[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftr78cQeRK8alsetEpN_qtT2l_ZYVQwU_eX2XPozmrBQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":54,"analysis":151,"fingerprints":205},"christmas-panda","Christmas Panda","1.1.0","pixolette","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixolette\u002F","\u003Cp>Christmas decorations plugin for WordPress. Decorate your WordPress website with Christmas trees, Santa, snowfall or just display a pop-up to remember your visitors that it’s Christmas.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FAXo0mqt1ZNg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Christmas Pop-ups\u003C\u002Fli>\n\u003Cli>Snowfall animations\u003C\u002Fli>\n\u003Cli>Christmas decorations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Admin Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manage decorations\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable snowfall\u003C\u002Fli>\n\u003Cli>Manage popups\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For further information and instructions please see the \u003Ca href=\"https:\u002F\u002Fpixolette.com\u002Fwordpress-plugins\u002Fchristmas-panda\u002F\" rel=\"nofollow ugc\">plugin page\u003C\u002Fa>\u003C\u002Fp>\n","Christmas decorations plugin for WordPress. Decorate your WordPress website with Christmas trees, Santa, snowfall or just display a pop-up to remember …",500,32576,98,15,"2025-03-19T19:26:00.000Z","6.7.5","4.0","",[20,21,22,23,24],"christmas","christmas-decorations","decorations","panda","xmas","https:\u002F\u002Fpixollete.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchristmas-panda.1.1.0.zip",91,1,0,"2025-03-27 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-30842","christmas-panda-cross-site-request-forgery","Christmas Panda \u003C= 1.0.4 - Cross-Site Request Forgery","The Christmas Panda plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-02 14:38:31",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6d5889f0-5e92-4be3-b0fd-ad43311e79b6?source=api-prod",7,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},4,690,90,93,"2026-04-04T21:17:57.070Z",[55,75,95,111,131],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":51,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"snow","Snow","2.0.2","Mitch","https:\u002F\u002Fprofiles.wordpress.org\u002Flowest\u002F","\u003Cp>Let it snow on your WordPress website using Snow. With awesome customizable options, Snow provides you and your visitors the best pixelated snow experience without slowing down your website. You don’t need any coding knowledge to use this plugin.\u003C\u002Fp>\n\u003Ch4>Fully customizable\u003C\u002Fh4>\n\u003Cp>Snow is fully customizable. Change the flake size, color, shadow and a lot more. Dislike the default snowflakes? We got your back. Just upload and use your own snowflake image!\u003C\u002Fp>\n\u003Ch4>Schedule and watch it happen\u003C\u002Fh4>\n\u003Cp>Snow features a special option which allows you to easily schedule the snowfall!\u003C\u002Fp>\n\u003Ch4>Realistic and professional\u003C\u002Fh4>\n\u003Cp>You don’t want unprofessional scripted snow on your site. No, you want the real deal and you’re looking at it right now.\u003C\u002Fp>\n\u003Ch4>Lightweight!\u003C\u002Fh4>\n\u003Cp>Choose from all kinds of options to speed up your website. Who needs a slow website when you have smart technology?\u003C\u002Fp>\n","Professional snow plugin with highly customizable options, no coding knowledge required.",200,20877,13,"2016-12-21T19:51:00.000Z","4.7.32","3.0",[20,56,70,71,24],"snowing","winter","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsnow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnow.zip",85,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":63,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":93,"download_link":94,"security_score":74,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"xmas-decoration","Xmas Decoration","1.3","Mr. Meo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeohen1989\u002F","\u003Cp>Marry Christmas! If you want to refesh your website with new look at Christmas, you’ll love it.\u003C\u002Fp>\n\u003Cp>Like my work?\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fmrmeo89\" rel=\"nofollow ugc\">By me a coffee\u003C\u002Fa>\u003C\u002Fp>\n","Decoration for your website at Christmas.",36098,100,9,"2020-11-30T15:42:00.000Z","5.3.21","3.4",[20,90,91,92,24],"decoration","new-year","noel","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxmas-decoration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmas-decoration.zip",{"slug":96,"name":97,"version":98,"author":7,"author_profile":8,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":29,"num_ratings":29,"last_updated":103,"tested_up_to":104,"requires_at_least":17,"requires_php":18,"tags":105,"homepage":109,"download_link":110,"security_score":74,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"halloween-panda","Halloween Panda","1.0.6","\u003Cp>Halloween decorations plugin for WordPress. Decorate your WordPress website with pumpkins, ghosts, scary carrots, bats or just display a pop-up to remember your visitors that it’s Halloween.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pop-ups\u003C\u002Fli>\n\u003Cli>Monsterfall(like snowfall, but with pumpkins & bats)\u003C\u002Fli>\n\u003Cli>Website decorations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Admin Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manage decorations\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable monsterfall\u003C\u002Fli>\n\u003Cli>Manage popups\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FMxo5Hbvx_Co?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F6XPAbfbHI9c?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>For further information and instructions please see the \u003Ca href=\"https:\u002F\u002Fwp.pixolette.com\u002Fwordpress-plugins\u002Fhalloween-panda\" rel=\"nofollow ugc\">plugin page\u003C\u002Fa>\u003C\u002Fp>\n","Halloween decorations plugin for WordPress. Decorate your WordPress website with pumpkins, ghosts, scary carrots, bats or just display a pop-up to rem …",80,7448,"2020-10-16T19:01:00.000Z","5.5.18",[22,106,107,23,108],"halloween","halloween-decorations","scary","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhalloween-panda\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhalloween-panda.1.0.6.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":121,"num_ratings":49,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":129,"download_link":130,"security_score":74,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"christmas-countdown-clock","Christmas Countdown Clock","1.1","enclick","https:\u002F\u002Fprofiles.wordpress.org\u002Fenclick\u002F","\u003Cp>Christmas countdown clock showing days and hours until Christmas day. Select from several designs, sizes, animations and backgrounds\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select from a range of designs\u003C\u002Fli>\n\u003Cli>Select size, background colours, pictures or animations\u003C\u002Fli>\n\u003Cli>Full range of designs can be seen at \u003Ca href=\"http:\u002F\u002Fmycountdown.org\u002FHoliday\u002FChristmas\u002Fgetwidget\u002F\" title=\"Generate your own Christmas Countdown Clocks\" rel=\"nofollow ugc\">mycountdown.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Christmas countdown clock showing days and hours until Christmas day. Select from several designs, sizes, animations and backgrounds",50,15388,60,"2021-02-18T10:53:00.000Z","5.6.17","1.5",[20,126,127,128,24],"christmas-countdown","christmas-day","flash-christmas-count-down","https:\u002F\u002Fmycountdown.org\u002Fwordpress-countdown-clock-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchristmas-countdown-clock.1.1.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":149,"download_link":150,"security_score":74,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"xmas-lights","Xmas Lights","1.0.3","GraphicEdit","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraphicedit\u002F","\u003Cp>Add nice looking animated Xmas(Christmas) Lights to the top of site.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fgraphicedit.com\u002F\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Add nice looking animated Xmas(Christmas) Lights to the top of site.",40,44779,96,8,"2018-03-24T15:33:00.000Z","4.9.29","4.9.4",[20,147,71,148,24],"christmas-lights","xhristmas-lights","http:\u002F\u002Fgraphicedit.com\u002Fblog\u002Fplugin\u002Fxmas-lights\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmas-lights.zip",{"attackSurface":152,"codeSignals":175,"taintFlows":192,"riskAssessment":193,"analyzedAt":204},{"hooks":153,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":29,"unprotectedCount":29},[154,160,164,168],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","admin_menu","pix_christmas_panda_init_plugin_page","base.php",27,{"type":155,"name":161,"callback":162,"file":158,"line":163},"admin_enqueue_scripts","pix_christmas_panda_admin_enqueue_scripts_and_styles",37,{"type":155,"name":165,"callback":166,"file":158,"line":167},"wp_enqueue_scripts","pix_christmas_panda_enqueue_scripts_and_styles",47,{"type":155,"name":169,"callback":170,"file":158,"line":121},"wp_footer","pix_christmas_panda_template",[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":29,"bundledLibraries":188},[],{"prepared":29,"raw":29,"locations":178},[],{"escaped":180,"rawEcho":181,"locations":182},81,2,[183,187],{"file":184,"line":185,"context":186},"_views\\cp-backend.php",58,"raw output",{"file":184,"line":121,"context":186},[189],{"name":190,"version":38,"knownCves":191},"jQuery",[],[],{"summary":194,"deductions":195},"The 'christmas-panda' v1.1.0 plugin exhibits a generally good security posture based on the provided static analysis. The complete absence of identifiable entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code demonstrates strong defensive programming practices, with all SQL queries utilizing prepared statements and an exceptionally high percentage of outputs being properly escaped. The presence of a nonce check is also a positive indicator of security awareness. The plugin's reliance on jQuery is common, but should be monitored for vulnerabilities within that bundled library.\n\nHowever, the plugin's vulnerability history introduces a notable concern. A single known CVE exists, and although it is currently unpatched, it is categorized as medium severity and was discovered in the future (2025-03-27). While the timing of this CVE is unusual, the presence of any past vulnerability, especially one that was not immediately addressed, warrants attention. The fact that the last vulnerability was a Cross-Site Request Forgery (CSRF) type suggests a potential for insecure direct object references or lack of proper authorization in certain scenarios, although the current code analysis does not reveal any such obvious flaws. The absence of capability checks is also a minor weakness, as it means any user could potentially trigger plugin functionality if an entry point were ever discovered.\n\nIn conclusion, 'christmas-panda' v1.1.0 is strong in its current code implementation regarding attack surface and output sanitization. The primary weakness lies in its historical vulnerability, specifically the existence of a medium-severity CSRF vulnerability. While the data suggests this may be in the future and thus potentially handled by a future patch, it indicates a past security lapse that requires vigilance. The lack of explicit capability checks is a minor area for improvement to further harden the plugin.",[196,199,202],{"reason":197,"points":198},"Medium severity vulnerability detected",10,{"reason":200,"points":201},"Past CSRF vulnerability history",5,{"reason":203,"points":201},"No capability checks on entry points","2026-03-16T19:34:34.864Z",{"wat":206,"direct":221},{"assetPaths":207,"generatorPatterns":213,"scriptPaths":214,"versionParams":215},[208,209,210,211,212],"\u002Fwp-content\u002Fplugins\u002Fchristmas-panda\u002Fassets\u002Fcss\u002Fcp-backend.min.css","\u002Fwp-content\u002Fplugins\u002Fchristmas-panda\u002Fassets\u002Fcss\u002Fcp-frontend.min.css","\u002Fwp-content\u002Fplugins\u002Fchristmas-panda\u002Fassets\u002Fjs\u002Fcp-frontend.min.js","\u002Fwp-content\u002Fplugins\u002Fchristmas-panda\u002Fassets\u002Fjs\u002Fsnowfall.jquery.min.js","\u002Fwp-content\u002Fplugins\u002Fchristmas-panda\u002Fassets\u002Fjs\u002Fjs.cookie.min.js",[],[210,211,212],[216,217,218,219,220],"christmas-panda\u002Fassets\u002Fcss\u002Fcp-backend.min.css?ver=","christmas-panda\u002Fassets\u002Fcss\u002Fcp-frontend.min.css?ver=","christmas-panda\u002Fassets\u002Fjs\u002Fcp-frontend.min.js?ver=","christmas-panda\u002Fassets\u002Fjs\u002Fsnowfall.jquery.min.js?ver=","christmas-panda\u002Fassets\u002Fjs\u002Fjs.cookie.min.js?ver=",{"cssClasses":222,"htmlComments":224,"htmlAttributes":226,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":231},[223],"pix-cp-content-wrapper",[225],"\u003C!-- PixChristmasPanda: Generated by the Christmas Panda plugin -->",[227],"data-cp-options",[],[230],"pix_christmas_panda_options",[]]