[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwJqW-THDm--1DyTsmikQGdUu6P1tkDlWfSNSdlM6k9g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":149,"fingerprints":279},"cc-canadian-mortgage-calculator","CC Canadian Mortgage Calculator","2.1.1","CC","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalculatorscanadaca\u002F","\u003Cp>This simple \u003Ca href=\"https:\u002F\u002Fcalculatorscanada.ca\u002Fmortgage-calculator\u002F\" rel=\"nofollow ugc\">Canadian mortgage calculator\u003C\u002Fa> calculates mortgage monthly payments.\u003C\u002Fp>\n\u003Cp>Calculator is very easy customizable: you can change colour of background, borders and text to match your web site’s theme and change widget title.\u003C\u002Fp>\n\u003Cp>Note: check \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcc-mortgage-calculator\u002F\" rel=\"ugc\">this mortgage calculator plugin\u003C\u002Fa> if you are looking for mortgage calculator for other country then Canada.\u003C\u002Fp>\n","Add a free simple customizable Canadian mortgage calculator to your web site.",100,6525,1,"2025-11-14T10:52:00.000Z","6.8.5","3.0","",[19,20,21,22,23],"canada","mortgage-calculator","shortcode","sidebar","widget","https:\u002F\u002Fcalculatorscanada.ca\u002Fmortgage-calculator-wordpress-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-canadian-mortgage-calculator.2.1.1.zip",99,0,"2025-01-06 16:19:47","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":13},"CVE-2024-11383","cc-canadian-mortgage-calculator-authenticated-contributor-stored-cross-site-scripting","CC Canadian Mortgage Calculator \u003C= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-07 04:21:56",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0654e3c9-106d-4d90-a4e4-9705c36f7564?source=api-prod",{"slug":46,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":11,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"calculatorscanadaca",7,1150,33,88,"2026-04-04T10:42:35.238Z",[53,74,94,111,134],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":16,"requires_php":17,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"disable-author-pages","Disable Author Pages","0.11","Frank Neumann-Staude","https:\u002F\u002Fprofiles.wordpress.org\u002Ffstaude\u002F","\u003Cp>Disable the author pages ( \u002Fauthor=? ) in wordpress and redirect the user to another page.\u003C\u002Fp>\n","Disable the author pages",6000,50618,98,17,"2017-11-28T17:13:00.000Z","4.7.32",[68,69,21,22,70],"page","post","widgets","https:\u002F\u002Fstaude.net\u002Fwordpress\u002Fplugins\u002Fdisable-author-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-author-pages.0.11.zip",85,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":11,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":92,"download_link":93,"security_score":73,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"thinker-sidebar-shortcode","Sidebar Shortcode","1.0.0","thinkerwebdesign","https:\u002F\u002Fprofiles.wordpress.org\u002Fthinkerwebdesign\u002F","\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add sidebars to WP Posts and Pages with shortcodes using a sidebar Name or sidebar ID.\u003C\u002Fli>\n\u003Cli>Add one or more optional custom classes to match your theme styles or custom CSS styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to Use:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Method 1 – (Recommended Use: Add a sidebar using a sidebar Name.)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A sidebar Name can be found in the \u003Ccode>Appearance > Widgets\u003C\u002Fcode> section of your WordPress Admin Area.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example uses:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[sidebar name=\"your-sidebar-name\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar name=\"your-sidebar-name\" class=\"custom-class\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar name=\"your-sidebar-name\" class=\"custom-class-1 custom-class-2 custom-class-3\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Method 2 – (Advanced WP Users: Add a sidebar using a sidebar ID.)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A sidebar ID can be found in your theme’s \u003Ccode>register_sidebar\u003C\u002Fcode> functions, usually in the theme’s \u003Ccode>functions.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example uses:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[sidebar id=\"your-sidebar-id\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar id=\"your-sidebar-id\" class=\"custom-class\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>[sidebar id=\"your-sidebar-id\" class=\"custom-class-1 custom-class-2 custom-class-3\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>General Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The spelling and capitalization of a shortcode Name or ID must exactly match that of the desired sidebar.\u003C\u002Fli>\n\u003Cli>Definition of an active sidebar: An active sidebar is a sidebar that contains widgets.\u003C\u002Fli>\n\u003Cli>A \u003Ccode>[sidebar]\u003C\u002Fcode> shortcode without an active sidebar Name or active sidebar ID displays nothing.\u003C\u002Fli>\n\u003Cli>An active sidebar ID overrides a sidebar Name if both are present in the same shortcode.\u003C\u002Fli>\n\u003Cli>There is no limit to the number of shortcodes that can be used on the same page or post.\u003C\u002Fli>\n\u003Cli>The same sidebar shortcode can be used multiple times on the same page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>HTML Class Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Separate multiple custom classes using a space character. Examples shown in \u003Ccode>Method\u003C\u002Fcode> sections above.\u003C\u002Fli>\n\u003Cli>There is no limit to the number of custom classes that can be used.\u003C\u002Fli>\n\u003Cli>Each custom class must only contain (letter,number,-,_) characters, otherwise all custom classes are omitted.\u003C\u002Fli>\n\u003Cli>The sidebar ID is always added to the HTML class attribute if it contains only (letter,number,-,_) characters.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo:\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.thinkerwebdesign.com\u002Fthinker-sidebar-shortcode-plugin\u002F\" rel=\"nofollow ugc\">Visit Plugin URI\u003C\u002Fa>\u003C\u002Fp>\n","Add sidebars to WordPress posts and pages using shortcodes with a sidebar Name or ID.",1000,8425,3,"2021-12-08T16:00:00.000Z","5.8.13","3.4",[21,22,89,90,91],"sidebar-shortcode","widget-area","widget-area-shortcode","http:\u002F\u002Fwww.thinkerwebdesign.com\u002Fthinker-sidebar-shortcode-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthinker-sidebar-shortcode.zip",{"slug":95,"name":96,"version":6,"author":7,"author_profile":8,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":104,"homepage":107,"download_link":108,"security_score":63,"vuln_count":109,"unpatched_count":27,"last_vuln_date":110,"fetched_at":29},"cc-bmi-calculator","CC BMI Calculator","\u003Cp>This is basic \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator\u003C\u002Fa> for Body Mass Index calculation.\u003Cbr \u002F>\nCalculation can be done in imperial or metric units. Here is \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-chart-men-women-metric\u002F\" rel=\"nofollow ugc\">metric BMI chart\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-chart-men-women-imperial\u002F\" rel=\"nofollow ugc\">imperial BMI chart\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Body Mass Index calculator is for adults only. For kids and youths check these calculators: \u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fgirls-bmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator for 5-19 age girls\u003C\u002Fa> or\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fboys-bmi-calculator\u002F\" rel=\"nofollow ugc\">BMI Calculator for 5-19 age boys\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Calculator is very easy customizable: you can change color of background, borders and text to match your web site’s theme and change widget title, make prefered default unit (imperial or metric).\u003Cbr \u002F>\nIt can be placed on sidebar as widget or incorporated into post or page using shortcode.\u003C\u002Fp>\n","Add a free simple customizable BMI Calculator to your web site.",900,17451,66,4,"2025-11-14T10:48:00.000Z",[105,106,21,22,23],"bmi-calculator","calculator","https:\u002F\u002Fcalculatorsworld.com\u002Fhealth\u002Fbmi-calculator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-bmi-calculator.2.1.1.zip",2,"2025-05-07 00:00:00",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":66,"requires_at_least":124,"requires_php":17,"tags":125,"homepage":130,"download_link":131,"security_score":132,"vuln_count":13,"unpatched_count":13,"last_vuln_date":133,"fetched_at":29},"wp-widgets-shortcode","WordPress Widgets Shortcode","1.0.3","Brajesh Singh","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbrajesh\u002F","\u003Cp>The plugin allows you to embed any WordPress Widget area\u002FDynamic Sidebar to your WordPress posts\u003C\u002Fp>\n\u003Cp>What you can do:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use the shortcode to embed widget areas in posts\u003C\u002Fli>\n\u003Cli>Use the shortcode to embed Widget areas in Pages\u003C\u002Fli>\n\u003Cli>The widgets can be embedded anywhere, at the begining of content, middle, bottom or where ever you want. Just put the shortcode there.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please leave a comment here at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fwordpress\u002Fembed-wordpress-widget-areasdynamic-sidebars-in-posts-or-pages-using-simple-shortcodes\u002F\" title=\"Post about this plugin\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Others\u003C\u002Fh3>\n\u003Cp>For more info, please visit us at \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002F\" title=\"The best place for all BuddyPress based plugins, themes tutorials\" rel=\"nofollow ugc\">BuddyDev.com\u003C\u002Fa>\u003C\u002Fp>\n","Embed any widget area\u002Fdynamic sidebar to your pages\u002Fposts using the shortcode [dynamic-sidebar id='Your Widget Area\u002FSidebar name']",500,17170,90,8,"2016-05-14T08:01:00.000Z","3.5",[126,127,128,129,70],"dynamic-sidebar","embed","embed-widgets","shortcodes","http:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fwp-widgets-shortcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widgets-shortcode.1.0.3.zip",63,"2025-09-22 00:00:00",{"slug":135,"name":136,"version":16,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":11,"num_ratings":109,"last_updated":143,"tested_up_to":66,"requires_at_least":144,"requires_php":17,"tags":145,"homepage":147,"download_link":148,"security_score":73,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"shortcodes-in-sidebar","Shortcodes in Sidebar","Pankaj Anupam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpankajanupam\u002F","\u003Cp>Shortcodes in Sidebar plugin allow shortcodes to execute when used in sidebar text widgets.  All that is needed is to download, install and activate. This is very useful for placing things like contact forms and other shortcode enabled features in sidebars.\u003C\u002Fp>\n","Shortcodes in Sidebar allows shortcodes to execute in sidebars.",400,14783,"2017-02-01T15:24:00.000Z","2.5",[21,129,22,146,70],"sidebars","http:\u002F\u002Fpankajanupam.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcodes-in-sidebar.zip",{"attackSurface":150,"codeSignals":174,"taintFlows":263,"riskAssessment":264,"analyzedAt":278},{"hooks":151,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":173,"entryPointCount":13,"unprotectedCount":27},[152,158,162],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","widgets_init","cc_mortgage_canada_init","cc-mortgage-canada.php",141,{"type":153,"name":159,"callback":160,"file":156,"line":161},"wp_enqueue_scripts","cc_mortgage_canada_scripts",152,{"type":153,"name":163,"callback":164,"file":156,"line":165},"admin_enqueue_scripts","cc_mortgage_canada_admin",161,[],[],[169],{"tag":170,"callback":171,"file":156,"line":172},"cc-mortgage-canada","cc_mortgage_canada_shortcode",174,[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":262},[],{"prepared":27,"raw":27,"locations":177},[],{"escaped":179,"rawEcho":180,"locations":181},22,47,[182,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,220,221,222,223,224,225,227,229,231,233,235,236,238,239,241,242,244,245,247,248,249,250,252,253,255,257,258,260],{"file":183,"line":122,"context":184},"cc-mortgage-canada-layout.php","raw output",{"file":183,"line":186,"context":184},9,{"file":183,"line":188,"context":184},10,{"file":183,"line":190,"context":184},13,{"file":183,"line":192,"context":184},16,{"file":183,"line":194,"context":184},21,{"file":183,"line":196,"context":184},24,{"file":183,"line":198,"context":184},29,{"file":183,"line":200,"context":184},32,{"file":183,"line":202,"context":184},37,{"file":183,"line":204,"context":184},40,{"file":183,"line":206,"context":184},44,{"file":183,"line":208,"context":184},48,{"file":183,"line":210,"context":184},51,{"file":183,"line":212,"context":184},56,{"file":183,"line":214,"context":184},59,{"file":183,"line":216,"context":184},64,{"file":183,"line":218,"context":184},79,{"file":183,"line":218,"context":184},{"file":183,"line":218,"context":184},{"file":183,"line":218,"context":184},{"file":183,"line":218,"context":184},{"file":183,"line":218,"context":184},{"file":183,"line":73,"context":184},{"file":156,"line":226,"context":184},67,{"file":156,"line":228,"context":184},69,{"file":156,"line":230,"context":184},70,{"file":156,"line":232,"context":184},72,{"file":156,"line":234,"context":184},73,{"file":156,"line":218,"context":184},{"file":156,"line":237,"context":184},80,{"file":156,"line":237,"context":184},{"file":156,"line":240,"context":184},82,{"file":156,"line":240,"context":184},{"file":156,"line":243,"context":184},83,{"file":156,"line":73,"context":184},{"file":156,"line":246,"context":184},86,{"file":156,"line":50,"context":184},{"file":156,"line":50,"context":184},{"file":156,"line":121,"context":184},{"file":156,"line":251,"context":184},92,{"file":156,"line":251,"context":184},{"file":156,"line":254,"context":184},94,{"file":156,"line":256,"context":184},96,{"file":156,"line":256,"context":184},{"file":156,"line":259,"context":184},127,{"file":156,"line":261,"context":184},131,[],[],{"summary":265,"deductions":266},"The \"cc-canadian-mortgage-calculator\" plugin v2.1.1 exhibits a mixed security posture.  While the static analysis shows no dangerous functions, raw SQL queries, or external HTTP requests, and the fact that there are no unpatched CVEs is positive, significant concerns remain.  A notable weakness is the low rate of proper output escaping (32%), which indicates a high potential for Cross-Site Scripting (XSS) vulnerabilities, a pattern corroborated by its vulnerability history which lists a past medium severity XSS.  The plugin also lacks nonce and capability checks, and its single shortcode represents an entry point without any authorization checks, further increasing the risk of unauthorized access or execution of actions.  The absence of taint analysis flows, while seemingly positive, could also suggest a lack of comprehensive security testing or a very limited code complexity, rather than a truly secure implementation.  Overall, the plugin has some good practices regarding database interaction and external communication, but the significant lack of output sanitization and authorization checks on its entry points presents a substantial risk.",[267,269,272,274,276],{"reason":268,"points":188},"Low output escaping rate",{"reason":270,"points":271},"Missing capability checks",5,{"reason":273,"points":271},"Missing nonce checks",{"reason":275,"points":271},"Shortcode without auth check",{"reason":277,"points":188},"Past medium CVE (XSS)","2026-03-16T20:34:15.264Z",{"wat":280,"direct":290},{"assetPaths":281,"generatorPatterns":284,"scriptPaths":285,"versionParams":287},[282,283],"\u002Fwp-content\u002Fplugins\u002Fcc-canadian-mortgage-calculator\u002Fcc-mortgage-canada.css","\u002Fwp-content\u002Fplugins\u002Fcc-canadian-mortgage-calculator\u002Fcc-mortgage-canada.js",[],[283,286],"\u002Fwp-content\u002Fplugins\u002Fcc-canadian-mortgage-calculator\u002Fcc-mortgage-canada-admin.js",[288,289],"cc-mortgage-canada.css?ver=2.1.1","cc-mortgage-canada.js?ver=2.1.1",{"cssClasses":291,"htmlComments":293,"htmlAttributes":294,"restEndpoints":301,"jsGlobals":302,"shortcodeOutput":305},[292],"cc-color-field",[],[295,296,297,298,299,300],"data-id","data-currency_symbol","data-dev_credit","data-bg_color","data-border_color","data-text_color",[],[303,304],"jQuery","$J",[]]