,"line":220,"context":197},{"file":168,"line":220,"context":197},{"file":168,"line":285,"context":197},60,{"file":168,"line":287,"context":197},62,{"file":168,"line":222,"context":197},{"file":168,"line":13,"context":197},{"file":168,"line":13,"context":197},{"file":168,"line":13,"context":197},{"file":168,"line":293,"context":197},72,{"file":168,"line":229,"context":197},{"file":168,"line":296,"context":197},75,{"file":168,"line":231,"context":197},{"file":168,"line":231,"context":197},{"file":168,"line":300,"context":197},77,{"file":168,"line":302,"context":197},78,{"file":168,"line":302,"context":197},{"file":168,"line":305,"context":197},81,{"file":168,"line":307,"context":197},83,{"file":168,"line":307,"context":197},{"file":168,"line":102,"context":197},{"file":168,"line":311,"context":197},87,{"file":168,"line":311,"context":197},{"file":168,"line":241,"context":197},{"file":168,"line":59,"context":197},{"file":168,"line":59,"context":197},{"file":168,"line":317,"context":197},93,{"file":168,"line":319,"context":197},95,{"file":168,"line":319,"context":197},{"file":168,"line":245,"context":197},{"file":168,"line":81,"context":197},{"file":168,"line":81,"context":197},{"file":168,"line":325,"context":197},101,{"file":168,"line":327,"context":197},103,{"file":168,"line":327,"context":197},{"file":168,"line":330,"context":197},105,{"file":168,"line":249,"context":197},{"file":168,"line":249,"context":197},{"file":168,"line":334,"context":197},109,{"file":168,"line":336,"context":197},111,{"file":168,"line":336,"context":197},{"file":168,"line":339,"context":197},157,{"file":168,"line":266,"context":197},[],[],{"summary":344,"deductions":345},"The cc-bmi-calculator plugin v2.1.1 exhibits a mixed security posture. On the positive side, the code analysis reveals no dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests. The absence of critical or high-severity taint flows is also a good indicator. However, there are significant areas of concern. A substantial 72% of output is not properly escaped, representing a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the plugin has a history of two medium-severity CVEs, both related to XSS, with the most recent vulnerability recorded in May 2025, indicating a recurring pattern of input sanitization weaknesses. While no unpatched vulnerabilities are currently listed, the past issues combined with the output escaping shortcomings suggest a propensity for XSS flaws that may not have been fully addressed in the current version's sanitization practices. The presence of only one shortcode with no apparent capability checks or nonce checks, while not a large attack surface, becomes a potential entry point if the associated output is indeed vulnerable.",[346,349,352,355],{"reason":347,"points":348},"High percentage of unescaped output",15,{"reason":350,"points":351},"Two medium severity CVEs related to XSS",10,{"reason":353,"points":354},"Shortcode with no apparent capability checks",5,{"reason":356,"points":354},"Shortcode with no apparent nonce checks","2026-03-16T19:16:08.453Z",{"wat":359,"direct":368},{"assetPaths":360,"generatorPatterns":363,"scriptPaths":364,"versionParams":365},[361,362],"\u002Fwp-content\u002Fplugins\u002Fcc-bmi-calculator\u002Fcc-bmi-calculator.css","\u002Fwp-content\u002Fplugins\u002Fcc-bmi-calculator\u002Fcc-bmi-calculator.js",[],[362],[366,367],"cc-bmi-calculator.css?ver=","cc-bmi-calculator.js?ver=",{"cssClasses":369,"htmlComments":372,"htmlAttributes":373,"restEndpoints":384,"jsGlobals":385,"shortcodeOutput":387},[4,370,371],"cc-color-field","cc-bmi-calculator-wrapper",[],[374,375,376,377,378,379,380,381,382,383],"id=\"cc-bmi-calculator-widget-title\"","id=\"cc-bmi-calculator-widget-input-height\"","id=\"cc-bmi-calculator-widget-input-weight\"","id=\"cc-bmi-calculator-widget-input-age\"","id=\"cc-bmi-calculator-widget-input-gender\"","id=\"cc-bmi-calculator-widget-input-unit-system\"","id=\"cc-bmi-calculator-widget-result-area\"","id=\"cc-bmi-calculator-widget-calculator-area\"","id=\"cc-bmi-calculator-widget-input-unit-system-imperial\"","id=\"cc-bmi-calculator-widget-input-unit-system-metric\"",[],[386],"cc_bmi_calculator_ajax_object",[388,389,390],"\u003Cdiv class=\"cc-bmi-calculator-wrapper\">","\u003Cdiv id=\"cc-bmi-calculator-calculator-area\">","\u003Cdiv id=\"cc-bmi-calculator-result-area\">"]